diff --git a/cdist/conf/type/__user/TODO b/cdist/conf/type/__user/TODO deleted file mode 100644 index fa6aeee7..00000000 --- a/cdist/conf/type/__user/TODO +++ /dev/null @@ -1,2 +0,0 @@ -- delete users - diff --git a/cdist/conf/type/__user/explorer/group b/cdist/conf/type/__user/explorer/group old mode 100755 new mode 100644 diff --git a/cdist/conf/type/__user/explorer/passwd b/cdist/conf/type/__user/explorer/passwd old mode 100755 new mode 100644 diff --git a/cdist/conf/type/__user/explorer/shadow b/cdist/conf/type/__user/explorer/shadow old mode 100755 new mode 100644 diff --git a/cdist/conf/type/__user/gencode-remote b/cdist/conf/type/__user/gencode-remote old mode 100755 new mode 100644 index a2cdfd22..de559435 --- a/cdist/conf/type/__user/gencode-remote +++ b/cdist/conf/type/__user/gencode-remote @@ -2,6 +2,7 @@ # # 2011 Steven Armstrong (steven-cdist at armstrong.cc) # 2011 Nico Schottelius (nico-cdist at schottelius.org) +# 2013 Daniel Heule (hda at sfs.biz) # # This file is part of cdist. # @@ -21,11 +22,14 @@ # # Manage users. # +#set -x name="$__object_id" os="$(cat "$__global/explorer/os")" +state=$(cat "$__object/parameter/state") + # We need to shorten options for both usermod and useradd since on some # systems (such as *BSD, Darwin) those commands do not handle GNU style long # options. @@ -40,80 +44,97 @@ shorten_property() { shell) ret="-s";; uid) ret="-u";; create-home) ret="-m";; + system) ret="-r";; esac echo "$ret" } -cd "$__object/parameter" -if grep -q "^${name}:" "$__object/explorer/passwd"; then - for property in $(ls .); do - new_value="$(cat "$property")" - unset current_value +if [ "$state" = "present" ]; then + cd "$__object/parameter" + if grep -q "^${name}:" "$__object/explorer/passwd"; then + for property in $(ls .); do + new_value="$(cat "$property")" + unset current_value - file="$__object/explorer/passwd" + file="$__object/explorer/passwd" - case "$property" in - gid) - if $(echo "$new_value" | grep -q '^[0-9][0-9]*$'); then - field=4 - else - # We were passed a group name. Compare the gid in - # the user's /etc/passwd entry with the gid of the - # group returned by the group explorer. - gid_from_group=$(awk -F: '{ print $3 }' "$__object/explorer/group") - gid_from_passwd=$(awk -F: '{ print $4 }' "$file") - if [ "$gid_from_group" != "$gid_from_passwd" ]; then - current_value="$gid_from_passwd" - else - current_value="$new_value" - fi - fi - ;; - password) - field=2 - file="$__object/explorer/shadow" - ;; - comment) field=5 ;; - home) field=6 ;; - shell) field=7 ;; - uid) field=3 ;; - create-home) continue;; # Does not apply to user modification - esac + case "$property" in + gid) + if $(echo "$new_value" | grep -q '^[0-9][0-9]*$'); then + field=4 + else + # We were passed a group name. Compare the gid in + # the user's /etc/passwd entry with the gid of the + # group returned by the group explorer. + gid_from_group=$(awk -F: '{ print $3 }' "$__object/explorer/group") + gid_from_passwd=$(awk -F: '{ print $4 }' "$file") + if [ "$gid_from_group" != "$gid_from_passwd" ]; then + current_value="$gid_from_passwd" + else + current_value="$new_value" + fi + fi + ;; + password) + field=2 + file="$__object/explorer/shadow" + ;; + comment) field=5 ;; + home) field=6 ;; + shell) field=7 ;; + uid) field=3 ;; + create-home) continue;; # Does not apply to user modification + system) continue;; # Does not apply to user modification + state) continue;; # Does not apply to user modification + remove-home) continue;; # Does not apply to user modification + esac - # If we haven't already set $current_value above, pull it from the - # appropriate file/field. - if [ -z "$current_value" ]; then - export field - current_value="$(awk -F: '{ print $ENVIRON["field"] }' < "$file")" - fi + # If we haven't already set $current_value above, pull it from the + # appropriate file/field. + if [ -z "$current_value" ]; then + export field + current_value="$(awk -F: '{ print $ENVIRON["field"] }' < "$file")" + fi - if [ "$new_value" != "$current_value" ]; then - set -- "$@" "$(shorten_property $property)" \'$new_value\' - fi - done + if [ "$new_value" != "$current_value" ]; then + set -- "$@" "$(shorten_property $property)" \'$new_value\' + fi + done - if [ $# -gt 0 ]; then - if [ "$os" = "freebsd" ]; then - echo pw usermod "$@" "$name" - else - echo usermod "$@" "$name" - fi - else - true - fi -else - for property in $(ls .); do - new_value="$(cat "$property")" - if [ -z "$new_value" ];then # Boolean values have no value - set -- "$@" "$(shorten_property $property)" - else - set -- "$@" "$(shorten_property $property)" \'$new_value\' - fi - done + if [ $# -gt 0 ]; then + if [ "$os" = "freebsd" ]; then + echo pw usermod "$@" "$name" + else + echo usermod "$@" "$name" + fi + else + true + fi + else + for property in $(ls .); do + [ "$property" = "state" ] && continue + [ "$property" = "remove-home" ] && continue + new_value="$(cat "$property")" + if [ -z "$new_value" ];then # Boolean values have no value + set -- "$@" "$(shorten_property $property)" + else + set -- "$@" "$(shorten_property $property)" \'$new_value\' + fi + done - if [ "$os" = "freebsd" ]; then - echo pw useradd "$@" "$name" - else - echo useradd "$@" "$name" - fi + if [ "$os" = "freebsd" ]; then + echo pw useradd "$@" "$name" + else + echo useradd "$@" "$name" + fi + fi +else + if grep -q "^${name}:" "$__object/explorer/passwd"; then + #user exists, but state != present, so delete it + if [ -f "$__object/parameter/remove-home" ]; then + echo userdel -r "${name}" + else + echo userdel "${name}" + fi + fi fi diff --git a/cdist/conf/type/__user/man.text b/cdist/conf/type/__user/man.text index 9db4a9f0..2536c1bc 100644 --- a/cdist/conf/type/__user/man.text +++ b/cdist/conf/type/__user/man.text @@ -20,19 +20,29 @@ None. OPTIONAL PARAMETERS ------------------- +state:: + absent or present, defaults to present comment:: - see usermod(8) + see usermod(8) home:: - see above + see above gid:: - see above + see above password:: - see above + see above shell:: - see above + see above uid:: - see above + see above +system:: + see above +BOOLEAN PARAMETERS +------------------ +create-home:: + see useradd(8), apply only on user create +remove-home:: + see userdel(8), apply only on user delete EXAMPLES -------- @@ -44,8 +54,14 @@ __user foobar # Same but with a different shell __user foobar --shell /bin/zsh +# Same but for a system account +__user foobar --system + # Set explicit uid and home __user foobar --uid 1001 --shell /bin/zsh --home /home/foobar + +# Drop user if exists +__user foobar --state absent -------------------------------------------------------------------------------- diff --git a/cdist/conf/type/__user/parameter/boolean b/cdist/conf/type/__user/parameter/boolean index e0517c6a..83afdebe 100644 --- a/cdist/conf/type/__user/parameter/boolean +++ b/cdist/conf/type/__user/parameter/boolean @@ -1 +1,3 @@ create-home +remove-home +system diff --git a/cdist/conf/type/__user/parameter/default/state b/cdist/conf/type/__user/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__user/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__user/parameter/optional b/cdist/conf/type/__user/parameter/optional index e3cf52d5..de6c3838 100644 --- a/cdist/conf/type/__user/parameter/optional +++ b/cdist/conf/type/__user/parameter/optional @@ -1,3 +1,4 @@ +state comment home gid