-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add user password lock option to user module #37962
Conversation
e52e0fd
to
c027b90
Compare
49b891b
to
6da3124
Compare
The test
The test
|
lib/ansible/modules/system/user.py
Outdated
@@ -173,6 +173,10 @@ | |||
- An expiry time for the user in epoch, it will be ignored on platforms that do not support this. | |||
Currently supported on Linux, FreeBSD, and DragonFlyBSD. | |||
version_added: "1.9" | |||
password_lock: | |||
description: | |||
- lock the password (usermod -L ) by adding a '!' at the beggining of the password user entry. This option does not disable the user, only lock the password. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/beggining/beginning/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
lib/ansible/modules/system/user.py
Outdated
password_lock: | ||
description: | ||
- lock the password (usermod -L ) by adding a '!' at the beggining of the password user entry. This option does not disable the user, only lock the password. | ||
version_added: "2.4" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
version_added: "2.6"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
6da3124
to
99b986c
Compare
I did what @ansibot told me :) |
The test
|
ooops. I fixed. |
now i only need @Akasurde validation ;) |
hello @Akasurde cheers |
The test
|
lib/ansible/modules/system/user.py
Outdated
@@ -909,6 +922,9 @@ def modify_user(self): | |||
cmd.append('-e') | |||
cmd.append(str(int(days))) | |||
|
|||
if self.password_lock: | |||
cmd.append('-L') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is incorrect for freebsd, -L
refers to login class, not password lock, just look at a few lines above
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
my bad.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've rewrited the lock/unlock commands for FreeBSD and NetBSD, finally, and updated the doc.
The test
The test
The test
The test
The test
The test
The test
The test
The test
The test
The test
The test
The test
The test
The test
The test
The test
The test
The test
The test
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@lazouz |
@lazouz Thanks for your contribution. |
* add user password lock option to user module * fixup! add user password lock option to user module * add unlock, set no default * fixup! add unlock, set no default * fixup! fixup! add unlock, set no default * add lock password for FreeBSD, netBSD * fixup! add lock password for FreeBSD, netBSD
* add user password lock option to user module * fixup! add user password lock option to user module * add unlock, set no default * fixup! add unlock, set no default * fixup! fixup! add unlock, set no default * add lock password for FreeBSD, netBSD * fixup! add lock password for FreeBSD, netBSD
Nice update to the module, I've just started using it. Noticed that it's not idempotent though. Do you have plans to add that? Just did some testing and shouldn't take much, something like this (at line 659) : if self.password_lock:
if info[1] and info[1][0] != '!':
cmd.append('-L')
elif not self.password_lock:
if info[1] and info[1][0] == '!':
cmd.append('-U') |
The problem is : the behavior is different on every Operating System, the solution you have works for linux only. We have to find a solution for FreeBSD, etc. |
Yeah, there's a bit more to it for sure. Just checking FreeBSD docs, they prepend |
* add user password lock option to user module * fixup! add user password lock option to user module * add unlock, set no default * fixup! add unlock, set no default * fixup! fixup! add unlock, set no default * add lock password for FreeBSD, netBSD * fixup! add lock password for FreeBSD, netBSD
SUMMARY
This adds password lock feature (lock -l command) tu user module.
ISSUE TYPE
COMPONENT NAME
module : user
ANSIBLE VERSION
ADDITIONAL INFORMATION
I have not written tests for this feature, because i don't know if it can be useful
fixes #29466