|
 |
432086 |
From f1b956c55be5402fffc6dba0d266beabfc07f689 Mon Sep 17 00:00:00 2001
|
|
|
432086 |
From: Eduardo Otubo <otubo@redhat.com>
|
|
|
432086 |
Date: Mon, 15 Feb 2021 12:37:48 -0500
|
|
|
432086 |
Subject: [PATCH] DataSourceAzure: update password for defuser if exists (#671)
|
|
|
432086 |
|
|
|
432086 |
RH-Author: Eduardo Otubo <otubo@redhat.com>
|
|
|
432086 |
Message-id: <20210215123748.21974-1-otubo@redhat.com>
|
|
|
432086 |
Patchwork-id: 101062
|
|
|
432086 |
O-Subject: [RHEL-7.7.z/RHEL-7.9.z cloud-init PATCH] DataSourceAzure: update password for defuser if exists (#671)
|
|
|
432086 |
Bugzilla: 1900807
|
|
|
432086 |
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
|
|
432086 |
RH-Acked-by: Mohammed Gamal <mgamal@redhat.com>
|
|
|
432086 |
|
|
|
432086 |
BZ: 1927438
|
|
|
432086 |
BRANCH: rhel7/master-18.5
|
|
|
432086 |
BREW: 34944983
|
|
|
432086 |
|
|
|
432086 |
BZ: 1900807
|
|
|
432086 |
BRANCH: rhel7/master-19.4
|
|
|
432086 |
BREW: 34945000
|
|
|
432086 |
|
|
|
432086 |
For RHEL-7.7, this patch should be applied on top of "azure: Do not lock user
|
|
|
432086 |
on instance id change". Overseer will complain about it since it cannot
|
|
|
432086 |
be applied cleanly without that patch.
|
|
|
432086 |
|
|
|
432086 |
commit eea754492f074e00b601cf77aa278e3623857c5a
|
|
|
432086 |
Author: Anh Vo <anhvo@microsoft.com>
|
|
|
432086 |
Date: Thu Nov 19 00:35:46 2020 -0500
|
|
|
432086 |
|
|
|
432086 |
DataSourceAzure: update password for defuser if exists (#671)
|
|
|
432086 |
|
|
|
432086 |
cc_set_password will only update the password for the default user if
|
|
|
432086 |
cfg['password'] is set. The existing code of datasource Azure will fail
|
|
|
432086 |
to update the default user's password because it does not set that
|
|
|
432086 |
metadata. If the default user doesn't exist in the image, the current
|
|
|
432086 |
code works fine because the password is set during user create and
|
|
|
432086 |
not in cc_set_password
|
|
|
432086 |
|
|
|
432086 |
Signed-off-by: Eduardo Otubo <otubo@redhat.com>
|
|
|
432086 |
Signed-off-by: Jon Maloy <jmaloy.redhat.com>
|
|
|
432086 |
---
|
|
|
432086 |
cloudinit/sources/DataSourceAzure.py | 2 +-
|
|
|
432086 |
tests/unittests/test_datasource/test_azure.py | 3 +++
|
|
|
432086 |
2 files changed, 4 insertions(+), 1 deletion(-)
|
|
|
432086 |
|
|
|
432086 |
diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
|
|
|
432086 |
index 6fb889c4..69454c40 100755
|
|
|
432086 |
--- a/cloudinit/sources/DataSourceAzure.py
|
|
|
432086 |
+++ b/cloudinit/sources/DataSourceAzure.py
|
|
|
432086 |
@@ -1206,7 +1206,7 @@ def read_azure_ovf(contents):
|
|
|
432086 |
if password:
|
|
|
432086 |
defuser['lock_passwd'] = False
|
|
|
432086 |
if DEF_PASSWD_REDACTION != password:
|
|
|
432086 |
- defuser['passwd'] = encrypt_pass(password)
|
|
|
432086 |
+ defuser['passwd'] = cfg['password'] = encrypt_pass(password)
|
|
|
432086 |
|
|
|
432086 |
if defuser:
|
|
|
432086 |
cfg['system_info'] = {'default_user': defuser}
|
|
|
432086 |
diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py
|
|
|
432086 |
index a809fd87..f141dc6c 100644
|
|
|
432086 |
--- a/tests/unittests/test_datasource/test_azure.py
|
|
|
432086 |
+++ b/tests/unittests/test_datasource/test_azure.py
|
|
|
432086 |
@@ -899,6 +899,9 @@ scbus-1 on xpt0 bus 0
|
|
|
432086 |
crypt.crypt(odata['UserPassword'],
|
|
|
432086 |
defuser['passwd'][0:pos]))
|
|
|
432086 |
|
|
|
432086 |
+ # the same hashed value should also be present in cfg['password']
|
|
|
432086 |
+ self.assertEqual(defuser['passwd'], dsrc.cfg['password'])
|
|
|
432086 |
+
|
|
|
432086 |
def test_user_not_locked_if_password_redacted(self):
|
|
|
432086 |
odata = {'HostName': "myhost", 'UserName': "myuser",
|
|
|
432086 |
'UserPassword': dsaz.DEF_PASSWD_REDACTION}
|
|
|
432086 |
--
|
|
|
432086 |
2.18.2
|
|
|
432086 |
|