Merge remote-tracking branch 'dheule/type__user'

11 years ago · 7fad1074b6
parent ad5c105858 e5253e0330
commit 7fad1074b6
6 changed files with 113 additions and 74 deletions
--- a/cdist/conf/type/__user/TODO
+++ b/cdist/conf/type/__user/TODO
@ -1,2 +0,0 @@
- delete users
-
--- a/cdist/conf/type/__user/gencode-remote
+++ b/cdist/conf/type/__user/gencode-remote
@ -2,6 +2,7 @@
 #
 # 2011 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2011 Nico Schottelius (nico-cdist at schottelius.org)
+# 2013 Daniel Heule (hda at sfs.biz)
 #
 # This file is part of cdist.
 #
@ -21,11 +22,14 @@
 #
 # Manage users.
 #
+#set -x

 name="$__object_id"

 os="$(cat "$__global/explorer/os")"

+state=$(cat "$__object/parameter/state")
+
 # We need to shorten options for both usermod and useradd since on some
 # systems (such as *BSD, Darwin) those commands do not handle GNU style long
 # options.
@ -40,80 +44,97 @@ shorten_property() {
 	shell) ret="-s";;
 	uid) ret="-u";;
    create-home) ret="-m";;
+    system) ret="-r";;
    esac
    echo "$ret"
 }

-cd "$__object/parameter"
-if grep -q "^${name}:" "$__object/explorer/passwd"; then
-   for property in $(ls .); do
-      new_value="$(cat "$property")"
-      unset current_value
+if [ "$state" = "present" ]; then
+    cd "$__object/parameter"
+    if grep -q "^${name}:" "$__object/explorer/passwd"; then
+       for property in $(ls .); do
+          new_value="$(cat "$property")"
+          unset current_value

-      file="$__object/explorer/passwd"
+          file="$__object/explorer/passwd"

-      case "$property" in
-         gid)
-            if $(echo "$new_value" | grep -q '^[0-9][0-9]*$'); then
-               field=4
-            else
-               # We were passed a group name.  Compare the gid in
-               # the user's /etc/passwd entry with the gid of the
-               # group returned by the group explorer.
-               gid_from_group=$(awk -F: '{ print $3 }' "$__object/explorer/group")
-               gid_from_passwd=$(awk -F: '{ print $4 }' "$file")
-               if [ "$gid_from_group" != "$gid_from_passwd" ]; then
-                  current_value="$gid_from_passwd"
-               else
-                  current_value="$new_value"
-               fi
-            fi
-         ;;
-         password)
-            field=2
-            file="$__object/explorer/shadow"
-         ;;
-         comment) field=5 ;;
-         home)    field=6 ;;
-         shell)   field=7 ;;
-         uid)     field=3 ;;
-         create-home) continue;; # Does not apply to user modification
-      esac
+          case "$property" in
+             gid)
+                if $(echo "$new_value" | grep -q '^[0-9][0-9]*$'); then
+                   field=4
+                else
+                   # We were passed a group name.  Compare the gid in
+                   # the user's /etc/passwd entry with the gid of the
+                   # group returned by the group explorer.
+                   gid_from_group=$(awk -F: '{ print $3 }' "$__object/explorer/group")
+                   gid_from_passwd=$(awk -F: '{ print $4 }' "$file")
+                   if [ "$gid_from_group" != "$gid_from_passwd" ]; then
+                      current_value="$gid_from_passwd"
+                   else
+                      current_value="$new_value"
+                   fi
+                fi
+             ;;
+             password)
+                field=2
+                file="$__object/explorer/shadow"
+             ;;
+             comment) field=5 ;;
+             home)    field=6 ;;
+             shell)   field=7 ;;
+             uid)     field=3 ;;
+             create-home) continue;; # Does not apply to user modification
+             system) continue;; # Does not apply to user modification
+             state) continue;; # Does not apply to user modification
+             remove-home) continue;; # Does not apply to user modification
+          esac

