diff options
author | Marc A. Paradise <marc.paradise@gmail.com> | 2022-09-27 16:20:46 -0400 |
---|---|---|
committer | Marc A. Paradise <marc.paradise@gmail.com> | 2022-09-28 10:04:36 -0400 |
commit | 423b31e5731cf8ffa068b4ce13c753efbafdc310 (patch) | |
tree | e0d9831ef43be6d3eccd9145fec903fdd7f3900c | |
parent | dd982bc5014498fe21b03de5d41f881f7a2bbcdb (diff) | |
download | chef-423b31e5731cf8ffa068b4ce13c753efbafdc310.tar.gz |
Allow user providers to declare no support for ruby-shadow
The AIX platform does not support ruby-shadow, but we always attempt to
load it. The load fails on the AIX platform, which later causes our
requirement assertion that `@shadow_lib_ok` be true to fail.
Instead we allow user resource providers to override
`supports_ruby_shadow?` if they do not support it, so that we don't
assert that it is required in those cases. We default the return value
to `true` because most platforms are supported by this gem.
Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
-rw-r--r-- | lib/chef/provider/user.rb | 22 | ||||
-rw-r--r-- | lib/chef/provider/user/aix.rb | 5 | ||||
-rw-r--r-- | spec/unit/provider/user_spec.rb | 30 |
3 files changed, 49 insertions, 8 deletions
diff --git a/lib/chef/provider/user.rb b/lib/chef/provider/user.rb index 2abd7f5f3c..3d18c0df82 100644 --- a/lib/chef/provider/user.rb +++ b/lib/chef/provider/user.rb @@ -72,7 +72,18 @@ class Chef @shadow_lib_ok = false else @shadow_info = Shadow::Passwd.getspnam(new_resource.username) - current_resource.password(@shadow_info.sp_pwdp) if new_resource.password && current_resource.password == "x" + # This conditional remains in place until we can sort out whether we need it. + # Currently removing it causes tests to fail, but that /seems/ to be mocking/setup issues. + # Some notes for context: + # 1. Ruby's ETC.getpwnam makes use of /etc/passwd file (https://github.com/ruby/etc/blob/master/ext/etc/etc.c), + # which returns "x" for a nil password. on AIX it returns a "*" + # (https://www.ibm.com/docs/bg/aix/7.2?topic=passwords-using-etcpasswd-file) + # 2. On AIX platforms ruby_shadow does not work as it does not + # store encrypted passwords in the /etc/passwd file but in /etc/security/passwd file. + # The AIX provider for user currently declares it does not support ruby-shadow. + if new_resource.password && current_resource.password == "x" + current_resource.password(@shadow_info.sp_pwdp) + end end convert_group_name if new_resource.gid @@ -81,6 +92,13 @@ class Chef current_resource end + # An overridable for platforms that do not support ruby shadow. This way we + # can verify that the platform supports ruby shadow before requiring that + # it be available. + def supports_ruby_shadow? + true + end + def load_shadow_options unless @shadow_info.nil? current_resource.inactive(@shadow_info.sp_inact&.to_i) @@ -102,7 +120,7 @@ class Chef a.whyrun "group name #{new_resource.gid} does not exist. This will cause group assignment to fail. Assuming this group will have been created previously." end requirements.assert(:all_actions) do |a| - a.assertion { @shadow_lib_ok } + a.assertion { !supports_ruby_shadow? || @shadow_lib_ok } a.failure_message Chef::Exceptions::MissingLibrary, "You must have ruby-shadow installed for password support!" a.whyrun "ruby-shadow is not installed. Attempts to set user password will cause failure. Assuming that this gem will have been previously installed." \ "Note that user update converge may report false-positive on the basis of mismatched password. " diff --git a/lib/chef/provider/user/aix.rb b/lib/chef/provider/user/aix.rb index 740f9943d3..997bd6bac5 100644 --- a/lib/chef/provider/user/aix.rb +++ b/lib/chef/provider/user/aix.rb @@ -23,6 +23,11 @@ class Chef provides :user, os: "aix" provides :aix_user + # The ruby-shadow gem is not supported on aix. + def supports_ruby_shadow? + false + end + def create_user shell_out!("useradd", universal_options, useradd_options, new_resource.username) add_password diff --git a/spec/unit/provider/user_spec.rb b/spec/unit/provider/user_spec.rb index c8ad656f06..67cb2debf8 100644 --- a/spec/unit/provider/user_spec.rb +++ b/spec/unit/provider/user_spec.rb @@ -178,12 +178,30 @@ describe Chef::Provider::User do end end - it "should fail assertions when ruby-shadow cannot be loaded" do - expect(@provider).to receive(:require).with("shadow") { raise LoadError } - @provider.load_current_resource - @provider.action = :create - @provider.define_resource_requirements - expect { @provider.process_resource_requirements }.to raise_error Chef::Exceptions::MissingLibrary + context "when ruby-shadow is supported on the platform" do + before do + allow(@provider).to receive(:supports_ruby_shadow?).and_return true + end + it "should fail assertions when ruby-shadow cannot be loaded" do + expect(@provider).to receive(:require).with("shadow") { raise LoadError } + @provider.load_current_resource + @provider.action = :create + @provider.define_resource_requirements + expect { @provider.process_resource_requirements }.to raise_error Chef::Exceptions::MissingLibrary + end + end + + context "when ruby-shadow is not supported on the platform" do + before do + allow(@provider).to receive(:supports_ruby_shadow?).and_return false + end + it "should not fail any assertions when ruby-shadow cannot be loaded" do + expect(@provider).to receive(:require).with("shadow") { raise LoadError } + @provider.load_current_resource + @provider.action = :create + @provider.define_resource_requirements + @provider.process_resource_requirements + end end end |