-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: Extend password entry of ansible.builtin.user #79694
Conversation
Clarify that `password` sets the password hash. Not the actual password. Fixes part of ansible#79684
Thanks for your Ansible docs contribution! We talk about Ansible documentation on matrix at #docs:ansible.im and on libera IRC at #ansible-docs if you ever want to join us and chat about the docs! We meet there on Tuesdays (see the Ansible calendar) and welcome additions to our weekly agenda items - scroll down to find the upcoming agenda and add a comment to put something new on that agenda. |
lib/ansible/modules/user.py
Outdated
@@ -86,12 +86,13 @@ | |||
version_added: "2.0" | |||
password: | |||
description: | |||
- Optionally set the user's password to this encrypted value. | |||
- Optionally set the user's password hash to this value. | |||
- Do B(not) put the actual password into this field. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This may cause confusion with the statement lower, that says that you are supposed to do this for macOS. So perhaps this statement and the macOS
statement should be combined.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was confused by the macOS sentence too.
So on macOS the password field expects the actual password, on Linux the hash?
What is expected on Windows?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
to use win_user instead
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I gave the phrasing another try.
Regarding the differing behavior of Linux and macOS: I wonder if I should open an issue to discuss this behavior. Using the actual password on one platform and the hash on another one sounds like a foot gun to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding some suggestions to try and clarify the choices a little more, if I understand this correctly.
I would prefer more authoritative language that instructs users to enter exactly what each OS requires. That might get rid of some of the ambiguity/confusion. But it does seem concerning that macOS doesn't take a hashed password.
Co-authored-by: Don Naro <dnaro@redhat.com>
Co-authored-by: Don Naro <dnaro@redhat.com>
Co-authored-by: Don Naro <dnaro@redhat.com>
lib/ansible/modules/user.py
Outdated
@@ -86,12 +86,13 @@ | |||
version_added: "2.0" | |||
password: | |||
description: | |||
- Optionally set the user's password to this encrypted value. | |||
- On macOS systems, this value has to be cleartext. Beware of security issues. | |||
- Optionally set the user password. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- If provided, set the user's password to the provided encrypted hash (linux/unix/POSIX) or plain text password (OS X/Mac OS)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't that redundant with the text below?
Also, I don't think that Linux is "more Unix" than macOS :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why its in list of linux/unix/posix otherwise it woudl be implied under unix
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and yes, it makes other lines redundant, but i think its simple, concise and clear in one sentence and will avoid people 'trailing off' and not reading a wall of text.
Hi @Hofer-Julian - have you had a chance to consider the feedback above? Thanks for your help! |
Thanks for the reminder, I've adapted the sentence. |
LGTM but let's see if @bcoca has any final comments before we merge. |
* docs: Extend password entry of ansible.builtin.user Clarify that `password` sets the password hash. Not the actual password. Fixes part of ansible#79684 (cherry picked from commit 6cd1a14)
* fix filename for sidecar docs (#79779) (cherry picked from commit f2707d1) * correct examples to use removed_from_collection not collection_name (#79803) (cherry picked from commit 7ab3de7) * Fix: documentation for per-task timeout (#79715) (cherry picked from commit 48e6bf8) * [Docs] maintainers_guidelines: add WG and real-time chat request info (#79750) (cherry picked from commit 6cb6d65) * doc fix for platform content #79794 (#79801) (cherry picked from commit d7a4152) * Expand docs for the import sanity test. (#79768) * Expand docs for the import sanity test. * Remove note about Python 2.7 compat. It should not be needed since there is a sanity test to enforce use of `__metaclass__ = type`. * Improve introductory paragraph. * Fix link typo. (cherry picked from commit 2164d56) * docs: Extend password entry of ansible.builtin.user (#79694) * docs: Extend password entry of ansible.builtin.user Clarify that `password` sets the password hash. Not the actual password. Fixes part of #79684 (cherry picked from commit 6cd1a14) * Update dev_guide.rst (#79625) (cherry picked from commit 65eb5c0) * Improve documentation on requirements.yml (#76140) Makes it clear that user can use range identifiers with collection versions inside requirements.yml files. (cherry picked from commit 44dcfde) --------- Co-authored-by: Evgeni Golov <evgeni@golov.de> Co-authored-by: Jo <jo@swagspace.org> Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> Co-authored-by: prasadpatil49 <51715670+prasadpatil49@users.noreply.github.com> Co-authored-by: Matt Clay <matt@mystile.com> Co-authored-by: Hofer-Julian <30049909+Hofer-Julian@users.noreply.github.com> Co-authored-by: Jens Timmerman <github@caret.be> Co-authored-by: Sorin Sbarnea <ssbarnea@redhat.com>
SUMMARY
Clarify that
password
sets the password hash and not the actual password.Fixes part of #79684
ISSUE TYPE
COMPONENT NAME
ansible.builtin.user