Solaris RBAC Attributes

Adding support to user type for: profiles auths project key/value pairs Refactored useradd.addcmd so I could override how properties get added in the subclass Added keyvalue property to manage generic keyvalues
author: Andrew Shafer <andrew@reductivelabs.com> 2008-10-21 12:20:12 -0600
committer: James Turnbull <james@lovedthanlost.net> 2008-10-22 16:34:50 +1100
commit: c09d0cc128aa3f6a0b741422ae45326b258bae7d (patch)
tree: e357696bb317f3ac63d0649ed9ad1f5d8bc980b1 /lib/puppet/provider/user
parent: 6d05cbc1e1a22d4316e18fb22d5cff9c7a42d3cf (diff)
download: puppet-c09d0cc128aa3f6a0b741422ae45326b258bae7d.tar.gz
puppet-c09d0cc128aa3f6a0b741422ae45326b258bae7d.tar.xz
puppet-c09d0cc128aa3f6a0b741422ae45326b258bae7d.zip
2 files changed, 90 insertions, 14 deletions
diff --git a/lib/puppet/provider/user/user_role_add.rb b/lib/puppet/provider/user/user_role_add.rb
index 819516dc4..00fc24b3a 100644
--- a/lib/puppet/provider/user/user_role_add.rb
+++ b/lib/puppet/provider/user/user_role_add.rb
@@ -11,6 +11,8 @@ Puppet::Type.type(:user).provide :user_role_add, :parent => :useradd do
     options :comment, :method => :gecos
     options :groups, :flag => "-G"
     options :roles, :flag => "-R"
+    options :auths, :flag => "-A"
+    options :profiles, :flag => "-P"
 
     verify :gid, "GID must be an integer" do |value|
         value.is_a? Integer
@@ -26,6 +28,24 @@ Puppet::Type.type(:user).provide :user_role_add, :parent => :useradd do
         has_feature :manages_passwords
     end
 
+    #must override this to hand the keyvalue pairs
+    def add_properties
+        cmd = []
+        Puppet::Type.type(:user).validproperties.each do |property|
+            next if property == :ensure
+            # the value needs to be quoted, mostly because -c might
+            # have spaces in it
+            if value = @resource.should(property) and value != ""
+                if property == :keys
+                    cmd += build_keys_cmd(value)
+                else
+                    cmd << flag(property) << value
+                end
+            end
+        end
+        cmd
+    end
+
     def user_attributes
         @user_attributes ||= UserAttr.get_attributes_by_name(@resource[:name])
     end
@@ -57,6 +77,7 @@ Puppet::Type.type(:user).provide :user_role_add, :parent => :useradd do
     def transition(type)
         cmd = [command(:modify)]
         cmd << "-K" << "type=#{type}"
+        cmd += add_properties
         cmd << @resource[:name]
     end
 
@@ -85,5 +106,51 @@ Puppet::Type.type(:user).provide :user_role_add, :parent => :useradd do
             user_attributes[:roles]
         end
     end
+
+    def auths
+        if user_attributes
+            user_attributes[:auths]
+        end
+    end
+
+    def profiles
+        if user_attributes
+            user_attributes[:profiles]
+        end
+    end
+
+    def project
+        if user_attributes
+            user_attributes[:project]
+        end
+    end
+
+    def managed_attributes
+        [:name, :type, :roles, :auths, :profiles, :project]
+    end
+
+    def remove_managed_attributes
+        managed = managed_attributes
+        user_attributes.select { |k,v| !managed.include?(k) }.inject({}) { |hash, array| hash[array[0]] = array[1]; hash }
+    end
+
+    def keys
+        if user_attributes
+            #we have to get rid of all the keys we are managing another way
+            remove_managed_attributes
+        end
+    end
+
+    def build_keys_cmd(keys_hash)
+        cmd = []
+        keys_hash.each do |k,v|
+            cmd << "-K" << "#{k}=#{v}"
+        end
+        cmd
+    end
+
+    def keys=(keys_hash)
+        run([command(:modify)] + build_keys_cmd(keys_hash) << @resource[:name], "modify attribute key pairs")
+    end
 end
 
diff --git a/lib/puppet/provider/user/useradd.rb b/lib/puppet/provider/user/useradd.rb
index b327db384..6996dd69a 100644
--- a/lib/puppet/provider/user/useradd.rb
+++ b/lib/puppet/provider/user/useradd.rb
@@ -23,8 +23,22 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
         has_feature :manages_passwords
     end
 
-    def addcmd
-        cmd = [command(:add)]
+    def check_allow_dup
+        @resource.allowdupe? ? ["-o"] : []
+    end
+
+    def check_manage_home
+        cmd = []
+        if @resource.managehome?
+            cmd << "-m"
+        elsif %w{Fedora RedHat}.include?(Facter.value("operatingsystem"))
+            cmd << "-M"
+        end
+        cmd
+    end
+
+    def add_properties
+        cmd = []
         Puppet::Type.type(:user).validproperties.each do |property|
             next if property == :ensure
             # the value needs to be quoted, mostly because -c might
@@ -33,20 +47,15 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
                 cmd << flag(property) << value
             end
         end
+        cmd
+    end
 
-        if @resource.allowdupe?
-            cmd << "-o"
-        end
-
-        if @resource.managehome?
-            cmd << "-m"
-        elsif %w{Fedora RedHat}.include?(Facter.value("operatingsystem"))
-            cmd << "-M"
-        end
-
+    def addcmd
+        cmd = [command(:add)]
+        cmd += add_properties
+        cmd += check_allow_dup
+        cmd += check_manage_home
         cmd << @resource[:name]
-
-        cmd
     end
 
     # Retrieve the password using the Shadow Password library
author	Andrew Shafer <andrew@reductivelabs.com>	2008-10-21 12:20:12 -0600
committer	James Turnbull <james@lovedthanlost.net>	2008-10-22 16:34:50 +1100
commit	c09d0cc128aa3f6a0b741422ae45326b258bae7d (patch)
tree	e357696bb317f3ac63d0649ed9ad1f5d8bc980b1 /lib/puppet/provider/user
parent	6d05cbc1e1a22d4316e18fb22d5cff9c7a42d3cf (diff)
download	puppet-c09d0cc128aa3f6a0b741422ae45326b258bae7d.tar.gz puppet-c09d0cc128aa3f6a0b741422ae45326b258bae7d.tar.xz puppet-c09d0cc128aa3f6a0b741422ae45326b258bae7d.zip