Change password_max_age lower bounds to negative one (-1) to allow fo…

…r disabling of password expiry.
puppetlabs · Oct 16, 2023 · d284db5 · d284db5
1 parent fe94d64
commit d284db5
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -217,7 +217,7 @@ Allows strings up to 32 characters long that begin with a lower case letter or u
 
 #### `Accounts::User::PasswordMaxAge`
 
-Maximum number of days a password may be used before it must be changed. Allows any integer from `0` to `99999`. See [`user`](https://puppet.com/docs/puppet/latest/types/user.html#user-attribute-password_max_age) resource.
+Maximum number of days a password may be used before it must be changed. Allows any integer from `-1` to `99999`. See [`user`](https://puppet.com/docs/puppet/latest/types/user.html#user-attribute-password_max_age) resource.
 
 #### `Accounts::User::Resource`
 

diff --git a/REFERENCE.md b/REFERENCE.md
@@ -428,7 +428,7 @@ Default value: `'!!'`
 Data type: `Optional[Accounts::User::PasswordMaxAge]`
 
 Maximum number of days a password may be used before it must be changed.
-Allows any integer from `0` to `99999`. See the
+Allows any integer from `-1` to `99999`. See the
 [`user`](https://puppet.com/docs/puppet/latest/types/user.html#user-attribute-password_max_age)
 resource.
 

diff --git a/manifests/user.pp b/manifests/user.pp
@@ -126,7 +126,7 @@
 #
 # @param password_max_age
 #   Maximum number of days a password may be used before it must be changed.
-#   Allows any integer from `0` to `99999`. See the
+#   Allows any integer from `-1` to `99999`. See the
 #   [`user`](https://puppet.com/docs/puppet/latest/types/user.html#user-attribute-password_max_age)
 #   resource.
 #

diff --git a/spec/acceptance/accounts_spec.rb b/spec/acceptance/accounts_spec.rb
@@ -40,7 +40,7 @@
     'hunner' => {
       'groups' => ['root'],
       'password' => 'hi',
-      'password_max_age' => 30,
+      'password_max_age' => 60,
       'shell' => '/bin/true',
       'home' => '/test/hunner',
       'managevim' => false,
@@ -63,7 +63,7 @@
       'sshkey_group' => 'root',
       'groups' => ['root'],
       'password' => 'hi',
-      'password_max_age' => 30,
+      'password_max_age' => 60,
       'shell' => '/bin/true',
       'home' => '/test/hunner',
       'managevim' => false,
@@ -323,7 +323,7 @@
       expect(user('hunner')).to have_login_shell '/bin/true'
       expect(user('hunner')).to have_home_directory '/test/hunner'
       expect(user('hunner')).to contain_password 'hi' unless os[:family] == 'solaris'
-      expect(user('hunner').maximum_days_between_password_change).to match 30
+      expect(user('hunner').maximum_days_between_password_change).to match 45
 
       expect(file('/test/hunner')).to be_directory
       expect(file('/test/hunner')).to be_mode 700

diff --git a/types/user/passwordmaxage.pp b/types/user/passwordmaxage.pp
@@ -3,4 +3,4 @@
 # On most systems, the default value of 99999 is about 274 years, which
 # effectively disables password aging.
 #
-type Accounts::User::PasswordMaxAge = Integer[1, 99999]
+type Accounts::User::PasswordMaxAge = Integer[-1, 99999]