diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/chef/provider/user.rb | 22 | ||||
-rw-r--r-- | lib/chef/provider/user/aix.rb | 5 |
2 files changed, 25 insertions, 2 deletions
diff --git a/lib/chef/provider/user.rb b/lib/chef/provider/user.rb index 2abd7f5f3c..3d18c0df82 100644 --- a/lib/chef/provider/user.rb +++ b/lib/chef/provider/user.rb @@ -72,7 +72,18 @@ class Chef @shadow_lib_ok = false else @shadow_info = Shadow::Passwd.getspnam(new_resource.username) - current_resource.password(@shadow_info.sp_pwdp) if new_resource.password && current_resource.password == "x" + # This conditional remains in place until we can sort out whether we need it. + # Currently removing it causes tests to fail, but that /seems/ to be mocking/setup issues. + # Some notes for context: + # 1. Ruby's ETC.getpwnam makes use of /etc/passwd file (https://github.com/ruby/etc/blob/master/ext/etc/etc.c), + # which returns "x" for a nil password. on AIX it returns a "*" + # (https://www.ibm.com/docs/bg/aix/7.2?topic=passwords-using-etcpasswd-file) + # 2. On AIX platforms ruby_shadow does not work as it does not + # store encrypted passwords in the /etc/passwd file but in /etc/security/passwd file. + # The AIX provider for user currently declares it does not support ruby-shadow. + if new_resource.password && current_resource.password == "x" + current_resource.password(@shadow_info.sp_pwdp) + end end convert_group_name if new_resource.gid @@ -81,6 +92,13 @@ class Chef current_resource end + # An overridable for platforms that do not support ruby shadow. This way we + # can verify that the platform supports ruby shadow before requiring that + # it be available. + def supports_ruby_shadow? + true + end + def load_shadow_options unless @shadow_info.nil? current_resource.inactive(@shadow_info.sp_inact&.to_i) @@ -102,7 +120,7 @@ class Chef a.whyrun "group name #{new_resource.gid} does not exist. This will cause group assignment to fail. Assuming this group will have been created previously." end requirements.assert(:all_actions) do |a| - a.assertion { @shadow_lib_ok } + a.assertion { !supports_ruby_shadow? || @shadow_lib_ok } a.failure_message Chef::Exceptions::MissingLibrary, "You must have ruby-shadow installed for password support!" a.whyrun "ruby-shadow is not installed. Attempts to set user password will cause failure. Assuming that this gem will have been previously installed." \ "Note that user update converge may report false-positive on the basis of mismatched password. " diff --git a/lib/chef/provider/user/aix.rb b/lib/chef/provider/user/aix.rb index 740f9943d3..997bd6bac5 100644 --- a/lib/chef/provider/user/aix.rb +++ b/lib/chef/provider/user/aix.rb @@ -23,6 +23,11 @@ class Chef provides :user, os: "aix" provides :aix_user + # The ruby-shadow gem is not supported on aix. + def supports_ruby_shadow? + false + end + def create_user shell_out!("useradd", universal_options, useradd_options, new_resource.username) add_password |