Skip a few unnecessary tasks fro already encrypted pass

ansible-middleware · Oct 21, 2024 · 290d16c · 290d16c
1 parent 3cd380c
commit 290d16c
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/roles/activemq/tasks/mask_password.yml b/roles/activemq/tasks/mask_password.yml
@@ -6,6 +6,8 @@
         existing_user: "{{ existing_users.content | b64decode
                          | regex_search('\\b' + item.user + ' ?= ?ENC\\([0-9]+:([^:]+):([^)]+)\\)', '\\1', '\\2') | default([]) }}"
         mask_pwd: ''
+      when:
+        - not item.password is defined or not item.password is regex('^ENC\\([0-9]{4,}:[^:]+:[^:]+\\)')
 
     - name: Parse passwd for existing user salt
       ansible.builtin.set_fact:
@@ -21,11 +23,16 @@
       register: mask_pwd
       changed_when: false
       no_log: true
-      when: existing_user | length == 0 or hash_password != existing_user[1]
+      when:
+        - not item.password is defined or not item.password is regex('^ENC\\([0-9]{4,}:[^:]+:[^:]+\\)')
+        - existing_user | length == 0 or hash_password != existing_user[1]
 
     - name: Add new masked password to users list
       ansible.builtin.set_fact:
-        masked_users: "{{ masked_users | default([]) + [{ 'user': item.user, 'password': mask_pwd.stdout | regex_search('result: (.+)', '\\1', multiline=true) | first, 'roles': item.roles }] }}"
+        masked_users: "{{ masked_users | default([]) +
+                          [{ 'user': item.user,
+                             'password': mask_pwd.stdout | regex_search('result: (.+)', '\\1', multiline=true) | first,
+                             'roles': item.roles }] }}"
       no_log: true
       when:
         - existing_user | length == 0 or hash_password != existing_user[1]