---

- name: "PRELIM | Parse /etc/passwd"
  tags:
    - always
  block:
    - name: "PRELIM | Parse /etc/passwd | Get /etc/password contents"
      ansible.builtin.command: cat /etc/passwd
      changed_when: false
      check_mode: false
      register: prelim_passwd_file_audit

    - name: "PRELIM | Parse /etc/passwd | Split passwd entries"
      ansible.builtin.set_fact:
        ubtu24cis_passwd: "{{ prelim_passwd_file_audit.stdout_lines | map('regex_replace', ld_passwd_regex, ld_passwd_yaml) | map('from_yaml') | list }}"
      vars:
        ld_passwd_regex: >-
            ^(?P<id>[^:]*):(?P<password>[^:]*):(?P<uid>[^:]*):(?P<gid>[^:]*):(?P<gecos>[^:]*):(?P<dir>[^:]*):(?P<shell>[^:]*)
        ld_passwd_yaml: |  # pragma: allowlist secret
          id: >-4
              \g<id>
          password: >-4
              \g<password>
          uid: \g<uid>
          gid: \g<gid>
          gecos: >-4
              \g<gecos>
          dir: >-4
              \g<dir>
          shell: >-4
              \g<shell>