cloud-init-dev team mailing list archive

[Sam Eiderman <sameid@xxxxxxxxxx>]

Sam Eiderman has proposed merging ~sameid/cloud-init:azure-user-locked-on-instance-id-change into cloud-init:master.

Commit message:
azure: Do not lock user on instance id change

After initial boot ovf-env.xml is copied to agent dir
(/var/lib/waagent/) with REDACTED password.
On subsequent boots DataSourceAzure loads with a configuration where the
user specified in /var/lib/waagent/ovf-env.xml is locked.
If instance id changes, cc_users_groups action will lock the user.

Fix this behavior by not locking the user if its password is REDACTED.

LP: #1849677

Requested reviews:
  cloud-init Commiters (cloud-init-dev)
Related bugs:
  Bug #1849677 in cloud-init: "azure locks existing user if instance id changes"
  https://bugs.launchpad.net/cloud-init/+bug/1849677

For more details, see:
https://code.launchpad.net/~sameid/cloud-init/+git/cloud-init/+merge/374740
-- 
Your team cloud-init Commiters is requested to review the proposed merge of ~sameid/cloud-init:azure-user-locked-on-instance-id-change into cloud-init:master.

diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
index 4984fa8..cdf49d3 100755
--- a/cloudinit/sources/DataSourceAzure.py
+++ b/cloudinit/sources/DataSourceAzure.py
@@ -1193,9 +1193,10 @@ def read_azure_ovf(contents):
     defuser = {}
     if username:
         defuser['name'] = username
-    if password and DEF_PASSWD_REDACTION != password:
-        defuser['passwd'] = encrypt_pass(password)
+    if password:
         defuser['lock_passwd'] = False
+        if DEF_PASSWD_REDACTION != password:
+            defuser['passwd'] = encrypt_pass(password)
 
     if defuser:
         cfg['system_info'] = {'default_user': defuser}