From 4b17fda50e1966a580d78206988ee60d75cf19ea Mon Sep 17 00:00:00 2001
From: John McCall <john@lowlydba.com>
Date: Sun, 8 Dec 2024 10:49:08 -0500
Subject: [PATCH] fix: create login properly when skip reset set (#287)

* fix: create login properly when skip reset set

* chore: add release info

* fix: new login still needs pwd
---
 CHANGELOG.rst                                  | 13 +++++++++++++
 changelogs/changelog.yaml                      |  9 +++++++++
 plugins/modules/login.ps1                      | 11 ++++++-----
 tests/integration/targets/login/tasks/main.yml |  1 +
 4 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 09d59d36..815c783c 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -4,6 +4,19 @@ lowlydba.sqlserver Release Notes
 
 .. contents:: Topics
 
+v2.3.5
+======
+
+Release Summary
+---------------
+
+Bugfix for login module when creating new logins.
+
+Bugfixes
+--------
+
+- Fix error that occurred when creating a login with `skip_password_reset` as true. (https://github.com/lowlydba/lowlydba.sqlserver/pull/287)
+
 v2.3.4
 ======
 
diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml
index 160ab72c..a876885b 100644
--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
@@ -514,3 +514,12 @@ releases:
     fragments:
     - 266-restore-warnings.yaml
     release_date: '2024-10-06'
+  2.3.5:
+    changes:
+      bugfixes:
+      - Fix error that occurred when creating a login with `skip_password_reset` as
+        true. (https://github.com/lowlydba/lowlydba.sqlserver/pull/287)
+      release_summary: Bugfix for login module when creating new logins.
+    fragments:
+    - 287-login-bugfix.yml
+    release_date: '2024-12-08'
diff --git a/plugins/modules/login.ps1 b/plugins/modules/login.ps1
index 4edf5b32..7805729d 100644
--- a/plugins/modules/login.ps1
+++ b/plugins/modules/login.ps1
@@ -98,13 +98,14 @@ try {
                 $setLoginSplat.add("PasswordMustChange", $true)
             }
         }
-        if (($null -ne $secPassword) -and ($skip_password_reset -eq $false)) {
-            $setLoginSplat.add("SecurePassword", $secPassword)
-            $changed = $true
-        }
 
         # Login already exists
         if ($null -ne $existingLogin) {
+            if (($null -ne $secPassword) -and ($skip_password_reset -eq $false)) {
+                $setLoginSplat.add("SecurePassword", $secPassword)
+                $changed = $true
+            }
+
             # Splat login status
             if ($enabled -eq $false) {
                 $disabled = $true
@@ -122,6 +123,7 @@ try {
         }
         # New login
         else {
+            $setLoginSplat.add("SecurePassword", $secPassword)
             if ($null -ne $language) {
                 $setLoginSplat.add("Language", $language)
             }
@@ -139,7 +141,6 @@ try {
             $output.PSStandardMembers.DefaultDisplayPropertySet.ReferencedPropertyNames.Add("DefaultDatabase")
             $output.PSStandardMembers.DefaultDisplayPropertySet.ReferencedPropertyNames.Add("Language")
         }
-
     }
 
     if ($null -ne $output) {
diff --git a/tests/integration/targets/login/tasks/main.yml b/tests/integration/targets/login/tasks/main.yml
index da9b6025..6063f691 100644
--- a/tests/integration/targets/login/tasks/main.yml
+++ b/tests/integration/targets/login/tasks/main.yml
@@ -29,6 +29,7 @@
     - name: Create login
       lowlydba.sqlserver.login:
         password_policy_enforced: "{{ password_policy_enforced }}"
+        skip_password_reset: true
       register: result
     - assert:
         that: