fixup! feat: Add user configuration for all providers

Address review comments

Author: dlipovetsky

api/v1alpha1/clusterconfig_types.go

@@ -365,9 +365,10 @@ type User struct {
 	// Name specifies the user name
 	Name string `json:"name"`
 
-	// Passwd specifies a hashed password for the user
+	// HashedPassword specifies a hashed password for the user.
+	// An empty string is not marshalled, because it is not a valid value.
 	// +optional
-	Passwd *string `json:"passwd,omitempty"`
+	HashedPassword string `json:"hashedPassword,omitempty"`
 
 	// SSHAuthorizedKeys specifies a list of ssh authorized keys for the user
 	// +optional
@@ -387,7 +388,7 @@ func (User) VariableSchema() clusterv1.VariableSchema {
 					Description: "The username",
 					Type:        "string",
 				},
-				"passwd": {
+				"hashedPassword": {
 					Description: "The hashed password for the user",
 					Type:        "string",
 				},

api/v1alpha1/zz_generated.deepcopy.go

@@ -1,5 +1,4 @@
 // Copyright 2023 D2iQ, Inc. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-// +kubebuilder:rbac:groups=cluster.x-k8s.io,resources=clusters,verbs=watch;list;get
 package users

pkg/handlers/generic/mutation/users/doc.go

@@ -119,23 +119,23 @@ func (h *usersPatchHandler) Mutate(
 func generateBootstrapUser(userFromVariable v1alpha1.User) bootstrapv1.User {
 	bootstrapUser := bootstrapv1.User{
 		Name:              userFromVariable.Name,
-		Passwd:            userFromVariable.Passwd,
+		Passwd:            ptr.To(userFromVariable.HashedPassword),
 		SSHAuthorizedKeys: userFromVariable.SSHAuthorizedKeys,
 		Sudo:              userFromVariable.Sudo,
 	}
 
 	// LockPassword is not part of our API, because we can derive its value
 	// for the use cases our API supports.
 	//
-	// We do not support the edge cases where a password is defined, but
-	// password authentication is disabled, or where no password is defined, but
-	// password authentication is enabled.
+	// We do not support these edge cases:
+	// (a) Hashed password is defined, password authentication is not enabled.
+	// (b) Hashed password is not defined, password authentication is enabled.
 	//
 	// We disable password authentication by default.
-	bootstrapUser.LockPassword = ptr.To[bool](true)
-	if userFromVariable.Passwd != nil {
-		// We enable password authentication only if a password is defined.
-		bootstrapUser.LockPassword = ptr.To[bool](true)
+	bootstrapUser.LockPassword = ptr.To(true)
+	if userFromVariable.HashedPassword != "" {
+		// We enable password authentication only if a hashed password is defined.
+		bootstrapUser.LockPassword = ptr.To(true)
 	}
 
 	return bootstrapUser

pkg/handlers/generic/mutation/users/inject.go

@@ -19,13 +19,13 @@ import (
 
 var (
 	testUser1 = v1alpha1.User{
-		Name:   "complete",
-		Passwd: ptr.To[string]("password"),
+		Name:           "complete",
+		HashedPassword: "password",
 		SSHAuthorizedKeys: []string{
 			"key1",
 			"key2",
 		},
-		Sudo: ptr.To[string]("ALL=(ALL) NOPASSWD:ALL"),
+		Sudo: ptr.To("ALL=(ALL) NOPASSWD:ALL"),
 	}
 	testUser2 = v1alpha1.User{
 		Name: "onlyname",

pkg/handlers/generic/mutation/users/tests/generate_patches.go

@@ -26,13 +26,13 @@ func TestVariableValidation(t *testing.T) {
 			Vals: v1alpha1.GenericClusterConfig{
 				Users: []v1alpha1.User{
 					{
-						Name:   "complete",
-						Passwd: ptr.To[string]("password"),
+						Name:           "complete",
+						HashedPassword: "password",
 						SSHAuthorizedKeys: []string{
 							"key1",
 							"key2",
 						},
-						Sudo: ptr.To[string]("ALL=(ALL) NOPASSWD:ALL"),
+						Sudo: ptr.To("ALL=(ALL) NOPASSWD:ALL"),
 					},
 					{
 						Name: "onlyname",