Update htpasswd if changed only - SaltStack

SaltStack has a lot of states and modules, an each one has different options, but some times the state/module doesn't support a certain function, so you have to use another state or general function (or as they're named "Global State Arguments").

Some of these general functions are "unless" and "onlyif", and I will quote these from SaltStack documentation.

The onlyif requisite specifies that if each command listed in onlyif returns True, then the state is run. If any of the specified commands return False, the state will not run.

The unless requisite specifies that a state should only run when any of the specified commands return False. The unless requisite operates as NAND and is useful in giving more granular control over when a state should execute.

In webutil.user_exists state, it's used to add "htpasswd" user into a file. By default, it just make sure the user is in the file. Also it has an option to "force" adding a htpasswd user even it exists in the file.

So, what is the problem here? The problem simply, what if I need to make sure the user exists and the password is working in the same time? Till latest stable version of SaltStack 2016.11.3, it doesn't have this option (but I can see update arg in develop branch).

As DevOps, I need to see the actual change only (so "Force" is not best option here), and I need to make sure the password actually updated.

By using htpasswd command (which is required for this state anyway) with unless argument, we have a workaround to mimic the new update parameter, which is not released yet.

add_htpasswd_user_{{ username }}:
    - name: {{ username }}
    - password: '{{ password }}'
    - htpasswd_file: {{ htpasswd_file }}
    - force: True
    - unless: 'htpasswd -b -v {{ htpasswd_file }} "{{ username }}" "{{ password }}"'

Since htpasswd command can verify the password, so we can run "force" update file in case the password in file doesn't match the actual password.

That's it :-)

Powered by Blogger.

Hello, my name is Ahmed AbouZaid and this is my "lite" technical blog!

I'm a passionate DevOps engineer, Cloud/Kubernetes specialist, Free/Open source geek, and an author.

I believe in self CI/CD (Continuous Improvements/Development), also that "the whole is greater than the sum of its parts".

DevOps transformation, automation, data, and metrics are my preferred areas. And I like to help both businesses and people to grow.

Contact Me


Email *

Message *

Latest Post

DevOps is not only a culture - Discussion Panel

Today is my second session JobStack 2023 after my previous one yesterday titled " Platform Engineering: Manage your infrastructure u...

Popular Posts

Blog Archive