Minimal fix for #4975 -- only call chage when managing password age rules

This is intended to be a minimal fix, with tests, to prevent chage from running
unless needed.

Author: MarkusQ

lib/puppet/provider/nameservice.rb

@@ -165,7 +165,9 @@ def create
 
     begin
       execute(self.addcmd)
-      execute(self.passcmd) if self.feature? :manages_password_age
+      if feature?(:manages_password_age) && (cmd = passcmd)
+        execute(cmd)
+      end
     rescue Puppet::ExecutionFailure => detail
       raise Puppet::Error, "Could not create #{@resource.class.name} #{@resource.name}: #{detail}"
     end

lib/puppet/provider/user/user_role_add.rb

@@ -81,7 +81,9 @@ def create
       run(transition("normal"), "transition role to")
     else
       run(addcmd, "create")
-      run(passcmd, "change password policy for")
+      if cmd = passcmd
+        run(cmd, "change password policy for")
+      end
     end
     # added to handle case when password is specified
     self.password = @resource[:password] if @resource[:password]

lib/puppet/provider/user/useradd.rb

@@ -70,13 +70,12 @@ def addcmd
   end
 
   def passcmd
-    cmd = [command(:password)]
-    [:password_min_age, :password_max_age].each do |property|
-      if value = @resource.should(property)
-        cmd << flag(property) << value
-      end
+    age_limits = [:password_min_age, :password_max_age].select { |property| @resource.should(property) }
+    if age_limits.empty?
+      nil
+    else
+      [command(:password),age_limits.collect { |property| [flag(property), @resource.should(property)]}, @resource[:name]].flatten
     end
-    cmd << @resource[:name]
   end
 
   def min_age

spec/unit/provider/user/useradd_spec.rb

@@ -131,4 +131,46 @@
       @provider.addcmd.must == ["useradd", "-G", "somegroup", "-o", "-m", "someuser"]
     end
   end
+
+  describe "when calling passcmd" do
+    before do
+      @resource.stubs(:allowdupe?).returns true
+      @resource.stubs(:managehome?).returns true
+    end
+
+    it "should call command with :pass" do
+      @provider.expects(:command).with(:password)
+      @provider.passcmd
+    end
+
+    it "should return nil if neither min nor max is set" do
+      @resource.stubs(:should).with(:password_min_age).returns nil
+      @resource.stubs(:should).with(:password_max_age).returns nil
+      @provider.passcmd.must == nil
+    end
+
+    it "should return a chage command array with -m <value> and the user name if password_min_age is set" do
+      @provider.stubs(:command).with(:password).returns("chage")
+      @resource.stubs(:[]).with(:name).returns("someuser")
+      @resource.stubs(:should).with(:password_min_age).returns 123
+      @resource.stubs(:should).with(:password_max_age).returns nil
+      @provider.passcmd.must == ['chage','-m',123,'someuser']
+    end
+
+    it "should return a chage command array with -M <value> if password_max_age is set" do
+      @provider.stubs(:command).with(:password).returns("chage")
+      @resource.stubs(:[]).with(:name).returns("someuser")
+      @resource.stubs(:should).with(:password_min_age).returns nil
+      @resource.stubs(:should).with(:password_max_age).returns 999
+      @provider.passcmd.must == ['chage','-M',999,'someuser']
+    end
+
+    it "should return a chage command array with -M <value> -m <value> if both password_min_age and password_max_age are set" do
+      @provider.stubs(:command).with(:password).returns("chage")
+      @resource.stubs(:[]).with(:name).returns("someuser")
+      @resource.stubs(:should).with(:password_min_age).returns 123
+      @resource.stubs(:should).with(:password_max_age).returns 999
+      @provider.passcmd.must == ['chage','-m',123,'-M',999,'someuser']
+    end
+  end
 end