diff --git a/CHANGELOG.rst b/CHANGELOG.rst index c77cc86b..261bf2e6 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,19 @@ lowlydba.sqlserver Release Notes .. contents:: Topics +v2.3.0 +====== + +Release Summary +--------------- + +New feature from @OsirisDBA for skipping login password resets! + +Minor Changes +------------- + +- Add ability to prevent changing login's password, even if password supplied. + v2.2.3 ====== diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index e5ce81fb..b8e5db22 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -464,3 +464,12 @@ releases: - 219-spn-format-fix.yml - release-summary-2-2-3.yml release_date: '2024-02-07' + 2.3.0: + changes: + minor_changes: + - Add ability to prevent changing login's password, even if password supplied. + release_summary: New feature from @OsirisDBA for skipping login password resets! + fragments: + - 2-2-4-release-summary.yml + - 227-skip-pwd-reset.yml + release_date: '2024-02-10' diff --git a/galaxy.yml b/galaxy.yml index 192dff46..64904509 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -2,7 +2,7 @@ namespace: lowlydba name: sqlserver -version: 2.2.3 +version: 2.3.0 readme: README.md authors: - John McCall (github.com/lowlydba) diff --git a/plugins/modules/login.ps1 b/plugins/modules/login.ps1 index 99128c97..4edf5b32 100644 --- a/plugins/modules/login.ps1 +++ b/plugins/modules/login.ps1 @@ -22,6 +22,7 @@ $spec = @{ password_policy_enforced = @{type = 'bool'; required = $false } password_expiration_enabled = @{type = 'bool'; required = $false } sid = @{type = 'str'; required = $false } + skip_password_reset = @{type = 'bool'; required = $false; default = $false } state = @{type = 'str'; required = $false; default = 'present'; choices = @('present', 'absent') } } } @@ -38,6 +39,7 @@ $language = $module.Params.language [nullable[bool]]$passwordMustChange = $module.Params.password_must_change [nullable[bool]]$passwordExpirationEnabled = $module.Params.password_expiration_enabled [nullable[bool]]$passwordPolicyEnforced = $module.Params.password_policy_enforced +[nullable[bool]]$skip_password_reset = $module.Params.skip_password_reset $sid = $module.Params.sid $state = $module.Params.state $checkMode = $module.CheckMode @@ -96,12 +98,14 @@ try { $setLoginSplat.add("PasswordMustChange", $true) } } - if ($null -ne $secPassword) { + if (($null -ne $secPassword) -and ($skip_password_reset -eq $false)) { $setLoginSplat.add("SecurePassword", $secPassword) + $changed = $true } # Login already exists if ($null -ne $existingLogin) { + # Splat login status if ($enabled -eq $false) { $disabled = $true $setLoginSplat.add("Disable", $true) @@ -111,7 +115,7 @@ try { $setLoginSplat.add("Enable", $true) } # Login needs to be modified - if (($changed -eq $true) -or ($disabled -ne $existingLogin.IsDisabled) -or ($secPassword)) { + if (($changed -eq $true) -or ($disabled -ne $existingLogin.IsDisabled) -or ($setLoginSplat.ContainsKey("SecurePassword"))) { $output = Set-DbaLogin @setLoginSplat $module.result.changed = $true } diff --git a/plugins/modules/login.py b/plugins/modules/login.py index afcd260c..5dfdd467 100644 --- a/plugins/modules/login.py +++ b/plugins/modules/login.py @@ -61,6 +61,13 @@ type: str required: false version_added: '2.1.0' + skip_password_reset: + description: + - Skips the password reset if the login exists and I(password) is set. + type: bool + required: false + default: false + version_added: '2.3.0' author: "John McCall (@lowlydba)" notes: - Module will always return changed if a password is supplied. diff --git a/tests/integration/targets/login/tasks/main.yml b/tests/integration/targets/login/tasks/main.yml index 541c4e72..da9b6025 100644 --- a/tests/integration/targets/login/tasks/main.yml +++ b/tests/integration/targets/login/tasks/main.yml @@ -49,6 +49,17 @@ - result.data.Name == "{{ login_name }}" - result.data.DefaultDatabase == "model" + - name: Skip pwd reset + lowlydba.sqlserver.login: + default_database: "model" + password: "ItWasA11ADream!" + skip_password_reset: true + enabled: true + register: result + - assert: + that: + - result is not changed + - name: Drop login lowlydba.sqlserver.login: state: "absent"