user - honor update_password parameter on BusyBox hosts (#65977)

The check for this parameter was missing from BusyBox.modify_user(), resulting in unexpected password changes to existing user accounts.
This commit is contained in:
Sam Doran 2019-12-20 13:09:22 -05:00 committed by GitHub
parent d50fac9905
commit 18130e1419
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 35 additions and 8 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- user - on systems using busybox, honor the ``on_changed`` parameter to prevent unnecessary password changing (https://github.com/ansible/ansible/issues/65711)

View file

@ -2796,8 +2796,7 @@ class BusyBox(User):
self.module.fail_json(name=self.name, msg=err, rc=rc)
# Manage password
if self.password is not None:
if info[1] != self.password:
if self.update_password == 'always' and self.password is not None and info[1] != self.password:
cmd = [self.module.get_bin_path('chpasswd', True)]
cmd.append('--encrypted')
data = '{name}:{password}'.format(name=self.name, password=self.password)

View file

@ -95,6 +95,32 @@
assert:
that: "'warnings' not in test_user_encrypt0"
# https://github.com/ansible/ansible/issues/65711
- name: Test updating password only on creation
user:
name: ansibulluser
password: '*'
update_password: on_create
register: test_user_update_password
- name: Ensure password was not changed
assert:
that:
- test_user_update_password is not changed
- name: Verify password hash for Linux
when: ansible_facts.os_family in ['RedHat', 'Debian', 'Suse']
block:
- name: LINUX | Get shadow entry for ansibulluser
getent:
database: shadow
key: ansibulluser
- name: LINUX | Ensure password hash was not removed
assert:
that:
- getent_shadow['ansibulluser'][1] != '*'
- block:
- name: add an plaintext password for user
user: