user - honor update_password parameter on BusyBox hosts (#65977)
The check for this parameter was missing from BusyBox.modify_user(), resulting in unexpected password changes to existing user accounts.
This commit is contained in:
parent
d50fac9905
commit
18130e1419
3 changed files with 35 additions and 8 deletions
2
changelogs/fragments/user-alpine-on-changed-fix.yaml
Normal file
2
changelogs/fragments/user-alpine-on-changed-fix.yaml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
bugfixes:
|
||||||
|
- user - on systems using busybox, honor the ``on_changed`` parameter to prevent unnecessary password changing (https://github.com/ansible/ansible/issues/65711)
|
|
@ -2796,8 +2796,7 @@ class BusyBox(User):
|
||||||
self.module.fail_json(name=self.name, msg=err, rc=rc)
|
self.module.fail_json(name=self.name, msg=err, rc=rc)
|
||||||
|
|
||||||
# Manage password
|
# Manage password
|
||||||
if self.password is not None:
|
if self.update_password == 'always' and self.password is not None and info[1] != self.password:
|
||||||
if info[1] != self.password:
|
|
||||||
cmd = [self.module.get_bin_path('chpasswd', True)]
|
cmd = [self.module.get_bin_path('chpasswd', True)]
|
||||||
cmd.append('--encrypted')
|
cmd.append('--encrypted')
|
||||||
data = '{name}:{password}'.format(name=self.name, password=self.password)
|
data = '{name}:{password}'.format(name=self.name, password=self.password)
|
||||||
|
|
|
@ -95,6 +95,32 @@
|
||||||
assert:
|
assert:
|
||||||
that: "'warnings' not in test_user_encrypt0"
|
that: "'warnings' not in test_user_encrypt0"
|
||||||
|
|
||||||
|
# https://github.com/ansible/ansible/issues/65711
|
||||||
|
- name: Test updating password only on creation
|
||||||
|
user:
|
||||||
|
name: ansibulluser
|
||||||
|
password: '*'
|
||||||
|
update_password: on_create
|
||||||
|
register: test_user_update_password
|
||||||
|
|
||||||
|
- name: Ensure password was not changed
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- test_user_update_password is not changed
|
||||||
|
|
||||||
|
- name: Verify password hash for Linux
|
||||||
|
when: ansible_facts.os_family in ['RedHat', 'Debian', 'Suse']
|
||||||
|
block:
|
||||||
|
- name: LINUX | Get shadow entry for ansibulluser
|
||||||
|
getent:
|
||||||
|
database: shadow
|
||||||
|
key: ansibulluser
|
||||||
|
|
||||||
|
- name: LINUX | Ensure password hash was not removed
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- getent_shadow['ansibulluser'][1] != '*'
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: add an plaintext password for user
|
- name: add an plaintext password for user
|
||||||
user:
|
user:
|
||||||
|
|
Loading…
Reference in a new issue