From c22b2f6b07d854fe69f1038c0561373630455743 Mon Sep 17 00:00:00 2001
From: Ksenija Stanojevic <ksenija.stanojevic@gmail.com>
Date: Thu, 30 Jan 2025 14:18:42 -0800
Subject: [PATCH 1/4] add imds disable password

---
 cloudinit/sources/DataSourceAzure.py  | 5 ++---
 tests/unittests/sources/test_azure.py | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
index cadbfe836a8..4310b5b8b93 100644
--- a/cloudinit/sources/DataSourceAzure.py
+++ b/cloudinit/sources/DataSourceAzure.py
@@ -763,9 +763,8 @@ def crawl_metadata(self):
                 "Disable password retrieved from IMDS: %s",
                 imds_disable_password,
             )
-            crawled_data["metadata"][
-                "disable_password"
-            ] = imds_disable_password
+
+            crawled_data["cfg"]["ssh_pwauth"] = not imds_disable_password
 
         if self.seed == "IMDS" and not crawled_data["files"]:
             try:
diff --git a/tests/unittests/sources/test_azure.py b/tests/unittests/sources/test_azure.py
index fa82e41dafa..f3a8f1a8ac1 100644
--- a/tests/unittests/sources/test_azure.py
+++ b/tests/unittests/sources/test_azure.py
@@ -2289,7 +2289,7 @@ def test_disable_password_from_imds(self):
         self.m_fetch.return_value = imds_data_with_os_profile
         dsrc = self._get_ds(data)
         dsrc.get_data()
-        self.assertTrue(dsrc.metadata["disable_password"])
+        self.assertFalse(dsrc.cfg["ssh_pwauth"])
 
     def test_userdata_from_imds(self):
         sys_cfg = {"datasource": {"Azure": {"apply_network_config": True}}}

From 9a4c7d50bf714fce6fb36c7f81cc0c0a50ff3624 Mon Sep 17 00:00:00 2001
From: Ksenija Stanojevic <ksenija.stanojevic@gmail.com>
Date: Mon, 3 Feb 2025 11:58:02 -0800
Subject: [PATCH 2/4] parametrize test case

---
 cloudinit/sources/DataSourceAzure.py  | 3 ++-
 tests/unittests/sources/test_azure.py | 5 ++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
index 4310b5b8b93..4e8c8035cd7 100644
--- a/cloudinit/sources/DataSourceAzure.py
+++ b/cloudinit/sources/DataSourceAzure.py
@@ -763,8 +763,9 @@ def crawl_metadata(self):
                 "Disable password retrieved from IMDS: %s",
                 imds_disable_password,
             )
-
             crawled_data["cfg"]["ssh_pwauth"] = not imds_disable_password
+        else:
+            crawled_data["cfg"]["ssh_pwauth"] = True
 
         if self.seed == "IMDS" and not crawled_data["files"]:
             try:
diff --git a/tests/unittests/sources/test_azure.py b/tests/unittests/sources/test_azure.py
index f3a8f1a8ac1..a2f8da37118 100644
--- a/tests/unittests/sources/test_azure.py
+++ b/tests/unittests/sources/test_azure.py
@@ -2274,6 +2274,9 @@ def test_username_from_imds(self):
             dsrc.cfg["system_info"]["default_user"]["name"], "username1"
         )
 
+    @pytest.mark.parametrize(
+        "disablePasswordAuthentication", ["false", "true"]
+    )
     def test_disable_password_from_imds(self):
         sys_cfg = {"datasource": {"Azure": {"apply_network_config": True}}}
         data = {
@@ -2289,7 +2292,7 @@ def test_disable_password_from_imds(self):
         self.m_fetch.return_value = imds_data_with_os_profile
         dsrc = self._get_ds(data)
         dsrc.get_data()
-        self.assertFalse(dsrc.cfg["ssh_pwauth"])
+        self.assertTrue(dsrc.cfg["ssh_pwauth"])
 
     def test_userdata_from_imds(self):
         sys_cfg = {"datasource": {"Azure": {"apply_network_config": True}}}

From d67321e516558ae47e737725b9c8f3aec1b39627 Mon Sep 17 00:00:00 2001
From: Ksenija Stanojevic <ksenija.stanojevic@gmail.com>
Date: Tue, 4 Feb 2025 09:55:37 -0800
Subject: [PATCH 3/4] update tests

---
 cloudinit/sources/DataSourceAzure.py  |  2 +-
 tests/unittests/sources/test_azure.py | 23 +++++++++++++++++++----
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
index 4e8c8035cd7..55575ef30a9 100644
--- a/cloudinit/sources/DataSourceAzure.py
+++ b/cloudinit/sources/DataSourceAzure.py
@@ -764,7 +764,7 @@ def crawl_metadata(self):
                 imds_disable_password,
             )
             crawled_data["cfg"]["ssh_pwauth"] = not imds_disable_password
-        else:
+        if imds_disable_password is False:
             crawled_data["cfg"]["ssh_pwauth"] = True
 
         if self.seed == "IMDS" and not crawled_data["files"]:
diff --git a/tests/unittests/sources/test_azure.py b/tests/unittests/sources/test_azure.py
index a2f8da37118..ef197d2c620 100644
--- a/tests/unittests/sources/test_azure.py
+++ b/tests/unittests/sources/test_azure.py
@@ -2274,10 +2274,7 @@ def test_username_from_imds(self):
             dsrc.cfg["system_info"]["default_user"]["name"], "username1"
         )
 
-    @pytest.mark.parametrize(
-        "disablePasswordAuthentication", ["false", "true"]
-    )
-    def test_disable_password_from_imds(self):
+    def test_disable_password_from_imds_true(self):
         sys_cfg = {"datasource": {"Azure": {"apply_network_config": True}}}
         data = {
             "ovfcontent": construct_ovf_env(),
@@ -2292,6 +2289,24 @@ def test_disable_password_from_imds(self):
         self.m_fetch.return_value = imds_data_with_os_profile
         dsrc = self._get_ds(data)
         dsrc.get_data()
+        self.assertFalse(dsrc.cfg["ssh_pwauth"])
+
+    def test_disable_password_from_imds_false(self):
+        sys_cfg = {"datasource": {"Azure": {"apply_network_config": True}}}
+        data = {
+            "ovfcontent": construct_ovf_env(),
+            "sys_cfg": sys_cfg,
+            "write_ovf_to_seed_dir": False,
+        }
+        imds_data_with_os_profile = copy.deepcopy(NETWORK_METADATA)
+        imds_data_with_os_profile["compute"]["osProfile"] = dict(
+            adminUsername="username1",
+            computerName="hostname1",
+            disablePasswordAuthentication="false",
+        )
+        self.m_fetch.return_value = imds_data_with_os_profile
+        dsrc = self._get_ds(data)
+        dsrc.get_data()
         self.assertTrue(dsrc.cfg["ssh_pwauth"])
 
     def test_userdata_from_imds(self):

From 3b5d9c65017764b027f7ba219f6f229e173425ba Mon Sep 17 00:00:00 2001
From: Ksenija Stanojevic <ksenija.stanojevic@gmail.com>
Date: Thu, 6 Feb 2025 14:38:10 -0800
Subject: [PATCH 4/4] address comments

---
 cloudinit/sources/DataSourceAzure.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
index 55575ef30a9..1a59b202b4c 100644
--- a/cloudinit/sources/DataSourceAzure.py
+++ b/cloudinit/sources/DataSourceAzure.py
@@ -758,14 +758,12 @@ def crawl_metadata(self):
         if imds_hostname:
             LOG.debug("Hostname retrieved from IMDS: %s", imds_hostname)
             crawled_data["metadata"]["local-hostname"] = imds_hostname
-        if imds_disable_password:
+        if imds_disable_password is not None:
             LOG.debug(
                 "Disable password retrieved from IMDS: %s",
                 imds_disable_password,
             )
             crawled_data["cfg"]["ssh_pwauth"] = not imds_disable_password
-        if imds_disable_password is False:
-            crawled_data["cfg"]["ssh_pwauth"] = True
 
         if self.seed == "IMDS" and not crawled_data["files"]:
             try: