Description
Describe the Bug
We use pw_hash to generate password for user creation. When we use it directly in puppet, the user is created with a correct password.
We have create an exported ressource user and when we retrieve it, we get a base64 as password on the system.
Expected Behavior
When using pw_hash in an exported ressource, we must retrieve a correct hash and not a base64 entry from the puppetdb.
Steps to Reproduce
Steps to reproduce the behavior:
Use this code:
@@user { $newuser: ensure => present, home => "/home/${newuser}", managehome => true, password => pw_hash('password', 'SHA-512', 'salt'), tag => 'mytag', }
And get the result with:
User <<| tag == 'mytag' |>>
And then look your /etc/shadow
Environment
- Version 8.5
- Platform Centos 7
Additional Context
I found that there is a problem if an exported ressource is encoded in 8bit ASCII: voxpupuli/hiera-eyaml#273
pw_hash use crypt and on the FAQ of this function (http://crypt.finalstep.com.au/faq.html):
_Does this work for unicode?
Yes it does, but you have to take care of setting the desired encoding. When you provide a unicode string, it is automatically converted into 8-bit ascii for purposes of encryption (we need to deal with bytes). But when you decrypt, you will get an 8-bit ascii string and if you want unicode, you will need to force the encoding like this:
decrypted = decrypted.force_encoding("UTF-8")_
It may be a simple encoding problem.