how to set password for user at run time in chef

Question

How to set password for user creation in chef , at run time . instead of the encrypting mechanism using openssl and setting it in user resource in chef.

instead of the following method:

openssl passwd -1 "theplaintextpassword"
$1$JJsvHslV$szsCjVEroftprNn4JHtDi.

then setting it in user resource

user "random" do  
  supports :manage_home => true  
  comment "Random User"  
  uid 1234  
  gid "users"  
  home "/home/random"  
  shell "/bin/bash"  
  password "$1$JJsvHslV$szsCjVEroftprNn4JHtDi."  
end

Is there any alternative ..??

Answer 1

You could try generating the password ciphertext using Ruby in your cookbook:

require 'digest/sha2'

password = "pass@123"
salt = rand(36**8).to_s(36)
shadow_hash = password.crypt("$6$" + salt)

After running this, shadow_hash contains the following string: $6$vf1ehwzs$VAxaPBAeXjvEMboee.xbJgMOXlCrJ.eJDPkqP.16fGyAqjq1IDkh0OpEXFRo1W04G7tl02YMQz7dKmGKLVaRd/

You can then use it in the user resource:

user "random" do  
  supports :manage_home => true  
  comment "Random User"  
  uid 1234  
  gid "users"  
  home "/home/random"  
  shell "/bin/bash"  
  password shadow_hash
end

From http://judepereira.com/blog/use-ruby-to-generate-your-shadow-password/

Answer 2

I haven't come across exactly what you are looking for yet, but the openssl cookbook comes pretty close. With some tinkering you should be able to alter the method to accept string input then leveraging the unix-crypt library encrypt that string, or even just follow the pattern used in cookbook to make your own resource.

https://github.com/opscode-cookbooks/openssl

https://github.com/mogest/unix-crypt