There are two issues here.
- Due to an earlier jira, nagios_web_password had a hard coded default since it wasn't yet specified in the stack.
- If multiple passwords are required in different configurations for the same host group, not all missing passwords are reported to the user
For the first issue the solution is to simply not provide a default value for the nagios_web_password.
For the second issue, needed to fix code that added missing properties to map so that they aren't overridden.