diff options
| author | luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> | 2006-03-22 20:31:30 +0000 |
|---|---|---|
| committer | luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> | 2006-03-22 20:31:30 +0000 |
| commit | 791e4da60c163752514deb34c50f1d1592958afd (patch) | |
| tree | 2f3a8ddd78574935bbb75e2eb7650537702643c2 /lib | |
| parent | 932fd032e0b4cf399d54c1bf14e7fe072626af7b (diff) | |
Committing support for group membership management. Currently only works on Linuxes and other OSes that use "useradd" that support -G.
git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1041 980ebf18-57e1-0310-9a29-db15c13687c0
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/puppet.rb | 2 | ||||
| -rwxr-xr-x | lib/puppet/type/nameservice.rb | 27 | ||||
| -rw-r--r-- | lib/puppet/type/nameservice/objectadd.rb | 1 | ||||
| -rwxr-xr-x | lib/puppet/type/user.rb | 55 |
4 files changed, 84 insertions, 1 deletions
diff --git a/lib/puppet.rb b/lib/puppet.rb index 429765d74..cb81bc968 100644 --- a/lib/puppet.rb +++ b/lib/puppet.rb @@ -14,7 +14,7 @@ require 'puppet/util' # # it's also a place to find top-level commands like 'debug' module Puppet - PUPPETVERSION = '0.15.0' + PUPPETVERSION = '0.15.1' def Puppet.version return PUPPETVERSION diff --git a/lib/puppet/type/nameservice.rb b/lib/puppet/type/nameservice.rb index 3d323d138..bf83ac439 100755 --- a/lib/puppet/type/nameservice.rb +++ b/lib/puppet/type/nameservice.rb @@ -110,6 +110,33 @@ class State end end + # The list of all groups the user is a member of. Different + # user mgmt systems will need to override this method. + def grouplist + groups = [] + + # Reset our group list + Etc.setgrent + + user = @parent[:name] + + # Now iterate across all of the groups, adding each one our + # user is a member of + while group = Etc.getgrent + members = group.mem + + if members.include? user + groups << group.name + end + end + + # We have to close the file, so each listing is a separate + # reading of the file. + Etc.endgrent + + groups + end + # Sync the information. def sync event = nil diff --git a/lib/puppet/type/nameservice/objectadd.rb b/lib/puppet/type/nameservice/objectadd.rb index fc866f193..f9f782e40 100644 --- a/lib/puppet/type/nameservice/objectadd.rb +++ b/lib/puppet/type/nameservice/objectadd.rb @@ -92,6 +92,7 @@ module Puppet @allatonce = true case self.name when :home: setflag "-d" + when :groups: setflag "-G" end end end diff --git a/lib/puppet/type/user.rb b/lib/puppet/type/user.rb index d6a75a4e5..478c3c083 100755 --- a/lib/puppet/type/user.rb +++ b/lib/puppet/type/user.rb @@ -219,6 +219,51 @@ module Puppet isautogen end + newstate(:groups, @parentstate) do + desc "The groups of which the user is a member. The primary + group should not be listed." + + isoptional + + def should_to_s + self.should + end + + def is_to_s + @is.join(",") + end + + # We need to override this because the groups need to + # be joined with commas + def should + if @parent[:membership] == :inclusive + @should.sort.join(",") + else + (@is + @should).uniq.sort.join(",") + end + end + + def retrieve + @is = grouplist() + end + + def insync? + unless defined? @should and @should + return false + end + unless defined? @is and @is + return false + end + return @is.sort == @should.sort + end + + validate do |value| + if value =~ /^\d+$/ + raise ArgumentError, "Group names must be provided, not numbers" + end + end + end + # these three states are all implemented differently on each platform, # so i'm disabling them for now @@ -251,6 +296,16 @@ module Puppet isnamevar end + newparam(:membership) do + desc "Whether specified groups should be treated as the only groups + of which the user is a member or whether they should merely + be treated as the minimum membership list." + + newvalues(:inclusive, :minimum) + + defaultto :minimum + end + @doc = "Manage users. Currently can create and modify users, but cannot delete them. Theoretically all of the parameters are optional, but if no parameters are specified the comment will |