User's password is not changed via puppet

[syehorov]

• Module version: 6.4.0
• Puppet version: 5.5.16
• OS and version: CentOS 7.7.1908

Bug description

Define user in manifest: elasticsearch::user { $username: password => $password, roles => [ 'superuser' ] } User created, role granted. Change value of $pasword. Expected result: password updated for user. Actual result: Nothing changed, password left same, as from creation time.

Manually set password using CLI: /usr/share/elasticsearch/bin/elasticsearch-users passwd username Ensured new password is working and value in puppet catalog is correct, started puppet agent. Expected result: password not changed, user may authenticate with it. Actual result: old password restored, user cannot authenticate with new password but everything ok with old one.

[syehorov]

Have found a reason of this. In elasticsearch/manifests/user.pp: elasticsearch_user { $name: ensure => $ensure, configdir => $elasticsearch::configdir, password => $password, } But in /elasticsearch/manifests/instance.pp: Stdlib::Absolutepath $configdir = "${elasticsearch::configdir}/${name}", So, file is updated in $elasticsearch::configdir, but it is not applied to server, as it looks for files placed in ${elasticsearch::configdir}/${name} and these files are not updated when password changes

[frantz45]

In instance.pp file[$configdir] there is source => $elasticsearch::configdir. So the users file should be copied from /etc/elasticsearch/users to /etc/elasticsearch/instance_name/users. Or am I wrong ?