docs: Extend password entry of ansible.builtin.user #79694
Conversation
Clarify that `password` sets the password hash. Not the actual password. Fixes part of ansible#79684
|
Thanks for your Ansible docs contribution! We talk about Ansible documentation on matrix at #docs:ansible.im and on libera IRC at #ansible-docs if you ever want to join us and chat about the docs! We meet there on Tuesdays (see the Ansible calendar) and welcome additions to our weekly agenda items - scroll down to find the upcoming agenda and add a comment to put something new on that agenda. |
ansibot
added
affects_2.15
docs
lib/ansible/modules/user.py
Outdated
| @@ -86,12 +86,13 @@ | |||
| version_added: "2.0" | |||
| password: | |||
| description: | |||
| - Optionally set the user's password to this encrypted value. | |||
| - Optionally set the user's password hash to this value. | |||
| - Do B(not) put the actual password into this field. | |||
There was a problem hiding this comment.
This may cause confusion with the statement lower, that says that you are supposed to do this for macOS. So perhaps this statement and the macOS statement should be combined.
There was a problem hiding this comment.
I was confused by the macOS sentence too.
So on macOS the password field expects the actual password, on Linux the hash?
What is expected on Windows?
There was a problem hiding this comment.
I gave the phrasing another try.
Regarding the differing behavior of Linux and macOS: I wonder if I should open an issue to discuss this behavior. Using the actual password on one platform and the hash on another one sounds like a foot gun to me.
There was a problem hiding this comment.
Adding some suggestions to try and clarify the choices a little more, if I understand this correctly.
I would prefer more authoritative language that instructs users to enter exactly what each OS requires. That might get rid of some of the ambiguity/confusion. But it does seem concerning that macOS doesn't take a hashed password.
Co-authored-by: Don Naro <dnaro@redhat.com>
Co-authored-by: Don Naro <dnaro@redhat.com>
Co-authored-by: Don Naro <dnaro@redhat.com>
mkrizek
removed
the
needs_triage
lib/ansible/modules/user.py
Outdated
| @@ -86,12 +86,13 @@ | |||
| version_added: "2.0" | |||
| password: | |||
| description: | |||
| - Optionally set the user's password to this encrypted value. | |||
| - On macOS systems, this value has to be cleartext. Beware of security issues. | |||
| - Optionally set the user password. | |||
There was a problem hiding this comment.
- If provided, set the user's password to the provided encrypted hash (linux/unix/POSIX) or plain text password (OS X/Mac OS)
There was a problem hiding this comment.
Isn't that redundant with the text below?
Also, I don't think that Linux is "more Unix" than macOS :)
There was a problem hiding this comment.
why its in list of linux/unix/posix otherwise it woudl be implied under unix
There was a problem hiding this comment.
and yes, it makes other lines redundant, but i think its simple, concise and clear in one sentence and will avoid people 'trailing off' and not reading a wall of text.
ansibot
added
stale_ci
|
Hi @Hofer-Julian - have you had a chance to consider the feedback above? Thanks for your help! |
Thanks for the reminder, I've adapted the sentence. |
ansibot
removed
the
stale_ci
|
LGTM but let's see if @bcoca has any final comments before we merge. |
* docs: Extend password entry of ansible.builtin.user Clarify that `password` sets the password hash. Not the actual password. Fixes part of ansible#79684 (cherry picked from commit 6cd1a14)
* fix filename for sidecar docs (#79779) (cherry picked from commit f2707d1) * correct examples to use removed_from_collection not collection_name (#79803) (cherry picked from commit 7ab3de7) * Fix: documentation for per-task timeout (#79715) (cherry picked from commit 48e6bf8) * [Docs] maintainers_guidelines: add WG and real-time chat request info (#79750) (cherry picked from commit 6cb6d65) * doc fix for platform content #79794 (#79801) (cherry picked from commit d7a4152) * Expand docs for the import sanity test. (#79768) * Expand docs for the import sanity test. * Remove note about Python 2.7 compat. It should not be needed since there is a sanity test to enforce use of `__metaclass__ = type`. * Improve introductory paragraph. * Fix link typo. (cherry picked from commit 2164d56) * docs: Extend password entry of ansible.builtin.user (#79694) * docs: Extend password entry of ansible.builtin.user Clarify that `password` sets the password hash. Not the actual password. Fixes part of #79684 (cherry picked from commit 6cd1a14) * Update dev_guide.rst (#79625) (cherry picked from commit 65eb5c0) * Improve documentation on requirements.yml (#76140) Makes it clear that user can use range identifiers with collection versions inside requirements.yml files. (cherry picked from commit 44dcfde) --------- Co-authored-by: Evgeni Golov <evgeni@golov.de> Co-authored-by: Jo <jo@swagspace.org> Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> Co-authored-by: prasadpatil49 <51715670+prasadpatil49@users.noreply.github.com> Co-authored-by: Matt Clay <matt@mystile.com> Co-authored-by: Hofer-Julian <30049909+Hofer-Julian@users.noreply.github.com> Co-authored-by: Jens Timmerman <github@caret.be> Co-authored-by: Sorin Sbarnea <ssbarnea@redhat.com>
SUMMARY
Clarify that
passwordsets the password hash and not the actual password.Fixes part of #79684
ISSUE TYPE
COMPONENT NAME
ansible.builtin.user