Per-user password expiration parameter

The following parameters defined in /etc/login.defs can
be overridden per-user:

* PASS_MAX_DAYS
* PASS_MIN_DAYS
* PASS_WARN_DAYS
* INACTIVE

Related-Prod: PROD-18386

Change-Id: I5b182128f9dd8a043b48fb86e61febb2fd5c7e0a

README.rst

@@ -70,6 +70,30 @@ Linux with system users, some with password set:
             home: '/home/elizabeth'
             password: "$6$nUI7QEz3$dFYjzQqK5cJ6HQ38KqG4gTWA9eJu3aKx6TRVDFh6BVJxJgFWg2akfAA7f1fCxcSUeOJ2arCO6EEI6XXnHXxG10"
 
+Configure password expiration parameters
+----------------------------------------
+The following login.defs parameters can be overridden per-user:
+
+* PASS_MAX_DAYS
+* PASS_MIN_DAYS
+* PASS_WARN_DAYS
+* INACTIVE
+
+.. code-block:: yaml
+
+    linux:
+      system:
+        ...
+        user:
+          jdoe:
+            name: 'jdoe'
+            enabled: true
+            ...
+            maxdays: <PASS_MAX_DAYS>
+            mindays: <PASS_MIN_DAYS>
+            warndays: <PASS_WARN_DAYS>
+            inactdays: <INACTIVE>
+
 Configure sudo for users and groups under ``/etc/sudoers.d/``.
 This ways ``linux.system.sudo`` pillar map to actual sudo attributes:
 

linux/system/user.sls

@@ -50,6 +50,18 @@ system_user_{{ name }}:
   {%- if user.uid is defined and user.uid %}
   - uid: {{ user.uid }}
   {%- endif %}
+  {%- if user.maxdays is defined %}
+  - maxdays: {{ user.maxdays }}
+  {%- endif %}
+  {%- if user.mindays is defined %}
+  - mindays: {{ user.mindays }}
+  {%- endif %}
+  {%- if user.warndays is defined %}
+  - warndays: {{ user.warndays }}
+  {%- endif %}
+  {%- if user.inactdays is defined %}
+  - inactdays: {{ user.inactdays }}
+  {%- endif %}
   - require: {{ requires|yaml }}
 
 system_user_home_{{ user.home }}:

tests/pillar/system.sls

@@ -128,6 +128,7 @@ linux:
         enabled: true
         home: /root
         name: root
+        maxdays: 365
       testuser:
         enabled: true
         name: testuser