From 3d0b6670d136185d818fe0719bef88759a9682a2 Mon Sep 17 00:00:00 2001
From: George Bolo <george.bolo@gmail.com>
Date: Mon, 6 Mar 2023 06:07:40 -0500
Subject: [PATCH] fixes #646 - add another condition to getent task (#647)

Signed-off-by: gbolo <george.bolo@gmail.com>
---
 roles/os_hardening/tasks/user_accounts.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/os_hardening/tasks/user_accounts.yml b/roles/os_hardening/tasks/user_accounts.yml
index e2bfe29c..74d16ac7 100644
--- a/roles/os_hardening/tasks/user_accounts.yml
+++ b/roles/os_hardening/tasks/user_accounts.yml
@@ -3,7 +3,9 @@
   ansible.builtin.getent:
     database: passwd
     # creates a dict for each user containing UID/HOMEDIR etc...
-  when: getent_passwd is undefined # skip this task if "getent" has run before
+  # skip this task if getent was run before without specifying a key (single entry)
+  when: getent_passwd is undefined or
+        getent_passwd | length <= 1
 
 - name: Read local linux shadow database
   ansible.builtin.getent: