Only change expiration date if it is different #38885
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ansibot
added
bug
samdoran
force-pushed
the
issue/13235-user-expires
branch
from
f3204f3
to
bc26623
Compare
|
The test |
ansibot
added
needs_revision
|
-label needs_triage |
ansibot
removed
the
needs_triage
|
The test |
samdoran
force-pushed
the
issue/13235-user-expires
branch
from
34d80e1
to
b0a8917
Compare
|
@samdoran, i believe the failing tests are wrong |
|
@bcoca Looks like some tests are incorrect, others are legit. I need to skip for macOS. The failure on CentOS 6 with Python 2.6 is legit: no Also, I need to add expiration change logic for FreeBSD as well. I missed that since I only fixed the method in the User class. Some of the tests, I'm not sure what is triggering the change on the second task run. RHEL7.4/1 for example. |
samdoran
force-pushed
the
issue/13235-user-expires
branch
from
b0a8917
to
d27a333
Compare
bcoca
reviewed
Apr 24, 2018
lib/ansible/modules/system/user.py
Outdated
| @@ -271,6 +270,7 @@ class User(object): | |||
| platform = 'Generic' | |||
| distribution = None | |||
| SHADOWFILE = '/etc/shadow' | |||
| SHADOWFILE_INDEX = 7 | |||
There was a problem hiding this comment.
shadowfile_expire_index? .. just index seems ambiguous and we might need others in future
bcoca
reviewed
Apr 25, 2018
|
|
||
| ## | ||
| that: | ||
| - "not user_test1.results[0]['changed']" |
There was a problem hiding this comment.
the proper test would be is changed
|
@bcoca So the failing tests revealed a couple problems:
So the untidy I'm working on getting this fixed now that I've been able to figure out what's going on (with a ton of help from @mattclay). |
Modify user_info() method to also return the password expiration. Compare current and desired expiration times and only change if they are different.
Skip macOS and use getent module for validating expiration date.
Use separate tasks for verifying expiration date on BSD
calendar.timegm() is the inverse of time.gmtime() and returns a timestamp in UTC not localtime Add tests that change the system timezone away from UTC
samdoran
force-pushed
the
issue/13235-user-expires
branch
from
a831292
to
7b343d2
Compare
|
CI failure in FreeBSD integration tests: https://app.shippable.com/github/ansible/ansible/runs/62723/26/tests The other failures are unrelated to this PR. |
mattclay
added
the
ci_verified
Use DATE_FORMAT when setting expiration date on FreeBSD. Previously the argument passed to -e was an integer of days since epoch when the account will expire which was inserted directly into master.passwd. This value is interpreted as seconds since epoch by the system, meaning the account expiration was actually set to a few hours past epoch. Greatly simply comparing desired and current expiration time by using the first three values of the struct_time tuple rather than doing a whole bunch of manipulations of the seconds since epoch.
|
@bcoca I think I finally got this working. I found a bug in the FreeBSD class. Passing an int to The man pages aren't clear and some of them do say an integer in DAYS or a date string. I switched to using the date string since that seems to behave correctly. |
ansibot
removed
the
ci_verified
ansibot
added
core_review
samdoran
added a commit
to samdoran/ansible
that referenced
this pull request
May 1, 2018
* Only change expiration date if it is different Modify user_info() method to also return the password expiration. Compare current and desired expiration times and only change if they are different. * Improve formatting on user tests * Add integration test for expiration * Add changelog fragment * Improve integration test Skip macOS and use getent module for validating expiration date. * Fix expiration change for FreeBSD * Don't use datetime since the total_seconds method isn't available on CentOS 6 * Use better name for expiration index field Use separate tasks for verifying expiration date on BSD * Use calendar.timegm() rather than time.mktime() calendar.timegm() is the inverse of time.gmtime() and returns a timestamp in UTC not localtime Add tests that change the system timezone away from UTC * Mark tests as destructive and use test for change status * Fix account expiration for FreeBSD Use DATE_FORMAT when setting expiration date on FreeBSD. Previously the argument passed to -e was an integer of days since epoch when the account will expire which was inserted directly into master.passwd. This value is interpreted as seconds since epoch by the system, meaning the account expiration was actually set to a few hours past epoch. Greatly simply comparing desired and current expiration time by using the first three values of the struct_time tuple rather than doing a whole bunch of manipulations of the seconds since epoch. (cherry picked from commit 5a6bdef)
samdoran
added a commit
that referenced
this pull request
May 9, 2018
* Only change expiration date if it is different Modify user_info() method to also return the password expiration. Compare current and desired expiration times and only change if they are different. * Improve formatting on user tests * Add integration test for expiration * Add changelog fragment * Improve integration test Skip macOS and use getent module for validating expiration date. * Fix expiration change for FreeBSD * Don't use datetime since the total_seconds method isn't available on CentOS 6 * Use better name for expiration index field Use separate tasks for verifying expiration date on BSD * Use calendar.timegm() rather than time.mktime() calendar.timegm() is the inverse of time.gmtime() and returns a timestamp in UTC not localtime Add tests that change the system timezone away from UTC * Mark tests as destructive and use test for change status * Fix account expiration for FreeBSD Use DATE_FORMAT when setting expiration date on FreeBSD. Previously the argument passed to -e was an integer of days since epoch when the account will expire which was inserted directly into master.passwd. This value is interpreted as seconds since epoch by the system, meaning the account expiration was actually set to a few hours past epoch. Greatly simply comparing desired and current expiration time by using the first three values of the struct_time tuple rather than doing a whole bunch of manipulations of the seconds since epoch. (cherry picked from commit 5a6bdef)
oolongbrothers
pushed a commit
to oolongbrothers/ansible
that referenced
this pull request
May 12, 2018
* Only change expiration date if it is different Modify user_info() method to also return the password expiration. Compare current and desired expiration times and only change if they are different. * Improve formatting on user tests * Add integration test for expiration * Add changelog fragment * Improve integration test Skip macOS and use getent module for validating expiration date. * Fix expiration change for FreeBSD * Don't use datetime since the total_seconds method isn't available on CentOS 6 * Use better name for expiration index field Use separate tasks for verifying expiration date on BSD * Use calendar.timegm() rather than time.mktime() calendar.timegm() is the inverse of time.gmtime() and returns a timestamp in UTC not localtime Add tests that change the system timezone away from UTC * Mark tests as destructive and use test for change status * Fix account expiration for FreeBSD Use DATE_FORMAT when setting expiration date on FreeBSD. Previously the argument passed to -e was an integer of days since epoch when the account will expire which was inserted directly into master.passwd. This value is interpreted as seconds since epoch by the system, meaning the account expiration was actually set to a few hours past epoch. Greatly simply comparing desired and current expiration time by using the first three values of the struct_time tuple rather than doing a whole bunch of manipulations of the seconds since epoch.
oolongbrothers
pushed a commit
to oolongbrothers/ansible
that referenced
this pull request
May 14, 2018
* Only change expiration date if it is different Modify user_info() method to also return the password expiration. Compare current and desired expiration times and only change if they are different. * Improve formatting on user tests * Add integration test for expiration * Add changelog fragment * Improve integration test Skip macOS and use getent module for validating expiration date. * Fix expiration change for FreeBSD * Don't use datetime since the total_seconds method isn't available on CentOS 6 * Use better name for expiration index field Use separate tasks for verifying expiration date on BSD * Use calendar.timegm() rather than time.mktime() calendar.timegm() is the inverse of time.gmtime() and returns a timestamp in UTC not localtime Add tests that change the system timezone away from UTC * Mark tests as destructive and use test for change status * Fix account expiration for FreeBSD Use DATE_FORMAT when setting expiration date on FreeBSD. Previously the argument passed to -e was an integer of days since epoch when the account will expire which was inserted directly into master.passwd. This value is interpreted as seconds since epoch by the system, meaning the account expiration was actually set to a few hours past epoch. Greatly simply comparing desired and current expiration time by using the first three values of the struct_time tuple rather than doing a whole bunch of manipulations of the seconds since epoch.
oolongbrothers
pushed a commit
to oolongbrothers/ansible
that referenced
this pull request
May 14, 2018
* Only change expiration date if it is different Modify user_info() method to also return the password expiration. Compare current and desired expiration times and only change if they are different. * Improve formatting on user tests * Add integration test for expiration * Add changelog fragment * Improve integration test Skip macOS and use getent module for validating expiration date. * Fix expiration change for FreeBSD * Don't use datetime since the total_seconds method isn't available on CentOS 6 * Use better name for expiration index field Use separate tasks for verifying expiration date on BSD * Use calendar.timegm() rather than time.mktime() calendar.timegm() is the inverse of time.gmtime() and returns a timestamp in UTC not localtime Add tests that change the system timezone away from UTC * Mark tests as destructive and use test for change status * Fix account expiration for FreeBSD Use DATE_FORMAT when setting expiration date on FreeBSD. Previously the argument passed to -e was an integer of days since epoch when the account will expire which was inserted directly into master.passwd. This value is interpreted as seconds since epoch by the system, meaning the account expiration was actually set to a few hours past epoch. Greatly simply comparing desired and current expiration time by using the first three values of the struct_time tuple rather than doing a whole bunch of manipulations of the seconds since epoch.
oolongbrothers
pushed a commit
to oolongbrothers/ansible
that referenced
this pull request
May 15, 2018
* Only change expiration date if it is different Modify user_info() method to also return the password expiration. Compare current and desired expiration times and only change if they are different. * Improve formatting on user tests * Add integration test for expiration * Add changelog fragment * Improve integration test Skip macOS and use getent module for validating expiration date. * Fix expiration change for FreeBSD * Don't use datetime since the total_seconds method isn't available on CentOS 6 * Use better name for expiration index field Use separate tasks for verifying expiration date on BSD * Use calendar.timegm() rather than time.mktime() calendar.timegm() is the inverse of time.gmtime() and returns a timestamp in UTC not localtime Add tests that change the system timezone away from UTC * Mark tests as destructive and use test for change status * Fix account expiration for FreeBSD Use DATE_FORMAT when setting expiration date on FreeBSD. Previously the argument passed to -e was an integer of days since epoch when the account will expire which was inserted directly into master.passwd. This value is interpreted as seconds since epoch by the system, meaning the account expiration was actually set to a few hours past epoch. Greatly simply comparing desired and current expiration time by using the first three values of the struct_time tuple rather than doing a whole bunch of manipulations of the seconds since epoch.
oolongbrothers
pushed a commit
to oolongbrothers/ansible
that referenced
this pull request
May 15, 2018
* Only change expiration date if it is different Modify user_info() method to also return the password expiration. Compare current and desired expiration times and only change if they are different. * Improve formatting on user tests * Add integration test for expiration * Add changelog fragment * Improve integration test Skip macOS and use getent module for validating expiration date. * Fix expiration change for FreeBSD * Don't use datetime since the total_seconds method isn't available on CentOS 6 * Use better name for expiration index field Use separate tasks for verifying expiration date on BSD * Use calendar.timegm() rather than time.mktime() calendar.timegm() is the inverse of time.gmtime() and returns a timestamp in UTC not localtime Add tests that change the system timezone away from UTC * Mark tests as destructive and use test for change status * Fix account expiration for FreeBSD Use DATE_FORMAT when setting expiration date on FreeBSD. Previously the argument passed to -e was an integer of days since epoch when the account will expire which was inserted directly into master.passwd. This value is interpreted as seconds since epoch by the system, meaning the account expiration was actually set to a few hours past epoch. Greatly simply comparing desired and current expiration time by using the first three values of the struct_time tuple rather than doing a whole bunch of manipulations of the seconds since epoch.
ilicmilan
pushed a commit
to ilicmilan/ansible
that referenced
this pull request
Nov 7, 2018
* Only change expiration date if it is different Modify user_info() method to also return the password expiration. Compare current and desired expiration times and only change if they are different. * Improve formatting on user tests * Add integration test for expiration * Add changelog fragment * Improve integration test Skip macOS and use getent module for validating expiration date. * Fix expiration change for FreeBSD * Don't use datetime since the total_seconds method isn't available on CentOS 6 * Use better name for expiration index field Use separate tasks for verifying expiration date on BSD * Use calendar.timegm() rather than time.mktime() calendar.timegm() is the inverse of time.gmtime() and returns a timestamp in UTC not localtime Add tests that change the system timezone away from UTC * Mark tests as destructive and use test for change status * Fix account expiration for FreeBSD Use DATE_FORMAT when setting expiration date on FreeBSD. Previously the argument passed to -e was an integer of days since epoch when the account will expire which was inserted directly into master.passwd. This value is interpreted as seconds since epoch by the system, meaning the account expiration was actually set to a few hours past epoch. Greatly simply comparing desired and current expiration time by using the first three values of the struct_time tuple rather than doing a whole bunch of manipulations of the seconds since epoch.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
Modify
user_info()method to also return the password expiration.Compare current and desired expiration times and only change if they are different.
Fixes #13235
ISSUE TYPE
COMPONENT NAME
user.pyANSIBLE VERSION