jumpserver/apps/assets/automations/change_secret/host/linux/main.yml

- hosts: demo
  gather_facts: no
  tasks:
    - name: Test privileged account
      ansible.builtin.ping:
#
#    - name: print variables
#      debug:
#        msg: "Username: {{ account.username }}, Secret: {{ account.secret }}, Secret type: {{ account.secret_type }}"

    - name: Change password
      ansible.builtin.user:
        name: "{{ account.username }}"
        password: "{{ account.secret | password_hash('sha512') }}"
        update_password: always
      when: account.secret_type == "password"

    - name: Change public key
      ansible.builtin.authorized_key:
        user: "{{ account.username }}"
        key: "{{ account.public_key }}"
        state: present
      when: account.secret_type == "public_key"

    - name: Refresh connection
      ansible.builtin.meta: reset_connection

    - name: Verify password
      ansible.builtin.ping:
      become: no
      vars:
        ansible_user: "{{ account.username }}"
        ansible_password: "{{ account.secret }}"
        ansible_become: no