[rabbitmq_server] Avoid unnecessary password lookup

Avoids a password lookup, when it is not necessary: - When an account specifices a password, no lookup should be made. - When an account is to be removed, no lookup should be made. This makes it possible to override the password without accidentally calling the default password lookup.
cloudscale-ch · Jan 1, 2025 · e3e87ab · e3e87ab
1 parent c382e67
commit e3e87ab
Showing 1 changed file with 14 additions and 5 deletions.
diff --git a/ansible/roles/rabbitmq_server/tasks/main.yml b/ansible/roles/rabbitmq_server/tasks/main.yml
@@ -211,11 +211,20 @@
     write_priv:     '{{ item.write_priv | d(omit) }}'
     state:          '{{ item.state | d("present") }}'
     vhost:          '{{ item.vhost | d(omit) }}'
-    password:       '{{ item.password | d(lookup("password",
-                        secret + "/rabbitmq_server/accounts/"
-                        + (item.user | d(item.name | d(item)))
-                        + "/password length="
-                        + rabbitmq_server__account_password_length)) }}'
+
+    # Avoid a password lookup if the password is defined, or if the account
+    # is meant to be absent (in which case the password is ommitted).
+    password:       '{{ item.password | d(omit) if (
+                            (item.password is defined)
+                            or
+                            (item.state | d("present") == "absent")
+                        ) else lookup("password",
+                          secret + "/rabbitmq_server/accounts/"
+                          + (item.user | d(item.name | d(item)))
+                          + "/password length="
+                          + rabbitmq_server__account_password_length
+                        )
+                    }}'
     tags:           '{{ (((item.tags.split(",") | list)
                           if (item.tags | d() and item.tags is string)
                           else item.tags) | join(","))