pw_hash used in exported ressource return a base64 entry

[kapouik]

Describe the Bug

We use pw_hash to generate password for user creation. When we use it directly in puppet, the user is created with a correct password. We have create an exported ressource user and when we retrieve it, we get a base64 as password on the system.

Expected Behavior

When using pw_hash in an exported ressource, we must retrieve a correct hash and not a base64 entry from the puppetdb.

Steps to Reproduce

Steps to reproduce the behavior: Use this code: @@user { $newuser: ensure => present, home => "/home/${newuser}", managehome => true, password => pw_hash('password', 'SHA-512', 'salt'), tag => 'mytag', } And get the result with: User <<| tag == 'mytag' |>>

And then look your /etc/shadow

Environment

• Version 8.5
• Platform Centos 7

Additional Context

I found that there is a problem if an exported ressource is encoded in 8bit ASCII: https://github.com/voxpupuli/hiera-eyaml/issues/273

pw_hash use crypt and on the FAQ of this function (http://crypt.finalstep.com.au/faq.html):

_Does this work for unicode?

Yes it does, but you have to take care of setting the desired encoding. When you provide a unicode string, it is automatically converted into 8-bit ascii for purposes of encryption (we need to deal with bytes). But when you decrypt, you will get an 8-bit ascii string and if you want unicode, you will need to force the encoding like this:

decrypted = decrypted.force_encoding("UTF-8")_

It may be a simple encoding problem.