kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-07-04 08:02:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Solved default password bug

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-07-02 16:27:54 +02:00
parent e807a3e956
commit 9cf18cae0e
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
2 changed files with 43 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
cli/generate_users.py
View File

@ -50,24 +50,18 @@ def build_users(defs, primary_domain, start_id, become_pwd):
username = overrides.get('username', key) username = overrides.get('username', key)
email = overrides.get('email', f"{username}@{primary_domain}") email = overrides.get('email', f"{username}@{primary_domain}")
description = overrides.get('description') description = overrides.get('description')
password = overrides.get('password',become_pwd)
# UID assignment # UID assignment
if 'uid' in overrides: if 'uid' in overrides:
uid = overrides['uid'] uid = overrides['uid']
else: else:
uid = allocate_free_id() uid = allocate_free_id()
gid = overrides.get('gid',uid)
# GID assignment
if 'gid' in overrides:
gid = overrides['gid']
else:
# default GID to UID
gid = uid
entry = { entry = {
'username': username, 'username': username,
'email': email, 'email': email,
'password': become_pwd, 'password': password,
'uid': uid, 'uid': uid,
'gid': gid 'gid': gid
} }
@ -182,7 +176,7 @@ def parse_args():
def main(): def main():
args = parse_args() args = parse_args()
primary_domain = '{{ primary_domain }}' primary_domain = '{{ primary_domain }}'
become_pwd = '{{ ansible_become_password }}' become_pwd = '{{ lookup("password", "/dev/null length=42 chars=ascii_letters,digits") }}'
try: try:
user_defs = load_user_defs(args.roles_dir) user_defs = load_user_defs(args.roles_dir)

39
tests/unit/test_generate_users.py
View File

@ -37,6 +37,45 @@ class TestGenerateUsers(unittest.TestCase):
self.assertEqual(users['carol']['uid'], 1002) self.assertEqual(users['carol']['uid'], 1002)
self.assertEqual(users['carol']['gid'], 1002) self.assertEqual(users['carol']['gid'], 1002)
def test_build_users_default_lookup_password(self):
"""
When no 'password' override is provided,
the become_pwd lookup template string must be used as the password.
"""
defs = {'frank': {}}
lookup_template = '{{ lookup("password", "/dev/null length=42 chars=ascii_letters,digits") }}'
users = generate_users.build_users(
defs=defs,
primary_domain='example.com',
start_id=1001,
become_pwd=lookup_template
)
self.assertEqual(
users['frank']['password'],
lookup_template,
"The lookup template string was not correctly applied as the default password"
)
def test_build_users_override_password(self):
"""
When a 'password' override is provided,
that custom password must be used instead of become_pwd.
"""
defs = {'eva': {'password': 'custompw'}}
lookup_template = '{{ lookup("password", "/dev/null length=42 chars=ascii_letters,digits") }}'
users = generate_users.build_users(
defs=defs,
primary_domain='example.com',
start_id=1001,
become_pwd=lookup_template
)
self.assertEqual(
users['eva']['password'],
'custompw',
"The override password was not correctly applied"
)
def test_build_users_duplicate_override_uid(self): def test_build_users_duplicate_override_uid(self):
defs = { defs = {
'u1': {'uid': 1001}, 'u1': {'uid': 1001},