feat: Allow skipping pwd resets (#227)

* feat: Allow skipping pwd resets * fix: rename fragment * fix: update docs * fix: minor release, not patch * fix: fix test conditions * chore: bump version for release
lowlydba · Feb 10, 2024 · 0cfe344 · 0cfe344
1 parent 1984cd1
commit 0cfe344
Show file tree

Hide file tree

Showing 6 changed files with 47 additions and 3 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -5,6 +5,19 @@ lowlydba.sqlserver Release Notes
 .. contents:: Topics
 
 
+v2.3.0
+======
+
+Release Summary
+---------------
+
+New feature from @OsirisDBA for skipping login password resets!
+
+Minor Changes
+-------------
+
+- Add ability to prevent changing login's password, even if password supplied.
+
 v2.2.3
 ======
 

diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml
@@ -464,3 +464,12 @@ releases:
     - 219-spn-format-fix.yml
     - release-summary-2-2-3.yml
     release_date: '2024-02-07'
+  2.3.0:
+    changes:
+      minor_changes:
+      - Add ability to prevent changing login's password, even if password supplied.
+      release_summary: New feature from @OsirisDBA for skipping login password resets!
+    fragments:
+    - 2-2-4-release-summary.yml
+    - 227-skip-pwd-reset.yml
+    release_date: '2024-02-10'
diff --git a/galaxy.yml b/galaxy.yml
@@ -2,7 +2,7 @@
 
 namespace: lowlydba
 name: sqlserver
-version: 2.2.3
+version: 2.3.0
 readme: README.md
 authors:
   - John McCall (github.com/lowlydba)

diff --git a/plugins/modules/login.ps1 b/plugins/modules/login.ps1
@@ -22,6 +22,7 @@ $spec = @{
         password_policy_enforced = @{type = 'bool'; required = $false }
         password_expiration_enabled = @{type = 'bool'; required = $false }
         sid = @{type = 'str'; required = $false }
+        skip_password_reset = @{type = 'bool'; required = $false; default = $false }
         state = @{type = 'str'; required = $false; default = 'present'; choices = @('present', 'absent') }
     }
 }
@@ -38,6 +39,7 @@ $language = $module.Params.language
 [nullable[bool]]$passwordMustChange = $module.Params.password_must_change
 [nullable[bool]]$passwordExpirationEnabled = $module.Params.password_expiration_enabled
 [nullable[bool]]$passwordPolicyEnforced = $module.Params.password_policy_enforced
+[nullable[bool]]$skip_password_reset = $module.Params.skip_password_reset
 $sid = $module.Params.sid
 $state = $module.Params.state
 $checkMode = $module.CheckMode
@@ -96,12 +98,14 @@ try {
                 $setLoginSplat.add("PasswordMustChange", $true)
             }
         }
-        if ($null -ne $secPassword) {
+        if (($null -ne $secPassword) -and ($skip_password_reset -eq $false)) {
             $setLoginSplat.add("SecurePassword", $secPassword)
+            $changed = $true
         }
 
         # Login already exists
         if ($null -ne $existingLogin) {
+            # Splat login status
             if ($enabled -eq $false) {
                 $disabled = $true
                 $setLoginSplat.add("Disable", $true)
@@ -111,7 +115,7 @@ try {
                 $setLoginSplat.add("Enable", $true)
             }
             # Login needs to be modified
-            if (($changed -eq $true) -or ($disabled -ne $existingLogin.IsDisabled) -or ($secPassword)) {
+            if (($changed -eq $true) -or ($disabled -ne $existingLogin.IsDisabled) -or ($setLoginSplat.ContainsKey("SecurePassword"))) {
                 $output = Set-DbaLogin @setLoginSplat
                 $module.result.changed = $true
             }

diff --git a/plugins/modules/login.py b/plugins/modules/login.py
@@ -61,6 +61,13 @@
     type: str
     required: false
     version_added: '2.1.0'
+  skip_password_reset:
+    description:
+      - Skips the password reset if the login exists and I(password) is set.
+    type: bool
+    required: false
+    default: false
+    version_added: '2.3.0'
 author: "John McCall (@lowlydba)"
 notes:
   - Module will always return changed if a password is supplied.

diff --git a/tests/integration/targets/login/tasks/main.yml b/tests/integration/targets/login/tasks/main.yml
@@ -49,6 +49,17 @@
           - result.data.Name == "{{ login_name }}"
           - result.data.DefaultDatabase == "model"
 
+    - name: Skip pwd reset
+      lowlydba.sqlserver.login:
+        default_database: "model"
+        password: "ItWasA11ADream!"
+        skip_password_reset: true
+        enabled: true
+      register: result
+    - assert:
+        that:
+          - result is not changed
+
     - name: Drop login
       lowlydba.sqlserver.login:
         state: "absent"