Ansible executes task regardless of conditional

Hi all,
I have this weird thing inside a role, hopefully someone can straighten me out:

My role is a custom made one, which performs Azure vm deployments, supporting both Linux and Windows. The last steps of the role are as follows:

• name: debug
  debug:
  msg: “os_type: {{ os_type }} add_to_inventory: {{ add_to_inventory }}”

• name: Add vm to inventory (Windows)
  when: os_type == “Windows”
  add_host:
  ansible_host: “{{ vm_mgmt_ip }}”
  name: “{{ vm_name }}”
  groups: “{{ add_to_adhoc_group }}”
  ansible_user: “{{ admin_username }}”
  ansible_password: “{{ admin_password }}”
  ansible_port: 5986
  ansible_connection: winrm
  ansible_winrm_server_cert_validation: ignore

• name: Add vm to inventory (Linux)
  when: os_type == “Linux” and add_to_adhoc_group is defined
  add_host:
  ansible_host: “{{ vm_mgmt_ip }}”
  name: “{{ vm_name }}”
  groups: “{{ add_to_adhoc_group }}”
  ansible_user: “{{ admin_username }}”
  ansible_ssh_pass: “{{ admin_password }}”
  ansible_become: yes

My problem is that regardless of the OS, Ansible will execute the “linux” task, here is the output from a run deploying a Windows VM:

TASK [deploy_azurevm : debug] *******************************************
ok: [localhost] => {
“msg”: “os_type: Windows add_to_inventory: internal_ip”
}

TASK [deploy_azurevm : Add vm to inventory (Windows)] *******************
changed: [localhost]

TASK [deploy_azurevm : Add vm to inventory (Linux)] *********************
ERROR! ‘resource_group_name’ is undefined

This used to work, but as I’m constantly updating both the role and the Ansible version I’m unable to track down exactly what changed. Has anyone seen something similar?
Also, the fact that “resource_group_name” is undefined also seems strange to me, the role task shouldn’t care about that variable at all. The only reference to it is how I pass in vars to the role:

I’m just getting more confused by this. I updated my Ansible version to run from devel, this gave me some more info which I totally cannot make sense of:
Here’s the output running from devel:

TASK [deploy_azurevm : Add vm to inventory (Linux)] *********************
ERROR! the field ‘hosts’ has an invalid value, which appears to include a variable that is undefined. The error was: ‘resource_group_name’ is undefined

The error appears to have been in ‘/opt/ansible/playbooks/config.azure/resourcegroupdeployments/TrondTest/site.yml’: line 9, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

• name: Configure VM
  ^ here

The weird thing here, is that the error references the next play in my playbook (that is, after the role has executed). Here’s the whole playbook:

As far as I can see, weird things start happening when using a variable as a target for hosts.
If I do: hosts: just_created things look good, but if I capture that value in a variable instead, things fall to pieces:

hosts: “{{ my_group }}”

This isn’t a pattern I use but I just wonder if you need to ensure that the list of hosts you are creating is held as a list

set_fact:
my_group: “{{ just_created | list }}”

hosts: “{{ my_group }}”
or possibly even

Thanks Jon, I’ll look into this. The group I’m trying to add to is already present in the inventory, not sure if that means anything. I’ll do a bit of digging.

Filed the bug here:
https://github.com/ansible/ansible/issues/16931