func()

in lib/ec2macosinit/usermanagement.go [103:159]

• 39 lines of code
• 10 McCabe index (conditional complexity)

func (c *UserManagementModule) randomizePassword() (message string, err error) {
	// This detection of the user probably needs to move into the Do() function when there is more to do, but since this
	// is the first place the c.User is used, its handled here
	// If user is undefined, default to ec2-user
	if c.User == "" {
		c.User = "ec2-user"
	}

	// Verify that user exists
	exists, err := userExists(c.User)
	if err != nil {
		return "", fmt.Errorf("ec2macosinit: error while checking if user %s exists: %s\n", c.User, err)
	}
	if !exists { // if the user doesn't exist, error out
		return "", fmt.Errorf("ec2macosinit: user %s does not exist\n", c.User)
	}

	// Check for Secure Token, if its already set then attempting to change the password will fail
	secureTokenSet, err := c.isSecureTokenSet()
	if err != nil {
		return "", fmt.Errorf("ec2macosinit: unable to confirm Secure Token is DISABLED: %s", err)
	}

	// Only proceed if user doesn't have Secure Token enabled
	if secureTokenSet {
		return "", fmt.Errorf("ec2macosinit: unable to change password, Secure Token Set for %s", c.User)
	}

	// Change Secure Token behavior if needed
	err = c.disableSecureTokenCreation()
	if err != nil {
		return "", fmt.Errorf("ec2macosinit: unable to disable Secure Token generation: %s", err)
	}
	defer func() {
		// Set Secure Token behavior back if needed
		deferErr := c.enableSecureTokenCreation()
		if deferErr != nil {
			// Catch a failure and change status returns to represent an error condition
			message = "" // Overwrite new message to indicate error
			err = fmt.Errorf("ec2macosinit: unable to enable Secure Token generation: %s %s", deferErr, err)
		}
	}()

	// Generate random password
	password, err := generateSecurePassword(PasswordLength)
	if err != nil {
		return "", fmt.Errorf("ec2macosinit: unable to generate secure password: %s", err)
	}

	// Change the password
	err = c.changePassword(password)
	if err != nil {
		return "", fmt.Errorf("ec2macosinit: unable to set secure password: %s", err)
	}

	return fmt.Sprintf("successfully set secure password for %s", c.User), nil
}