The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Feature #15037

ability to set initial user password

Added by Darin Perusich about 2 years ago. Updated 8 months ago.

Status:AcceptedStart date:06/14/2012
Priority:NormalDue date:
Assignee:eric sorenson% Done:

0%

Category:user
Target version:-
Affected Puppet version: Branch:
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This ticket is now tracked at: https://tickets.puppetlabs.com/browse/PUP-1331


Description

Add functionality to the user type so one can set an initial password to be set upon account creation. Currently when puppet is managing a users password, if said password is changed puppet will reset it to whatever value has been configured.

This is a rehash of http://projects.puppetlabs.com/issues/2046

History

#1 Updated by Patrick Carlisle about 2 years ago

  • Status changed from Unreviewed to Accepted

It’s unlikely we’ll get to this right away, but it makes sense to me and I’d consider a pull request on it.

#2 Updated by Rob Sweet almost 2 years ago

  • Assignee set to Rob Sweet

#3 Updated by Nigel Kersten almost 2 years ago

Are we sure we want to do this? Are we going to support this sort of functionality for any parameter/property ? Isn’t there a reasonable workaround with a notify to an exec?

user { "foo":
  ...
  notify => Exec["set_initial_password"],
}

exec { "set_initial_password":
  ...
  unless => whatever-condition-you-want,
}

#4 Updated by Rob Sweet almost 2 years ago

Sorry, Nigel. This is the first thing I’ve tried to contribute on so maybe I’ve misunderstood the process. I thought that something with status Accepted meant that no further discussion was desired.

Chaining an exec seems messy to me but sure, that’d be a workaround.

In the broader scope, has anyone discussed the concept of passing options to parameters? Seems you could use a construct like this:

user { "foo":
  ...
  password => { :value => 'supersecretpassword', :create_only => true },
}

Supporting something like that would open the door to various kinds of sophisticated property/parameter behavior, which could maybe help slim down manifests a bit.

That said, I definitely don’t know the Puppet codebase well enough yet to attempt coding that kind of broad functionality. And here I thought I’d picked up something relatively easy to start with. ;)

#5 Updated by Nigel Kersten almost 2 years ago

  • Assignee changed from Rob Sweet to eric sorenson

No apologies needed Rob, I was arguing against Patrick’s decision to accept it :)

I worry about how this would make the model inconsistent.

Right now, if you set a property/parameter on a resource, that means the resource will change.

This proposed idea would break that model, and I’m not sure the cost is worth it.

I’d be more in favor of a generic solution, rather than one for just the password, but it still concerns me.

Eric? Your thoughts?

#6 Updated by Anonymous 8 months ago

Redmine Issue #15037 has been migrated to JIRA:

https://tickets.puppetlabs.com/browse/PUP-1331

Also available in: Atom PDF