From 835027485030c88934b1408933d94bb37d511ce0 Mon Sep 17 00:00:00 2001
From: Julien Petit <julien.petit@transporeon.com>
Date: Fri, 21 Mar 2025 09:57:07 +0100
Subject: [PATCH] Adding option to force refresh of getent_passwd

---
 roles/os_hardening/defaults/main.yml       | 4 ++++
 roles/os_hardening/tasks/user_accounts.yml | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/roles/os_hardening/defaults/main.yml b/roles/os_hardening/defaults/main.yml
index 94712b75..6fce1481 100644
--- a/roles/os_hardening/defaults/main.yml
+++ b/roles/os_hardening/defaults/main.yml
@@ -499,3 +499,7 @@ os_mnt_var_tmp_passno: ""
 # keep .netrc file for users in whitelist
 os_netrc_enabled: true
 os_netrc_whitelist_user: []
+
+# Set to True to force the refresh of user facts
+# Usefull if you are calling this role in a workflow and you need {{ getent_passwd }} to be updated
+os_getent_passwd_force_sync: False
diff --git a/roles/os_hardening/tasks/user_accounts.yml b/roles/os_hardening/tasks/user_accounts.yml
index c139408f..bb4cf9e1 100644
--- a/roles/os_hardening/tasks/user_accounts.yml
+++ b/roles/os_hardening/tasks/user_accounts.yml
@@ -5,7 +5,8 @@
     # creates a dict for each user containing UID/HOMEDIR etc...
   # skip this task if getent was run before without specifying a key (single entry)
   when: getent_passwd is undefined or
-        getent_passwd | length <= 1
+        getent_passwd | length <= 1 or
+        os_getent_passwd_force_sync
 
 - name: Read local linux shadow database
   ansible.builtin.getent: