diff --git a/plugins/modules/login.ps1 b/plugins/modules/login.ps1 index 4edf5b32..01f8106b 100644 --- a/plugins/modules/login.ps1 +++ b/plugins/modules/login.ps1 @@ -100,7 +100,6 @@ try { } if (($null -ne $secPassword) -and ($skip_password_reset -eq $false)) { $setLoginSplat.add("SecurePassword", $secPassword) - $changed = $true } # Login already exists @@ -114,10 +113,15 @@ try { $disabled = $false $setLoginSplat.add("Enable", $true) } - # Login needs to be modified - if (($changed -eq $true) -or ($disabled -ne $existingLogin.IsDisabled) -or ($setLoginSplat.ContainsKey("SecurePassword"))) { + if ($disabled -ne $existingLogin.IsDisabled) { + $changed = $true + } + # Login needs to be modified (or password *may* be changed) + if (($changed -eq $true) -or ($setLoginSplat.ContainsKey("SecurePassword"))) { $output = Set-DbaLogin @setLoginSplat - $module.result.changed = $true + if (($output.PasswordChanged) -eq $true -or ($changed -eq $true)) { + $module.result.changed = $true + } } } # New login diff --git a/tests/integration/targets/login/tasks/main.yml b/tests/integration/targets/login/tasks/main.yml index da9b6025..e93af0b7 100644 --- a/tests/integration/targets/login/tasks/main.yml +++ b/tests/integration/targets/login/tasks/main.yml @@ -37,6 +37,7 @@ - name: Modify login lowlydba.sqlserver.login: default_database: "model" + password: "new_password" enabled: true register: result - assert: @@ -48,6 +49,21 @@ - result.data.IsDisabled is false - result.data.Name == "{{ login_name }}" - result.data.DefaultDatabase == "model" + - result.data.PasswordChanged is true + + - name: Don't modify login + lowlydba.sqlserver.login: + default_database: "model" + password: "new_password" + enabled: true + register: result + - assert: + that: + - result is not changed + - result.data.PasswordChanged is false + - result.data.IsDisabled is false + - result.data.Name == "{{ login_name }}" + - result.data.DefaultDatabase == "model" - name: Skip pwd reset lowlydba.sqlserver.login: