1 files changed, 35 insertions, 14 deletions

diff --git a/lib/ansible/modules/debconf.py b/lib/ansible/modules/debconf.py
index 32f0000c..5ff14029 100644
--- a/lib/ansible/modules/debconf.py
+++ b/lib/ansible/modules/debconf.py
@@ -27,13 +27,13 @@ attributes:
         platforms: debian
 notes:
     - This module requires the command line debconf tools.
-    - A number of questions have to be answered (depending on the package).
+    - Several questions have to be answered (depending on the package).
       Use 'debconf-show <package>' on any Debian or derivative with the package
       installed to see questions/settings available.
     - Some distros will always record tasks involving the setting of passwords as changed. This is due to debconf-get-selections masking passwords.
-    - It is highly recommended to add I(no_log=True) to task while handling sensitive information using this module.
+    - It is highly recommended to add C(no_log=True) to the task while handling sensitive information using this module.
     - The debconf module does not reconfigure packages, it just updates the debconf database.
-      An additional step is needed (typically with I(notify) if debconf makes a change)
+      An additional step is needed (typically with C(notify) if debconf makes a change)
       to reconfigure the package and apply the changes.
       debconf is extensively used for pre-seeding configuration prior to installation
       rather than modifying configurations.
@@ -46,7 +46,7 @@ notes:
     - The main issue is that the C(<package>.config reconfigure) step for many packages
       will first reset the debconf database (overriding changes made by this module) by
       checking the on-disk configuration. If this is the case for your package then
-      dpkg-reconfigure will effectively ignore changes  made by debconf.
+      dpkg-reconfigure will effectively ignore changes made by debconf.
     - However as dpkg-reconfigure only executes the C(<package>.config) step if the file
       exists, it is possible to rename it to C(/var/lib/dpkg/info/<package>.config.ignore)
       before executing C(dpkg-reconfigure -f noninteractive <package>) and then restore it.
@@ -69,8 +69,8 @@ options:
   vtype:
     description:
       - The type of the value supplied.
-      - It is highly recommended to add I(no_log=True) to task while specifying I(vtype=password).
-      - C(seen) was added in Ansible 2.2.
+      - It is highly recommended to add C(no_log=True) to task while specifying O(vtype=password).
+      - V(seen) was added in Ansible 2.2.
     type: str
     choices: [ boolean, error, multiselect, note, password, seen, select, string, text, title ]
   value:
@@ -124,10 +124,32 @@ EXAMPLES = r'''
 
 RETURN = r'''#'''
 
-from ansible.module_utils._text import to_text
+from ansible.module_utils.common.text.converters import to_text
 from ansible.module_utils.basic import AnsibleModule
 
 
+def get_password_value(module, pkg, question, vtype):
+    getsel = module.get_bin_path('debconf-get-selections', True)
+    cmd = [getsel]
+    rc, out, err = module.run_command(cmd)
+    if rc != 0:
+        module.fail_json(msg="Failed to get the value '%s' from '%s'" % (question, pkg))
+
+    desired_line = None
+    for line in out.split("\n"):
+        if line.startswith(pkg):
+            desired_line = line
+            break
+
+    if not desired_line:
+        module.fail_json(msg="Failed to find the value '%s' from '%s'" % (question, pkg))
+
+    (dpkg, dquestion, dvtype, dvalue) = desired_line.split()
+    if dquestion == question and dvtype == vtype:
+        return dvalue
+    return ''
+
+
 def get_selections(module, pkg):
     cmd = [module.get_bin_path('debconf-show', True), pkg]
     rc, out, err = module.run_command(' '.join(cmd))
@@ -151,10 +173,7 @@ def set_selection(module, pkg, question, vtype, value, unseen):
         cmd.append('-u')
 
     if vtype == 'boolean':
-        if value == 'True':
-            value = 'true'
-        elif value == 'False':
-            value = 'false'
+        value = value.lower()
     data = ' '.join([pkg, question, vtype, value])
 
     return module.run_command(cmd, data=data)
@@ -193,7 +212,6 @@ def main():
         if question not in prev:
             changed = True
         else:
-
             existing = prev[question]
 
             # ensure we compare booleans supplied to the way debconf sees them (true/false strings)
@@ -201,6 +219,9 @@ def main():
                 value = to_text(value).lower()
                 existing = to_text(prev[question]).lower()
 
+            if vtype == 'password':
+                existing = get_password_value(module, pkg, question, vtype)
+
             if value != existing:
                 changed = True
 
@@ -215,12 +236,12 @@ def main():
             prev = {question: prev[question]}
         else:
             prev[question] = ''
+
+        diff_dict = {}
         if module._diff:
             after = prev.copy()
             after.update(curr)
             diff_dict = {'before': prev, 'after': after}
-        else:
-            diff_dict = {}
 
         module.exit_json(changed=changed, msg=msg, current=curr, previous=prev, diff=diff_dict)