summaryrefslogtreecommitdiff
path: root/cloudinit
diff options
context:
space:
mode:
authorSam Eiderman <sameid@google.com>2019-10-29 23:00:36 +0000
committerServer Team CI Bot <josh.powers+server-team-bot@canonical.com>2019-10-29 23:00:36 +0000
commite1b4b8c903fed3b69e57ec08c17ce94097d55901 (patch)
tree9bc11d884f1e9d4ccacf95705dc7d29651c2b886 /cloudinit
parentf1c788e2bb7c86069d43a015267facfb8aefcdf0 (diff)
downloadvyos-cloud-init-e1b4b8c903fed3b69e57ec08c17ce94097d55901.tar.gz
vyos-cloud-init-e1b4b8c903fed3b69e57ec08c17ce94097d55901.zip
azure: Do not lock user on instance id change
After initial boot ovf-env.xml is copied to agent dir (/var/lib/waagent/) with REDACTED password. On subsequent boots DataSourceAzure loads with a configuration where the user specified in /var/lib/waagent/ovf-env.xml is locked. If instance id changes, cc_users_groups action will lock the user. Fix this behavior by not locking the user if its password is REDACTED. LP: #1849677
Diffstat (limited to 'cloudinit')
-rwxr-xr-xcloudinit/sources/DataSourceAzure.py5
1 files changed, 3 insertions, 2 deletions
diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
index 4984fa84..cdf49d36 100755
--- a/cloudinit/sources/DataSourceAzure.py
+++ b/cloudinit/sources/DataSourceAzure.py
@@ -1193,9 +1193,10 @@ def read_azure_ovf(contents):
defuser = {}
if username:
defuser['name'] = username
- if password and DEF_PASSWD_REDACTION != password:
- defuser['passwd'] = encrypt_pass(password)
+ if password:
defuser['lock_passwd'] = False
+ if DEF_PASSWD_REDACTION != password:
+ defuser['passwd'] = encrypt_pass(password)
if defuser:
cfg['system_info'] = {'default_user': defuser}