Merge pull request #353 from yast/ay-remove-group_password

Do not support group passwords
yast · Nov 9, 2021 · 39c07e2 · 39c07e2
2 parents 8095bbf + 1384d9b
commit 39c07e2
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 23 deletions.
diff --git a/src/autoyast-rnc/users.rnc b/src/autoyast-rnc/users.rnc
@@ -19,6 +19,9 @@ groups =
     LIST,
     gr_group*
   }
+
+# TODO: "group_password" is no longer supported by YaST. We should remove it
+# along with "encrypted" from the schema at some point.
 gr_group = element group {
   MAP,
   (

diff --git a/src/lib/y2users/autoinst/reader.rb b/src/lib/y2users/autoinst/reader.rb
@@ -41,11 +41,14 @@ module Autoinst
     # historical reasons. See {#read} for some background.
     class Reader
       include Yast::Logger
+      include Yast::I18n
 
       # @param content [Hash] Hash containing AutoYaST data
       # @option content [Hash] "users" List of users
       # @option content [Hash] "groups" List of groups
       def initialize(content)
+        textdomain "users"
+
         @users_section = Y2Users::AutoinstProfile::UsersSection.new_from_hashes(
           content["users"] || []
         )
@@ -169,6 +172,8 @@ def read_groups(issues)
         groups_section.groups.each_with_object([]) do |group_section, groups|
           next unless check_group(group_section, issues)
 
+          check_group_password(group_section, issues)
+
           res = Group.new(group_section.groupname)
           res.gid = group_section.gid
           users_name = group_section.userlist.to_s.split(",")
@@ -227,6 +232,25 @@ def check_group(group_section, issues)
         false
       end
 
+      # Check if given group contains a group password for warning about
+      # ignoring it
+      #
+      # @note empty or "x" password actually means no password and the user
+      #   will be not warned about it.
+      #
+      # @param group_section [Installation::AutoinstProfile::GroupSection]
+      # @param issues [Y2Issues::List] Issues list
+      def check_group_password(group_section, issues)
+        group_password = group_section.group_password.to_s
+
+        return if group_password.empty? || group_password == "x"
+
+        issues << Y2Issues::Issue.new(
+          _("Attribute no longer supported by YaST. Ignoring it."),
+          location: "autoyast:#{group_section.section_path}:group_password"
+        )
+      end
+
       # Helper method that returns an InvalidValue issue for the given section and attribute
       #
       # @param section [Installation::AutoinstProfile::SectionWithAttributes]

diff --git a/src/modules/Users.pm b/src/modules/Users.pm
@@ -5655,22 +5655,8 @@ sub ImportGroup {
 	    }
 	}
     }
-    my $encrypted	= $group{"encrypted"};
-    $encrypted		= YaST::YCP::Boolean (1) if !defined $encrypted;
-    if (defined $encrypted && ref ($encrypted) ne "YaST::YCP::Boolean") {
-	$encrypted	= YaST::YCP::Boolean ($encrypted);
-    }
-    my $pass		= $group{"group_password"};
-    if ((!defined $encrypted || !bool ($encrypted)) &&
-	(defined $pass) && !Mode->config ())
-    {
-	$pass 		= $self->CryptPassword ($pass, $type);
-	$encrypted	= YaST::YCP::Boolean (1);
-    }
 
     my %ret		= (
-	"userPassword"	=> $pass,
-	"encrypted"	=> $encrypted,
         "cn"		=> $groupname,
         "gidNumber"	=> $gid,
         "userlist"	=> \%userlist,
@@ -6149,15 +6135,6 @@ sub ExportGroup {
     {
 	$ret{"gid"}		= $group->{"gidNumber"};
     }
-    if (defined $group->{"userPassword"}) {
-
-    	my $encrypted	= bool ($group->{"encrypted"});
-    	if (!defined $group->{"encrypted"}) {
-	    $encrypted	= 1;
-	}
-	$ret{"encrypted"}	= YaST::YCP::Boolean ($encrypted);
-	$ret{"group_password"}	= $group->{"userPassword"};
-    }
 
     return \%ret;
 }

diff --git a/test/lib/y2users/autoinst/reader_test.rb b/test/lib/y2users/autoinst/reader_test.rb
@@ -512,5 +512,42 @@
         expect(issue.location.to_s).to eq("autoyast:groups,0:groupname")
       end
     end
+
+    context "when a group has a password" do
+      let(:group_password) { "s3cr3T" }
+      let(:profile) do
+        {
+          "groups" => [
+            { "groupname" => "root", "gid" => "100" },
+            { "groupname" => "passworded-group", "group_password" => group_password }
+          ]
+        }
+      end
+
+      it "registers an issue" do
+        result = subject.read
+        issue = result.issues.first
+        expect(issue).to be_a(Y2Issues::Issue)
+        expect(issue.location.to_s).to eq("autoyast:groups,1:group_password")
+      end
+
+      context "but it is empty (which means no password)" do
+        let(:group_password) { "" }
+
+        it "does not register an issue" do
+          result = subject.read
+          expect(result.issues).to be_empty
+        end
+      end
+
+      context "but it is 'x' (which means no password)" do
+        let(:group_password) { "x" }
+
+        it "does not register an issue" do
+          result = subject.read
+          expect(result.issues).to be_empty
+        end
+      end
+    end
   end
 end