Admin user pass keeps changing each puppet run

Question

Admin user pass keeps changing each puppet run

Joris29 opened this issue 2 years ago · comments

Joris Van Acoleyen commented 2 years ago

when using:

nexus3_admin_password { 'admin_password':
    admin_password_file => "${_workdir}/admin.password",
    password            => $admin_password.unwrap,
}

nexus3_user { 'admin':
    firstname => 'Administrator',
    lastname  => 'User',
    password  => $admin_password.unwrap,
    email     => 'admin@example.be',
    roles     => ['nx-admin'],
    status    => 'active',
}

my password keeps getting changed every run:
Notice: /Stage[main]/Profile::Nexus/Nexus3_user[admin]/password: password changed to 'very_secure'

Wandenberg Peixoto · Answer 1 · Tue Aug 02 2022 22:07:14 GMT+0800 (China Standard Time)

As far as I know, there is no way to retrieve a user password. It would be a security failure on Nexus if they allow reverting the encryption or saving plain text.
So, when the user data is retrieved from the server it came without a password, and once compared with the data defined on your puppet manifest, it assumes the password needs to be changed.
I will check if it is possible to avoid this log, but for now, just remove the password key from nexus3_user definition.
Use it only to create new users where you need to define a password, and then remove it from the manifest.

Joris Van Acoleyen · Answer 2 · Tue Aug 02 2022 22:23:31 GMT+0800 (China Standard Time)

When i try that i get an error that the password is mandatory:

Error: /Stage[main]/Profile::Nexus/Nexus3_user[admin]: Could not evaluate: The following mandatory attributes were not provided:
* password