---

- name: "PRELIM | 5.5.2 | 6.2.7 | 6.2.8 | 6.2.20 | Parse /etc/passwd"
  block:
      - name: "PRELIM | 5.5.2 | 6.2.7 | 6.2.8 | 6.2.20 | Parse /etc/passwd"
        command: cat /etc/passwd
        changed_when: no
        check_mode: no
        register: rhel9cis_passwd_file_audit

      - name: "PRELIM | 5.5.2 | 6.2.7 | 6.2.8 | 6.2.20 | Split passwd entries"
        set_fact:
            rhel9cis_passwd: "{{ rhel9cis_passwd_file_audit.stdout_lines | map('regex_replace', ld_passwd_regex, ld_passwd_yaml) | map('from_yaml') | list }}"
        with_items: "{{ rhel9cis_passwd_file_audit.stdout_lines }}"
        vars:
            ld_passwd_regex: >-
                ^(?P<id>[^:]*):(?P<password>[^:]*):(?P<uid>[^:]*):(?P<gid>[^:]*):(?P<gecos>[^:]*):(?P<dir>[^:]*):(?P<shell>[^:]*)
            ld_passwd_yaml: |
                id: >-4
                    \g<id>
                password: >-4
                    \g<password>
                uid: \g<uid>
                gid: \g<gid>
                gecos: >-4
                    \g<gecos>
                dir: >-4
                    \g<dir>
                shell: >-4
                    \g<shell>
  tags:
      - always