do not set 'password', but set 'passwd' to crypt'd value

'password' was the wrong key.  It should have been setting the default
user's "plain_text_password".  

Instead of doing that, though, we're encrypting the value and putting it in
'passwd', which will then be passed on to useradd.  The key value in doing
this is that the plain text password will not be stored in obj.pkl.

(admittedly it is still in plain text in the ovf-env.xml file).

1 files changed, 8 insertions, 3 deletions

diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py
index 06f8a5d2..1ca6a79d 100644
--- a/tests/unittests/test_datasource/test_azure.py
+++ b/tests/unittests/test_datasource/test_azure.py
@@ -2,6 +2,7 @@ from cloudinit import helpers
 from cloudinit.sources import DataSourceAzure
 from tests.unittests.helpers import populate_dir
 
+import crypt
 import base64
 from mocker import MockerTestCase
 import os
@@ -207,11 +208,15 @@ class TestAzureDataSource(MockerTestCase):
         self.assertTrue('default_user' in dsrc.cfg['system_info'])
         defuser = dsrc.cfg['system_info']['default_user']
 
-        # default user shoudl be updated for password and username
-        # and should not be locked.
+        # default user should be updated username and should not be locked.
         self.assertEqual(defuser['name'], odata['UserName'])
-        self.assertEqual(defuser['password'], odata['UserPassword'])
         self.assertFalse(defuser['lock_passwd'])
+        # passwd is crypt formated string $id$salt$encrypted
+        # encrypting plaintext with salt value of everything up to final '$'
+        # should equal that after the '$'
+        pos = defuser['passwd'].rfind("$") + 1
+        self.assertEqual(defuser['passwd'],
+            crypt.crypt(odata['UserPassword'], defuser['passwd'][0:pos]))
 
     def test_userdata_found(self):
         mydata = "FOOBAR"