From 0faaee62a41766c6955af1606528d0b293e76f50 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Wed, 31 Jul 2024 22:18:28 +0200
Subject: [PATCH] Implement lock_passwd=false for user

---
 lib/tiny-cloud/user-data/alpine-config | 10 +++++++++-
 tests/tiny-cloud-alpine.test           | 18 ++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/lib/tiny-cloud/user-data/alpine-config b/lib/tiny-cloud/user-data/alpine-config
index 7e6e584..f4c0736 100644
--- a/lib/tiny-cloud/user-data/alpine-config
+++ b/lib/tiny-cloud/user-data/alpine-config
@@ -269,8 +269,8 @@ in_list() {
 
 init__userdata_users() {
 	local users="$(get_userdata users)"
-	local name gecos homedir shell
 	for i in $users; do
+		local name gecos homedir shell lock_passwd=true
 		local keys="$(get_userdata users/$i)"
 		if [ "$i" = 1 ] && [ "$keys" = "default" ]; then
 			continue
@@ -295,6 +295,14 @@ init__userdata_users() {
 			$MOCK adduser -D ${gecos:+-g "$gecos"} ${homedir:+-h "$homedir"} ${shell:+-s "$shell"} "$name"
 		fi
 
+		if in_list lock_passwd $keys; then
+			lock_passwd="$(get_userdata users/$i/lock_passwd)"
+		fi
+
+		if [ "$lock_passwd" != "false" ]; then
+			echo "$name:*" | $MOCK chpasswd -e
+		fi
+
 		if in_list ssh_authorized_keys $keys; then
 			set_ssh_authorized_keys_for "$name" users/$i/ssh_authorized_keys
 		fi
diff --git a/tests/tiny-cloud-alpine.test b/tests/tiny-cloud-alpine.test
index abf200c..26b3ee7 100755
--- a/tests/tiny-cloud-alpine.test
+++ b/tests/tiny-cloud-alpine.test
@@ -22,6 +22,7 @@ init_tests \
 	userdata_users_gecos \
 	userdata_users_homedir \
 	userdata_users_shell \
+	userdata_users_lock_passwd \
 	userdata_users_ssh_authorized_keys \
 	userdata_ssh_authorized_keys \
 	userdata_groups \
@@ -180,6 +181,7 @@ userdata_users_default_name_only_body() {
 	atf_check \
 		-e match:"userdata_users: done" \
 		-o match:"adduser.*foo" \
+		-o match:"chpasswd -e" \
 		tiny-cloud main
 }
 
@@ -245,6 +247,22 @@ userdata_users_shell_body() {
 		tiny-cloud main
 }
 
+userdata_users_lock_passwd_body() {
+	# first specified user will replace default user
+	fake_userdata_nocloud <<-EOF
+		#alpine-config
+		users:
+		  - none
+		  - name: foo
+		    lock_passwd: false
+	EOF
+	atf_check -e ignore -o ignore tiny-cloud early
+	atf_check \
+		-e match:"userdata_users: done" \
+		-o not-match:"chpasswd -e" \
+		tiny-cloud main
+}
+
 userdata_users_ssh_authorized_keys_body() {
 	fake_bin getent <<-EOF
 		#!/bin/sh