osutil: change escaping for create-user's sudoers

Also test it.

osutil/user.go

@@ -60,7 +60,8 @@ func AddExtraSudoUser(name string, sshKeys []string, gecos string) error {
 		return fmt.Errorf("adduser failed with %s: %s", err, output)
 	}
 
-	sudoersFile := filepath.Join(sudoersDotD, "create-user-"+strings.Replace(name, ".", ",", -1))
+	// Must escape "." as files containing it are ignored in sudoers.d.
+	sudoersFile := filepath.Join(sudoersDotD, "create-user-"+strings.Replace(name, ".", "%2E", -1))
 	if err := AtomicWriteFile(sudoersFile, []byte(fmt.Sprintf(sudoersTemplate, name)), 0400, 0); err != nil {
 		return fmt.Errorf("cannot create file under sudoers.d: %s", err)
 	}

osutil/user_test.go

@@ -57,11 +57,11 @@ func (s *createUserSuite) TestAddExtraSudoUser(c *check.C) {
 	mockAddUser := testutil.MockCommand(c, "adduser", "true")
 	defer mockAddUser.Restore()
 
-	err := osutil.AddExtraSudoUser("karl", []string{"ssh-key1", "ssh-key2"}, "my gecos")
+	err := osutil.AddExtraSudoUser("karl.sagan", []string{"ssh-key1", "ssh-key2"}, "my gecos")
 	c.Assert(err, check.IsNil)
 
 	c.Check(mockAddUser.Calls(), check.DeepEquals, [][]string{
-		{"adduser", "--force-badname", "--gecos", "my gecos", "--extrausers", "--disabled-password", "karl"},
+		{"adduser", "--force-badname", "--gecos", "my gecos", "--extrausers", "--disabled-password", "karl.sagan"},
 	})
 
 	sshKeys, err := ioutil.ReadFile(filepath.Join(mockHome, ".ssh", "authorized_keys"))
@@ -70,13 +70,14 @@ func (s *createUserSuite) TestAddExtraSudoUser(c *check.C) {
 
 	fs, _ := filepath.Glob(filepath.Join(mockSudoers, "*"))
 	c.Assert(fs, check.HasLen, 1)
+	c.Assert(filepath.Base(fs[0]), check.Equals, "create-user-karl%2Esagan")
 	bs, err := ioutil.ReadFile(fs[0])
 	c.Assert(err, check.IsNil)
 	c.Check(string(bs), check.Equals, `
 # Created by snap create-user
 
-# User rules for karl
-karl ALL=(ALL) NOPASSWD:ALL
+# User rules for karl.sagan
+karl.sagan ALL=(ALL) NOPASSWD:ALL
 `)
 }