From 3f8bf20d6a399bbfe0e3ea53917eff45d5ea9a1a Mon Sep 17 00:00:00 2001 From: Sam Doran Date: Thu, 13 Nov 2025 09:27:41 -0500 Subject: [PATCH] Use global for lock indicator Only used in the BusyBox class currently to keep the scope of these changes focused. --- lib/ansible/modules/user.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/ansible/modules/user.py b/lib/ansible/modules/user.py index 349555c23e8..a55400aab08 100644 --- a/lib/ansible/modules/user.py +++ b/lib/ansible/modules/user.py @@ -547,6 +547,7 @@ except AttributeError: _HASH_RE = re.compile(r'[^a-zA-Z0-9./=]') +LOCK_INDICATOR = '!' def getspnam(b_name): @@ -3128,8 +3129,7 @@ class BusyBox(User): This method will return '*' at a minimum to avoid creating an enabled account with no password. """ - lock_indicator = '!' - lock = lock_indicator if self.password_lock else '' + lock = LOCK_INDICATOR if self.password_lock else '' # Order of precedence when choosing the password: # 1. password from module parameters @@ -3139,15 +3139,15 @@ class BusyBox(User): if self.password is not None: password = self.password elif current_password: - if current_password == lock_indicator: + if current_password == LOCK_INDICATOR: # Special handling when the password is only a '!' to avoid # unnecessary changes to the password to values like '!!' or '!*'. lock = '' password = current_password - elif current_password.startswith(lock_indicator): + elif current_password.startswith(LOCK_INDICATOR): # Preserve the existing password but unlock the account even if # no password hash was provided in the module parameters. - password = current_password.lstrip(lock_indicator) + password = current_password.lstrip(LOCK_INDICATOR) return f'{lock}{password}'