fix unlocking method on FreeBSD

on FreeBSD, `lock_passwd` is implemented as `pw usermod <user> -h -` This does not lock the account. It prompts for a password change on the console during cloud-init run. To lock an account, we have to execute: `pw lock <name>` LP: #1854594
author: Igor Galić <me+github@igalic.co> 2019-12-12 21:04:54 +0100
committer: Daniel Watkins <oddbloke@ubuntu.com> 2019-12-12 15:04:54 -0500
commit: e2840f1771158748780a768f6bfbb117cd7610c6 (patch)
tree: edfae615ef2470d11b5d4cd582474713aa1800ac /cloudinit
parent: 796f58081766c51cdb36e770541d32f84f595371 (diff)
download: vyos-cloud-init-e2840f1771158748780a768f6bfbb117cd7610c6.tar.gz
vyos-cloud-init-e2840f1771158748780a768f6bfbb117cd7610c6.zip
2 files changed, 29 insertions, 1 deletions
diff --git a/cloudinit/config/tests/test_users_groups.py b/cloudinit/config/tests/test_users_groups.py
index ba0afae3..f620b597 100644
--- a/cloudinit/config/tests/test_users_groups.py
+++ b/cloudinit/config/tests/test_users_groups.py
@@ -46,6 +46,34 @@ class TestHandleUsersGroups(CiTestCase):
              mock.call('me2', default=False)])
         m_group.assert_not_called()
 
+    @mock.patch('cloudinit.distros.freebsd.Distro.create_group')
+    @mock.patch('cloudinit.distros.freebsd.Distro.create_user')
+    def test_handle_users_in_cfg_calls_create_users_on_bsd(
+            self,
+            m_fbsd_user,
+            m_fbsd_group,
+            m_linux_user,
+            m_linux_group,
+    ):
+        """When users in config, create users with freebsd.create_user."""
+        cfg = {'users': ['default', {'name': 'me2'}]}  # merged cloud-config
+        # System config defines a default user for the distro.
+        sys_cfg = {'default_user': {'name': 'freebsd', 'lock_passwd': True,
+                                    'groups': ['wheel'],
+                                    'shell': '/bin/tcsh'}}
+        metadata = {}
+        cloud = self.tmp_cloud(
+            distro='freebsd', sys_cfg=sys_cfg, metadata=metadata)
+        cc_users_groups.handle('modulename', cfg, cloud, None, None)
+        self.assertItemsEqual(
+            m_fbsd_user.call_args_list,
+            [mock.call('freebsd', groups='wheel', lock_passwd=True,
+                       shell='/bin/tcsh'),
+             mock.call('me2', default=False)])
+        m_fbsd_group.assert_not_called()
+        m_linux_group.assert_not_called()
+        m_linux_user.assert_not_called()
+
     def test_users_with_ssh_redirect_user_passes_keys(self, m_user, m_group):
         """When ssh_redirect_user is True pass default user and cloud keys."""
         cfg = {
diff --git a/cloudinit/distros/freebsd.py b/cloudinit/distros/freebsd.py
index 8e5ae96c..caad1afb 100644
--- a/cloudinit/distros/freebsd.py
+++ b/cloudinit/distros/freebsd.py
@@ -256,7 +256,7 @@ class Distro(distros.Distro):
 
     def lock_passwd(self, name):
         try:
-            util.subp(['pw', 'usermod', name, '-h', '-'])
+            util.subp(['pw', 'lock', name])
         except Exception as e:
             util.logexc(LOG, "Failed to lock user %s", name)
             raise e
author	Igor Galić <me+github@igalic.co>	2019-12-12 21:04:54 +0100
committer	Daniel Watkins <oddbloke@ubuntu.com>	2019-12-12 15:04:54 -0500
commit	e2840f1771158748780a768f6bfbb117cd7610c6 (patch)
tree	edfae615ef2470d11b5d4cd582474713aa1800ac /cloudinit
parent	796f58081766c51cdb36e770541d32f84f595371 (diff)
download	vyos-cloud-init-e2840f1771158748780a768f6bfbb117cd7610c6.tar.gz vyos-cloud-init-e2840f1771158748780a768f6bfbb117cd7610c6.zip