Update htpasswd if changed only - SaltStack

SaltStack has a lot of states and modules, an each one has different options, but some times the state/module doesn't support a certain function, so you have to use another state or general function (or as they're named "Global State Arguments").

Some of these general functions are "unless" and "onlyif", and I will quote these from SaltStack documentation.

The onlyif requisite specifies that if each command listed in onlyif returns True, then the state is run. If any of the specified commands return False, the state will not run.

The unless requisite specifies that a state should only run when any of the specified commands return False. The unless requisite operates as NAND and is useful in giving more granular control over when a state should execute.

In webutil.user_exists state, it's used to add "htpasswd" user into a file. By default, it just make sure the user is in the file. Also it has an option to "force" adding a htpasswd user even it exists in the file.

So, what is the problem here? The problem simply, what if I need to make sure the user exists and the password is working in the same time? Till latest stable version of SaltStack 2016.11.3, it doesn't have this option (but I can see update arg in develop branch).

As DevOps, I need to see the actual change only (so "Force" is not best option here), and I need to make sure the password actually updated.

By using htpasswd command (which is required for this state anyway) with unless argument, we have a workaround to mimic the new update parameter, which is not released yet.

add_htpasswd_user_{{ username }}:
    - name: {{ username }}
    - password: '{{ password }}'
    - htpasswd_file: {{ htpasswd_file }}
    - force: True
    - unless: 'htpasswd -b -v {{ htpasswd_file }} "{{ username }}" "{{ password }}"'

Since htpasswd command can verify the password, so we can run "force" update file in case the password in file doesn't match the actual password.

That's it :-)

Powered by Blogger.

Hello, my name is Ahmed AbouZaid, I'm a passionate Tech Lead DevOps Engineer. 👋

With 16+ years of open-source contributions, 12+ years of professional hands-on experience in DevOps, and an M.Sc. in Data Engineering from Edinburgh Napier University (UK), I enjoy facilitating the growth of both businesses and individuals.

I specialize in Cloud-Native and Kubernetes. I'm also a Free/Open source geek and book author. My favorite topics are DevOps transformation, automation, data, and metrics.

Contact Me


Email *

Message *

Start Your DevOps Engineer Journey!

Start Your DevOps Engineer Journey!
Start your DevOps career for free the Agile way in 2024 with the Dynamic DevOps Roadmap ⭐

Latest Post

2023 Highlights

Image generated with Craiyon . Finally, 2023 is over! What a year! One more crazy year, but it was the culmination ...

Popular Posts

Blog Archive