-      # If we haven't already set $current_value above, pull it from the
-      # appropriate file/field.
-      if [ -z "$current_value" ]; then
-         export field
-         current_value="$(awk -F: '{ print $ENVIRON["field"] }' < "$file")"
-      fi
+          # If we haven't already set $current_value above, pull it from the
+          # appropriate file/field.
+          if [ -z "$current_value" ]; then
+             export field
+             current_value="$(awk -F: '{ print $ENVIRON["field"] }' < "$file")"
+          fi

-      if [ "$new_value" != "$current_value" ]; then
-          set -- "$@" "$(shorten_property $property)" \'$new_value\'
-      fi
-   done
+          if [ "$new_value" != "$current_value" ]; then
+              set -- "$@" "$(shorten_property $property)" \'$new_value\'
+          fi
+       done

-   if [ $# -gt 0 ]; then
-      if [ "$os" = "freebsd" ]; then
-         echo pw usermod "$@" "$name"
-      else
-         echo usermod "$@" "$name"
-      fi
-   else
-      true
-   fi
-else
-   for property in $(ls .); do
-      new_value="$(cat "$property")"
-      if [ -z "$new_value" ];then       # Boolean values have no value
-          set -- "$@" "$(shorten_property $property)"
-      else
-          set -- "$@" "$(shorten_property $property)" \'$new_value\'
-      fi
-   done
+       if [ $# -gt 0 ]; then
+          if [ "$os" = "freebsd" ]; then
+             echo pw usermod "$@" "$name"
+          else
+             echo usermod "$@" "$name"
+          fi
+       else
+          true
+       fi
+    else
+        for property in $(ls .); do
+            [ "$property" = "state" ] && continue
+            [ "$property" = "remove-home" ] && continue
+            new_value="$(cat "$property")"
+            if [ -z "$new_value" ];then       # Boolean values have no value
+              set -- "$@" "$(shorten_property $property)"
+            else
+              set -- "$@" "$(shorten_property $property)" \'$new_value\'
+            fi
+        done

-   if [ "$os" = "freebsd" ]; then
-      echo pw useradd "$@" "$name"
-   else
-      echo useradd "$@" "$name"
-   fi
+       if [ "$os" = "freebsd" ]; then
+          echo pw useradd "$@" "$name"
+       else
+          echo useradd "$@" "$name"
+       fi
+    fi
+else
+    if grep -q "^${name}:" "$__object/explorer/passwd"; then
+        #user exists, but state != present, so delete it
+        if [ -f "$__object/parameter/remove-home" ]; then
+            echo userdel -r "${name}"
+        else
+            echo userdel "${name}"
+        fi
+    fi
 fi
--- a/cdist/conf/type/__user/man.text
+++ b/cdist/conf/type/__user/man.text
@ -20,19 +20,29 @@ None.

 OPTIONAL PARAMETERS
 -------------------
+state::
+    absent or present, defaults to present
 comment::
-   see usermod(8)
+    see usermod(8)
 home::
-   see above
+    see above
 gid::
-   see above
+    see above
 password::
-   see above
+    see above
 shell::
-   see above
+    see above
 uid::
-   see above
+    see above

+BOOLEAN PARAMETERS
+------------------
+system::
+    see useradd(8), apply only on user create
+create-home::
+    see useradd(8), apply only on user create
+remove-home::
+    see userdel(8), apply only on user delete

 EXAMPLES
 --------
@ -44,8 +54,14 @@ __user foobar
 # Same but with a different shell
 __user foobar --shell /bin/zsh

+# Same but for a system account
+__user foobar --system
+
 # Set explicit uid and home
 __user foobar --uid 1001 --shell /bin/zsh --home /home/foobar
+
+# Drop user if exists
+__user foobar --state absent
 --------------------------------------------------------------------------------


--- a/cdist/conf/type/__user/parameter/boolean
+++ b/cdist/conf/type/__user/parameter/boolean
@ -1 +1,3 @@
 create-home
+remove-home
+system
--- a/cdist/conf/type/__user/parameter/default/state
+++ b/cdist/conf/type/__user/parameter/default/state
@ -0,0 +1 @@
+present
--- a/cdist/conf/type/__user/parameter/optional
+++ b/cdist/conf/type/__user/parameter/optional
@ -1,3 +1,4 @@
+state
 comment
 home
 gid