Add username context to kolide_pwpolicy #650
Conversation
There was a problem hiding this comment.
Pretty close :)
I think there are 2 paths we could take.
First, we could patch dataflattentable.TablePluginExec to handle the specialness this needs. (optional command line parameter, remove the first line of output). This is my general bias, as it seems useful later. However, these are also slower to get right.
Second, this could be updated to follow the more recent ioreg nested forloops. I think that's my current preferred pattern for these.
Happy to work with you either way. Though the first path still feels better
I thought about how to implement the first path -- expanding the generalized exec. I think it's pretty ugly. So I would recommend that we ditch that idea (sorry) and instead make this look more like ioreg. |
This work is now complete. Can you take another look? |
Co-authored-by: seph <seph@kolide.co>
directionless
changed the title
This PR adds the
usernamecontext to thekolide_pwpolicy_tableso that users of launcher can obtain the password policy for a specified username. If no username is specified the table behaves as it did beforeThis also fixes an issue where the first line of output from the
usr/bin/pwpolicybinary is not valid XML and can occasionally cause the dataflatten library to fail to parse the plist (esp if that first line contains angle brackets)