summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cloudinit/sources/DataSourceAzure.py7
-rw-r--r--tests/unittests/test_datasource/test_azure.py11
2 files changed, 14 insertions, 4 deletions
diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
index 1a74de21..7ec622bf 100644
--- a/cloudinit/sources/DataSourceAzure.py
+++ b/cloudinit/sources/DataSourceAzure.py
@@ -17,6 +17,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import base64
+import crypt
import os
import os.path
import time
@@ -424,7 +425,7 @@ def read_azure_ovf(contents):
if username:
defuser['name'] = username
if password:
- defuser['password'] = password
+ defuser['passwd'] = encrypt_pass(password)
defuser['lock_passwd'] = False
if defuser:
@@ -436,6 +437,10 @@ def read_azure_ovf(contents):
return (md, ud, cfg)
+def encrypt_pass(password, salt_id="$6$"):
+ return crypt.crypt(password, salt_id + util.rand_str(strlen=16))
+
+
def list_possible_azure_ds_devs():
# return a sorted list of devices that might have a azure datasource
devlist = []
diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py
index 06f8a5d2..1ca6a79d 100644
--- a/tests/unittests/test_datasource/test_azure.py
+++ b/tests/unittests/test_datasource/test_azure.py
@@ -2,6 +2,7 @@ from cloudinit import helpers
from cloudinit.sources import DataSourceAzure
from tests.unittests.helpers import populate_dir
+import crypt
import base64
from mocker import MockerTestCase
import os
@@ -207,11 +208,15 @@ class TestAzureDataSource(MockerTestCase):
self.assertTrue('default_user' in dsrc.cfg['system_info'])
defuser = dsrc.cfg['system_info']['default_user']
- # default user shoudl be updated for password and username
- # and should not be locked.
+ # default user should be updated username and should not be locked.
self.assertEqual(defuser['name'], odata['UserName'])
- self.assertEqual(defuser['password'], odata['UserPassword'])
self.assertFalse(defuser['lock_passwd'])
+ # passwd is crypt formated string $id$salt$encrypted
+ # encrypting plaintext with salt value of everything up to final '$'
+ # should equal that after the '$'
+ pos = defuser['passwd'].rfind("$") + 1
+ self.assertEqual(defuser['passwd'],
+ crypt.crypt(odata['UserPassword'], defuser['passwd'][0:pos]))
def test_userdata_found(self):
mydata = "FOOBAR"
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 22:15:18 +0000