microsoft
[FEATURE] macos_user should be able to update passwords and be more atomic
Describe the feature
macos_user should be able to update passwords and be more atomic
Describe the reasoning behind the feature
The macos_user resource is currently inconsistent about what it does with the password parameter. For a brand new user, invoking the :create action will cause a new user to be created with whatever password you specify. Everything is initialized in a consistent manner.
- This makes a user that logs in with the password you specified.
- The user's keychain uses a password you specified.
- Autologin uses the password you specified.
But if you invoke the :create action for an existing user but specify a new password, only the autologin password is updated. Resulting in a machine that won't autologin since the passwords are out of sync.
This results in the awkward situation that I need to use just one resource to create a brand new user that is completely configured with a particular password, but I have to write my own resources in order to update that user's password after the fact, a different resource to update the keychain's password (or accept that it will have to start over from scratch), and still call the macos_user to get the autologin password updated.
This is partially a dupe of a different feature request, which also wanted the ability to rotate credentials: #198