diff options
| -rw-r--r-- | lib/puppet/type/nameservice/netinfo.rb | 74 | ||||
| -rwxr-xr-x | lib/puppet/type/user.rb | 21 | ||||
| -rwxr-xr-x | test/types/user.rb | 1 |
3 files changed, 94 insertions, 2 deletions
diff --git a/lib/puppet/type/nameservice/netinfo.rb b/lib/puppet/type/nameservice/netinfo.rb index 7c297fe7d..d7d11c6d3 100644 --- a/lib/puppet/type/nameservice/netinfo.rb +++ b/lib/puppet/type/nameservice/netinfo.rb @@ -96,7 +96,7 @@ module Puppet end self.debug "Executing %s" % cmd.join(" ").inspect - output = %x{#{cmd.join(" ")} 2>&1}.split("\n").each { |line| + %x{#{cmd.join(" ")} 2>&1}.split("\n").each { |line| if line =~ /^(\w+)\s+(.+)$/ name = $1 value = $2.sub(/\s+$/, '') @@ -118,6 +118,78 @@ module Puppet end end + # The list of all groups the user is a member of. Different + # user mgmt systems will need to override this method. + def grouplist + groups = [] + + user = @parent[:name] + # Retrieve them all from netinfo + open("| nireport / /groups name users") do |file| + file.each do |line| + name, members = line.split(/\s+/) + next unless members + next if members =~ /NoValue/ + members = members.split(",") + + if members.include? user + groups << name + end + end + end + + groups + end + + # This is really lame. We have to iterate over each + # of the groups and add us to them. + def setgrouplist(groups) + self.warning "Setting groups to %s" % groups.inspect + # Get just the groups we need to modify + diff = groups - @is + + data = {} + open("| nireport / /groups name users") do |file| + file.each do |line| + name, members = line.split(/\s+/) + + if members.nil? or members =~ /NoValue/ + data[name] = [] + else + # Add each diff group's current members + data[name] = members.split(/,/) + end + end + end + + user = @parent[:name] + data.each do |name, members| + if members.include? user and groups.include? name + # I'm in the group and should be + next + elsif members.include? user + # I'm in the group and shouldn't be + self.warning "Removing %s from %s" % + [user, name] + setuserlist(name, members - [user]) + elsif groups.include? name + # I'm not in the group and should be + setuserlist(name, members + [user]) + self.warning "Adding %s to %s" % + [user, name] + else + # I'm not in the group and shouldn't be + next + end + end + end + + def setuserlist(group, list) + cmd = "niutil -createprop / /groups/%s users %s" % + [group, list.join(",")] + output = %x{#{cmd}} + end + # How to add an object. def addcmd creatorcmd("-create") diff --git a/lib/puppet/type/user.rb b/lib/puppet/type/user.rb index 478c3c083..5f728c50b 100755 --- a/lib/puppet/type/user.rb +++ b/lib/puppet/type/user.rb @@ -221,7 +221,8 @@ module Puppet newstate(:groups, @parentstate) do desc "The groups of which the user is a member. The primary - group should not be listed." + group should not be listed. Multiple groups should be + specified as an array." isoptional @@ -262,6 +263,24 @@ module Puppet raise ArgumentError, "Group names must be provided, not numbers" end end + + def sync + if respond_to? :setgrouplist + groups = nil + if @parent[:membership] == :inclusive + groups = @should + else + groups = (@is + @should).uniq + end + + # Pass them the group list, so that the :membership logic + # is all in this class, not in parent classes. + setgrouplist(groups) + return :user_modified + else + super + end + end end # these three states are all implemented differently on each platform, diff --git a/test/types/user.rb b/test/types/user.rb index 870fb2557..7bcccc95d 100755 --- a/test/types/user.rb +++ b/test/types/user.rb @@ -145,6 +145,7 @@ class TestUser < Test::Unit::TestCase end def attrtest_comment(user) + user.retrieve old = user.is(:comment) user[:comment] = "A different comment" |