cloud-init-dev team mailing list archive

Thread
Date

[Merge] ~smoser/cloud-init:fix/1793193-suse-handle-locked-user into cloud-init:master

To: mp+355717@xxxxxxxxxxxxxxxxxx
From: Scott Moser <ssmoser2+ubuntu@xxxxxxxxx>
Date: Wed, 26 Sep 2018 16:22:21 -0000
Reply-to: mp+355717@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Scott Moser has proposed merging ~smoser/cloud-init:fix/1793193-suse-handle-locked-user into cloud-init:master.

Commit message:
SUSE: Handle error locking a user that was previously locked.

At present on SUSE, if the user exists and is already locked, either
previous user creation or user is created locked by default the lock
action exception is propagated. However, if the user is already locked we
have the condition we want to achieve and thus should move on.

LP: #1793193

Author: Robert Schweikert <rjschwei@xxxxxxxx>


Requested reviews:
  cloud-init commiters (cloud-init-dev)

For more details, see:
https://code.launchpad.net/~smoser/cloud-init/+git/cloud-init/+merge/355717

see commit message
-- 
Your team cloud-init commiters is requested to review the proposed merge of ~smoser/cloud-init:fix/1793193-suse-handle-locked-user into cloud-init:master.

diff --git a/cloudinit/distros/__init__.py b/cloudinit/distros/__init__.py
index ef618c2..134345d 100644
--- a/cloudinit/distros/__init__.py
+++ b/cloudinit/distros/__init__.py
@@ -582,9 +582,11 @@ class Distro(object):
             # (which would be more descriptive) since SLES 11 doesn't know
             # about long names.
             util.subp(['passwd', '-l', name])
-        except Exception as e:
-            util.logexc(LOG, 'Failed to disable password for user %s', name)
-            raise e
+        except util.ProcessExecutionError as e:
+            if e.exit_code != 3:
+                util.logexc(LOG, 'Failed to lock password for user %s', name)
+                raise e
+            LOG.debug('Password access already locked for user %s', name)
 
     def set_passwd(self, user, passwd, hashed=False):
         pass_string = '%s:%s' % (user, passwd)
diff --git a/tests/unittests/test_distros/test_create_users.py b/tests/unittests/test_distros/test_create_users.py
index c3f258d..aff4eae 100644
--- a/tests/unittests/test_distros/test_create_users.py
+++ b/tests/unittests/test_distros/test_create_users.py
@@ -4,6 +4,7 @@ import re
 
 from cloudinit import distros
 from cloudinit import ssh_util
+from cloudinit import util
 from cloudinit.tests.helpers import (CiTestCase, mock)
 
 
@@ -240,4 +241,13 @@ class TestCreateUser(CiTestCase):
             [mock.call(set(['auth1']), user),  # not disabled
              mock.call(set(['key1']), 'foouser', options=disable_prefix)])
 
+    def test_lock_passwd_already_locked(self, m_subp, m_is_snappy):
+        """Do not propagate the exception when user is already locked"""
+        m_subp.side_effect = util.ProcessExecutionError(exit_code=3)
+        user = 'foouser'
+        self.dist.lock_passwd(user)
+        self.assertIn(
+            'Password access already locked for user foouser',
+            self.logs.getvalue())
+
 # vi: ts=4 expandtab

Follow ups

[Merge] ~smoser/cloud-init:fix/1793193-suse-handle-locked-user into cloud-init:master
From: Scott Moser, 2018-09-26