| Puppet Version: 6.17
Puppet Server Version: 6.12.1
OS Name/Version: AIX 7.2 When using a user resource on AIX and setting the password, the password is updated every agent run. This happens when a user stanza contains a tab in the password line. This is because the regex in https://github.com/puppetlabs/puppet/blob/main/lib/puppet/provider/user/aix.rb#L181 does not account for tabs or multiple spaces. Reproduction: 1. In an AIX 7.2 node add a user resource.
user{'testing': |
ensure => present, |
password => 'test', |
}
|
2. Edit the /etc/security/passwd file to add a tab to the password line.
testing: |
password = test |
lastupdate = 1605112051
|
3. Apply the user resource multiple times and confirm that the password it changed b every run.
[0] [AIX] root@aix72-9:~ # puppet apply user.pp |
Notice: Compiled catalog for aix72-9.delivery.puppetlabs.net in environment production in 0.02 seconds |
Notice: /Stage[main]/Main/User[testing]/password: changed [redacted] to [redacted] |
Notice: Applied catalog in 0.22 seconds |
[0] [AIX] root@aix72-9:~ # puppet apply user.pp |
Notice: Compiled catalog for aix72-9.delivery.puppetlabs.net in environment production in 0.02 seconds |
Notice: /Stage[main]/Main/User[testing]/password: changed [redacted] to [redacted] |
Notice: Applied catalog in 0.22 seconds |
[0] [AIX] root@aix72-9:~ # puppet apply user.pp |
Notice: Compiled catalog for aix72-9.delivery.puppetlabs.net in environment production in 0.02 seconds |
Notice: /Stage[main]/Main/User[testing]/password: changed [redacted] to [redacted] |
Notice: Applied catalog in 0.22 seconds
|
Desired Behavior:
The password should be set once unless the password changed. Actual Behavior: The detection of the current password has an incorrect regex and updates the password every agent run. Proposed Fix
Change the regex in https://github.com/puppetlabs/puppet/blob/main/lib/puppet/provider/user/aix.rb#L181 to be /password\s+=\s+(\S+)/ |
