diff options
author | James Turnbull <james@lovedthanlost.net> | 2011-03-09 17:56:37 +1100 |
---|---|---|
committer | James Turnbull <james@lovedthanlost.net> | 2011-03-09 17:56:37 +1100 |
commit | 4bd54939ceb4c588b1633117d88472fe48e9dfdf (patch) | |
tree | 9f4219830b3b463f0f5c4c0b9716b8cecd0c01fb | |
parent | d24e32a19648d7a97c329fc3a5c4277f05cc5b04 (diff) | |
download | puppet-4bd54939ceb4c588b1633117d88472fe48e9dfdf.tar.gz puppet-4bd54939ceb4c588b1633117d88472fe48e9dfdf.tar.xz puppet-4bd54939ceb4c588b1633117d88472fe48e9dfdf.zip |
Fixed #2645 - Added support for creating system users
On Red Hat, Ubuntu, Debian and deriatives the -r flag
allows creation of "system" users with a UID below that
defined in /etc/login.defs.
This commit adds support for a system parameter and a
system_users feature which can be used like so:
user { "foo":
system => true,
ensure => present,
}
This will create a user with a lower UID.
The system parameter defaults to false.
-rw-r--r-- | lib/puppet/provider/user/useradd.rb | 7 | ||||
-rwxr-xr-x | lib/puppet/type/user.rb | 11 | ||||
-rwxr-xr-x | spec/unit/provider/user/useradd_spec.rb | 39 | ||||
-rwxr-xr-x | spec/unit/type/user_spec.rb | 4 |
4 files changed, 57 insertions, 4 deletions
diff --git a/lib/puppet/provider/user/useradd.rb b/lib/puppet/provider/user/useradd.rb index ba406cc63..b87971738 100644 --- a/lib/puppet/provider/user/useradd.rb +++ b/lib/puppet/provider/user/useradd.rb @@ -19,7 +19,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ value !~ /\s/ end - has_features :manages_homedir, :allows_duplicates, :manages_expiry + has_features :manages_homedir, :allows_duplicates, :manages_expiry, :system_users has_features :manages_passwords, :manages_password_age if Puppet.features.libshadow? @@ -46,6 +46,10 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ cmd end + def check_system_users + @resource.system? ? ["-r"] : [] + end + def add_properties cmd = [] Puppet::Type.type(:user).validproperties.each do |property| @@ -66,6 +70,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ cmd += check_allow_dup cmd += check_manage_home cmd += check_manage_expiry + cmd += check_system_users cmd << @resource[:name] end diff --git a/lib/puppet/type/user.rb b/lib/puppet/type/user.rb index e7389a0d1..dcba181fe 100755 --- a/lib/puppet/type/user.rb +++ b/lib/puppet/type/user.rb @@ -34,6 +34,9 @@ module Puppet feature :manages_expiry, "The provider can manage the expiry date for a user." + feature :system_users, + "The provider allows you to create system users with lower UIDs." + newproperty(:ensure, :parent => Puppet::Property::Ensure) do newvalue(:present, :event => :user_created) do provider.create @@ -230,6 +233,14 @@ module Puppet defaultto :minimum end + newparam(:system, :boolean => true) do + desc "Whether the user is a system user with lower UID." + + newvalues(:true, :false) + + defaultto false + end + newparam(:allowdupe, :boolean => true) do desc "Whether to allow duplicate UIDs." diff --git a/spec/unit/provider/user/useradd_spec.rb b/spec/unit/provider/user/useradd_spec.rb index 9ebba596c..81ad7d400 100755 --- a/spec/unit/provider/user/useradd_spec.rb +++ b/spec/unit/provider/user/useradd_spec.rb @@ -15,6 +15,7 @@ describe provider_class do # #1360 it "should add -o when allowdupe is enabled and the user is being created" do @resource.expects(:allowdupe?).returns true + @resource.expects(:system?).returns true @provider.stubs(:execute) @provider.expects(:execute).with { |args| args.include?("-o") } @provider.create @@ -27,6 +28,14 @@ describe provider_class do @provider.uid = 150 end + it "should add -r when system is enabled" do + @resource.expects(:allowdupe?).returns true + @resource.expects(:system?).returns true + @provider.stubs(:execute) + @provider.expects(:execute).with { |args| args.include?("-r") } + @provider.create + end + it "should set password age rules" do provider_class.has_feature :manages_password_age @resource = Puppet::Type.type(:user).new :name => "myuser", :password_min_age => 5, :password_max_age => 10, :provider => :useradd @@ -53,6 +62,23 @@ describe provider_class do end end + describe "when checking to add system users" do + it "should check system users" do + @resource.expects(:system?) + @provider.check_system_users + end + + it "should return an array with a flag if it's a system user" do + @resource.stubs(:system?).returns true + @provider.check_system_users.must == ["-r"] + end + + it "should return an empty array if it's not a system user" do + @resource.stubs(:system?).returns false + @provider.check_system_users.must == [] + end + end + describe "when checking manage home" do it "should check manage home" do @resource.expects(:managehome?) @@ -88,6 +114,7 @@ describe provider_class do before do @resource.stubs(:allowdupe?).returns true @resource.stubs(:managehome?).returns true + @resource.stubs(:system?).returns true end it "should call command with :add" do @@ -105,6 +132,11 @@ describe provider_class do @provider.addcmd end + it "should check and add if it's a system user" do + @provider.expects(:check_system_users).returns([]) + @provider.addcmd + end + it "should check and add if home is managed" do @provider.expects(:check_manage_home).returns([]) @provider.addcmd @@ -120,15 +152,15 @@ describe provider_class do @provider.stubs(:add_properties).returns(["-G", "somegroup"]) @resource.stubs(:[]).with(:name).returns("someuser") @resource.stubs(:[]).with(:expiry).returns("somedate") - @provider.addcmd.must == ["useradd", "-G", "somegroup", "-o", "-m", '-e somedate', "someuser"] + @provider.addcmd.must == ["useradd", "-G", "somegroup", "-o", "-m", '-e somedate', "-r", "someuser"] end - it "should return an array without -e if expery is undefined full command" do + it "should return an array without -e if expiry is undefined full command" do @provider.stubs(:command).with(:add).returns("useradd") @provider.stubs(:add_properties).returns(["-G", "somegroup"]) @resource.stubs(:[]).with(:name).returns("someuser") @resource.stubs(:[]).with(:expiry).returns nil - @provider.addcmd.must == ["useradd", "-G", "somegroup", "-o", "-m", "someuser"] + @provider.addcmd.must == ["useradd", "-G", "somegroup", "-o", "-m", "-r", "someuser"] end end @@ -136,6 +168,7 @@ describe provider_class do before do @resource.stubs(:allowdupe?).returns true @resource.stubs(:managehome?).returns true + @resource.stubs(:system?).returns true end it "should call command with :pass" do diff --git a/spec/unit/type/user_spec.rb b/spec/unit/type/user_spec.rb index 297134446..5a84af443 100755 --- a/spec/unit/type/user_spec.rb +++ b/spec/unit/type/user_spec.rb @@ -43,6 +43,10 @@ describe user do user.provider_feature(:manages_password_age).should_not be_nil end + it "should have a system_users feature" do + user.provider_feature(:system_users).should_not be_nil + end + describe "instances" do it "should have a valid provider" do user.new(:name => "foo").provider.class.ancestors.should be_include(Puppet::Provider) |