Allow password to be null in Scheduled Task for gMSA (#60990)

* Allow password to be null in Scheduled Task for gMSA

* Remove test for removed password validation, linting fixes

lib/ansible/modules/windows/win_scheduled_task.ps1

@@ -686,9 +686,6 @@ if ($null -ne $username -and $null -ne $group) {
     Fail-Json -obj $result -message "username and group can not be set at the same time"
 }
 if ($null -ne $logon_type) {
-    if ($logon_type -eq [TASK_LOGON_TYPE]::TASK_LOGON_PASSWORD -and $null -eq $password) {
-        Fail-Json -obj $result -message "password must be set when logon_type=password"
-    }
     if ($logon_type -eq [TASK_LOGON_TYPE]::TASK_LOGON_S4U -and $null -eq $password) {
         Fail-Json -obj $result -message "password must be set when logon_type=s4u"
     }

lib/ansible/modules/windows/win_scheduled_task.py

@@ -266,9 +266,9 @@ options:
     description:
     - The password for the user account to run the scheduled task as.
     - This is required when running a task without the user being logged in,
-      excluding the builtin service accounts.
+      excluding the builtin service accounts and Group Managed Service Accounts (gMSA).
     - If set, will always result in a change unless C(update_password) is set
-      to C(no) and no othr changes are required for the service.
+      to C(no) and no other changes are required for the service.
     type: str
     version_added: '2.4'
   update_password:
@@ -376,7 +376,7 @@ options:
   priority:
     description:
     - The priority level (0-10) of the task.
-    - When creating a new task the default if C(7).
+    - When creating a new task the default is C(7).
     - See U(https://msdn.microsoft.com/en-us/library/windows/desktop/aa383512.aspx)
       for details on the priority levels.
     type: int
@@ -430,6 +430,9 @@ notes:
 - The option names and structure for actions and triggers of a service follow
   the C(RegisteredTask) naming standard and requirements, it would be useful to
   read up on this guide if coming across any issues U(https://msdn.microsoft.com/en-us/library/windows/desktop/aa382542.aspx).
+- A Group Managed Service Account (gMSA) can be used by setting C(logon_type) to C(password)
+  and omitting the password parameter. For more information on gMSAs,
+  see U(https://techcommunity.microsoft.com/t5/Core-Infrastructure-and-Security/Windows-Server-2012-Group-Managed-Service-Accounts/ba-p/255910)
 seealso:
 - module: win_scheduled_task_stat
 author:
@@ -480,6 +483,12 @@ EXAMPLES = r'''
     username: DOMAIN\User
     logon_type: s4u
 
+- name: Change above task to use a gMSA, where the password is managed automatically
+  win_scheduled_task:
+    name: TaskName2
+    username: DOMAIN\gMsaSvcAcct$
+    logon_type: password
+
 - name: Create task with multiple triggers
   win_scheduled_task:
     name: TriggerTask

test/integration/targets/win_scheduled_task/tasks/failures.yml

@@ -16,14 +16,6 @@
   register: fail_username_and_group
   failed_when: fail_username_and_group.msg != 'username and group can not be set at the same time'
 
-- name: fail logon type password but no password set
-  win_scheduled_task:
-    name: '{{test_scheduled_task_name}}'
-    state: present
-    logon_type: password
-  register: fail_lt_password_not_set
-  failed_when: fail_lt_password_not_set.msg != 'password must be set when logon_type=password'
-
 - name: fail logon type s4u but no password set
   win_scheduled_task:
     name: '{{test_scheduled_task_name}}'