Htpasswd is not updated when properties change

Question

Htpasswd is not updated when properties change

erulabs opened this issue 10 years ago · 5 comments

Due to the not_if located here:

https://github.com/rackspace-cookbooks/elkstack/blob/master/recipes/kibana_ssl.rb#L36

The file must be removed for passwords to be updated to match new attributes. There shouldn't be any need for the not_if, as htpasswd takes a fraction of a second and can be safely run every time.

Answer 1 · 2015-02-03T10:11:24.000Z

The resource only came with "add" or "overwrite" actions, and add was appending the same 'kibana' user multiple times. We wanted to avoid using the overwrite action because we didn't want to re-write any additional htaccess entries that were added by customers. So our only option was to stop touching the file when it had been created.

Answer 2 · 2015-02-03T10:15:40.000Z

I'm honestly not sure which is better. The htpasswd stuff was written with the idea in mind that it was strictly so we didn't leave any wide open services on an initial build, but that we wouldn't provide much customization, expecting customers to use something more secure than htpassword files (the first few we worked with had LDAP or other system users they wanted to use instead).

Answer 3 · 2015-03-06T16:22:16.000Z

Please let me know if you have further feedback.

Answer 4 · 2015-03-06T20:46:08.000Z

Customers should not be manually updating Chef managed files.

It should be overwritten on every chef run, preferably with a comment in the file mentioning it's being managed by chef.

Answer 5 · 2015-03-06T20:56:24.000Z

@erulabs that is a great point. PR submitted to always overwrite the file.