From 96854dc5e24d2aa0a2eb3426fb73ce65b2988cbd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <Joerg.Sachse@slub-dresden.de>
Date: Tue, 2 Aug 2022 09:07:02 +0200
Subject: [PATCH] fix: modify users only if they aren't used for the current
 management connection

---
 tasks/create_users_groups.yml | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/tasks/create_users_groups.yml b/tasks/create_users_groups.yml
index 85603de..c6627e9 100644
--- a/tasks/create_users_groups.yml
+++ b/tasks/create_users_groups.yml
@@ -37,15 +37,18 @@
     uid: "{{ item.value.uid }}"
     update_password: on_create
   loop: "{{ human_users | dict2items }}"
-  when: ( item.value.state == "present" )
-  no_log: true
+  when:
+    - item.value.state == "present"
+    - item.key != ansible_user        # we cannot modify the user that is used to make the connection, because the Python process uses it
 
 - name: lock HUMAN users
   ansible.builtin.user:
     name: "{{ item.key }}"
     password_lock: "{{ item.value.password_lock }}"
   loop: "{{ human_users | dict2items }}"
-  when: ( item.value.state == "present" )
+  when:
+    - item.value.state == "present"
+    - item.key != ansible_user        # we cannot modify the user that is used to make the connection, because the Python process uses it
 
 - name: create ROBOT users
   ansible.builtin.user:
@@ -61,12 +64,15 @@
     uid: "{{ item.value.uid }}"
     update_password: on_create
   loop: "{{ robot_users | dict2items }}"
-  when: ( item.value.state == "present" )
-  no_log: true
+  when:
+    - item.value.state == "present"
+    - item.key != ansible_user        # we cannot modify the user that is used to make the connection, because the Python process uses it
 
 - name: lock ROBOT users
   ansible.builtin.user:
     name: "{{ item.key }}"
     password_lock: "{{ item.value.password_lock }}"
   loop: "{{ robot_users | dict2items }}"
-  when: ( item.value.state == "present" )
+  when:
+    - item.value.state == "present"
+    - item.key != ansible_user        # we cannot modify the user that is used to make the connection, because the Python process uses it
-- 
GitLab