Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10778

User resource is not idempotent on AIX

    XMLWordPrintable

Details

    • Night's Watch
    • Customer Feedback
    • 41908
    • 1
    • Bug Fix
    • The AIX user resource now allows for `password` lines with arbitrary whitespace in the `passwd` file.
    • Needs Assessment

    Description

      Puppet Version: 6.17
      Puppet Server Version: 6.12.1
      OS Name/Version: AIX 7.2

      When using a user resource on AIX and setting the password, the password is updated every agent run. This happens when a user stanza contains a tab in the password line.

      This is because the regex in https://github.com/puppetlabs/puppet/blob/main/lib/puppet/provider/user/aix.rb#L181 does not account for tabs or multiple spaces.

      Reproduction:

      1. In an AIX 7.2 node add a user resource.

      user{'testing':
      		 
        ensure => present,
      		 
        password => 'test',
      		 
      }

      2. Edit the /etc/security/passwd file to add a tab to the password line.

      testing:
      		 
              password        = test
      		 
              lastupdate = 1605112051

      3. Apply the user resource multiple times and confirm that the password it changed b every run.

      [0] [AIX] root@aix72-9:~ # puppet apply user.pp 
      Notice: Compiled catalog for aix72-9.delivery.puppetlabs.net in environment production in 0.02 seconds
      		 
      Notice: /Stage[main]/Main/User[testing]/password: changed [redacted] to [redacted]
      		 
      Notice: Applied catalog in 0.22 seconds
      		 
      [0] [AIX] root@aix72-9:~ # puppet apply user.pp 
      Notice: Compiled catalog for aix72-9.delivery.puppetlabs.net in environment production in 0.02 seconds
      		 
      Notice: /Stage[main]/Main/User[testing]/password: changed [redacted] to [redacted]
      		 
      Notice: Applied catalog in 0.22 seconds
      		 
      [0] [AIX] root@aix72-9:~ # puppet apply user.pp 
      Notice: Compiled catalog for aix72-9.delivery.puppetlabs.net in environment production in 0.02 seconds
      		 
      Notice: /Stage[main]/Main/User[testing]/password: changed [redacted] to [redacted]
      		 
      Notice: Applied catalog in 0.22 seconds

      Desired Behavior:
      The password should be set once unless the password changed.

      Actual Behavior:

      The detection of the current password has an incorrect regex and updates the password every agent run.

      Proposed Fix
      Change the regex in https://github.com/puppetlabs/puppet/blob/main/lib/puppet/provider/user/aix.rb#L181 to be /password\s+=\s+(\S+)/

      Attachments

        Activity

          People

            Unassigned Unassigned
            jarret.lavallee Jarret Lavallee
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Zendesk Support