Solved default password bug

2025-07-03 23:52:04 +02:00 · 2025-07-02 16:27:54 +02:00 · 2025-07-02 16:27:54 +02:00 · 9cf18cae0e
commit 9cf18cae0e
parent e807a3e956
2 changed files with 43 additions and 10 deletions
--- a/cli/generate_users.py
+++ b/cli/generate_users.py
@ -50,24 +50,18 @@ def build_users(defs, primary_domain, start_id, become_pwd):
        username = overrides.get('username', key)
        email = overrides.get('email', f"{username}@{primary_domain}")
        description = overrides.get('description')
-
+        password = overrides.get('password',become_pwd)
        # UID assignment
        if 'uid' in overrides:
            uid = overrides['uid']
        else:
            uid = allocate_free_id()
-
-        # GID assignment
-        if 'gid' in overrides:
-            gid = overrides['gid']
-        else:
-            # default GID to UID
-            gid = uid
+        gid = overrides.get('gid',uid)

        entry = {
            'username': username,
            'email':    email,
-            'password': become_pwd,
+            'password': password,
            'uid':      uid,
            'gid':      gid
        }
@ -182,7 +176,7 @@ def parse_args():
 def main():
    args = parse_args()
    primary_domain = '{{ primary_domain }}'
-    become_pwd = '{{ ansible_become_password }}'
+    become_pwd = '{{ lookup("password", "/dev/null length=42 chars=ascii_letters,digits") }}'

    try:
        user_defs = load_user_defs(args.roles_dir)
--- a/tests/unit/test_generate_users.py
+++ b/tests/unit/test_generate_users.py
@ -37,6 +37,45 @@ class TestGenerateUsers(unittest.TestCase):
        self.assertEqual(users['carol']['uid'], 1002)
        self.assertEqual(users['carol']['gid'], 1002)

+    def test_build_users_default_lookup_password(self):
+        """
+        When no 'password' override is provided,
+        the become_pwd lookup template string must be used as the password.
+        """
+        defs = {'frank': {}}
+        lookup_template = '{{ lookup("password", "/dev/null length=42 chars=ascii_letters,digits") }}'
+        users = generate_users.build_users(
+            defs=defs,
+            primary_domain='example.com',
+            start_id=1001,
+            become_pwd=lookup_template
+        )
+        self.assertEqual(
+            users['frank']['password'],
+            lookup_template,
+            "The lookup template string was not correctly applied as the default password"
+        )
+
+    def test_build_users_override_password(self):
+        """
+        When a 'password' override is provided,
+        that custom password must be used instead of become_pwd.
+        """
+        defs = {'eva': {'password': 'custompw'}}
+        lookup_template = '{{ lookup("password", "/dev/null length=42 chars=ascii_letters,digits") }}'
+        users = generate_users.build_users(
+            defs=defs,
+            primary_domain='example.com',
+            start_id=1001,
+            become_pwd=lookup_template
+        )
+        self.assertEqual(
+            users['eva']['password'],
+            'custompw',
+            "The override password was not correctly applied"
+        )
+
+
    def test_build_users_duplicate_override_uid(self):
        defs = {
            'u1': {'uid': 1001},