Merge branch 'master' of git://git.puppet.immerda.ch/module-user

2015-06-03 15:46:47 -04:00 · 2015-06-03 15:46:47 -04:00 · 885f52f2d8
commit 885f52f2d8
parent f479024b4a 3a4ca36cd6
1 changed files with 61 additions and 50 deletions
--- a/manifests/managed.pp
+++ b/manifests/managed.pp
@ -5,56 +5,64 @@
 # password:         the password in cleartext or as crypted string
 #                   which should be set. Default: absent -> no password is set.
 #                   To create an encrypted password, you can use:
-#                   /usr/bin/mkpasswd -H md5 --salt=$salt $password , where $salt is 8 bytes long
+#                   /usr/bin/mkpasswd -H md5 --salt=$salt $password
-#                   Note: On OpenBSD systems we can only manage crypted passwords.
+#                   where $salt is 8 bytes long
-#                         Therefor the password_crypted option doesn't have any effect.
+#                   Note: On OpenBSD systems we can only manage crypted
-#                         You'll find a python script in ${module}/password/openbsd/genpwd.py
+#                         passwords.
 #                         Therefor the password_crypted option doesn't have any
 #                         effect.
 #                         You'll find a python script in
 #                         ${module}/password/openbsd/genpwd.py
 #                         Which will help you to create such a password
 # password_crypted: if the supplied password is crypted or not.
 #                   Default: true
-#                   Note: If you'd like to use unencrypted passwords, you have to set a variable
+#                   Note: If you'd like to use unencrypted passwords, you have
-#                         $password_salt to an 8 character long salt, being used for the password.
+#                         to set a variable $password_salt to an 8 character
 #                         long salt, being used for the password.
 # gid:              define the gid of the group
 #                   absent: let the system take a gid
-#                   uid: take the same as the uid has if it isn't absent (*default*)
+#                   uid: take the same as the uid has if it isn't absent
 #                        (*default*)
 #                   <value>: take this gid
-# manage_group:     Wether we should add a group with the same name as well, this works only
+# manage_group:     Wether we should add a group with the same name as well,
-#                   if you supply a uid.
+#                   this works only if you supply a uid.
 #                   Default: true
 define user::managed(
-  $ensure = present,
+  $ensure           = present,
-  $name_comment = 'absent',
+  $name_comment     = 'absent',
-  $uid = 'absent',
+  $uid              = 'absent',
-  $gid = 'uid',
+  $gid              = 'uid',
-  $groups = [],
+  $groups           = [],
-  $manage_group = true,
+  $manage_group     = true,
-  $membership = 'minimum',
+  $membership       = 'minimum',
-  $homedir = 'absent',
+  $homedir          = 'absent',
-  $managehome = true,
+  $managehome       = true,
-  $homedir_mode = '0750',
+  $homedir_mode     = '0750',
-  $sshkey = 'absent',
+  $sshkey           = 'absent',
-  $password = 'absent',
+  $purge_ssh_keys   = false,
  $password         = 'absent',
  $password_salt    = false,
  $password_crypted = true,
-  $allowdupe = false,
+  $allowdupe        = false,
-  $shell = 'absent'
+  $shell            = 'absent'
 ){
  $real_homedir = $homedir ? {
-    'absent' => "/home/$name",
+    'absent' => "/home/${name}",
-    default => $homedir
+    default  => $homedir
  }
  $real_name_comment = $name_comment ? {
    'absent' => $name,
-    default => $name_comment,
+    default  => $name_comment,
  }
  $real_shell = $shell ? {
    'absent' =>  $::operatingsystem ? {
-      openbsd => "/usr/local/bin/bash",
+      'openbsd' => '/usr/local/bin/bash',
-      default => "/bin/bash",
+      default   => '/bin/bash',
    },
-    default => $shell,
+    default  => $shell,
  }
  if size($name) > 31 {
@ -62,14 +70,15 @@ define user::managed(
  }
  user { $name:
-    ensure => $ensure,
+    ensure         => $ensure,
-    allowdupe => $allowdupe,
+    allowdupe      => $allowdupe,
-    comment => "$real_name_comment",
+    comment        => $real_name_comment,
-    home => $real_homedir,
+    home           => $real_homedir,
-    managehome => $managehome,
+    managehome     => $managehome,
-    shell => $real_shell,
+    shell          => $real_shell,
-    groups => $groups,
+    groups         => $groups,
-    membership => $membership,
+    membership     => $membership,
    purge_ssh_keys => $purge_ssh_keys,
  }
@ -77,16 +86,17 @@ define user::managed(
    file{$real_homedir: }
    if $ensure == 'absent' {
      File[$real_homedir]{
-        ensure => absent,
+        ensure  => absent,
-        purge => true,
+        purge   => true,
-        force => true,
+        force   => true,
        recurse => true,
      }
    } else {
      File[$real_homedir]{
-        ensure => directory,
+        ensure  => directory,
        require => User[$name],
-        owner => $name, mode => $homedir_mode,
+        owner   => $name,
        mode    => $homedir_mode,
      }
      case $gid {
        'absent','uid': {
@ -131,7 +141,7 @@ define user::managed(
          ensure => absent,
        }
        case $::operatingsystem {
-          OpenBSD: {
+          'OpenBSD': {
            Group[$name]{
              before => User[$name],
            }
@ -146,8 +156,8 @@ define user::managed(
    } else {
      if $manage_group {
        group { $name:
          ensure    => $ensure,
          allowdupe => false,
          ensure => $ensure,
        }
        if $real_gid {
          Group[$name]{
@ -156,7 +166,7 @@ define user::managed(
        }
        if $ensure == 'absent' {
          case $::operatingsystem {
-            OpenBSD: {
+            'OpenBSD': {
              Group[$name]{
                before => User[$name],
              }
@ -176,7 +186,7 @@ define user::managed(
    }
  }
  case $ensure {
-    present: {
+    'present': {
      if $sshkey != 'absent' {
        User[$name]{
          before => Class[$sshkey],
@ -186,11 +196,11 @@ define user::managed(
      if $password != 'absent' {
        case $::operatingsystem {
-          openbsd: {
+          'OpenBSD': {
            exec { "setpass ${name}":
-              unless => "grep -q '^${name}:${password}:' /etc/master.passwd",
+              unless  => "grep -q '^${name}:${password}:' /etc/master.passwd",
              command => "usermod -p '${password}' ${name}",
-              require => User["${name}"],
+              require => User[$name],
            }
          }
          default: {
@ -201,7 +211,8 @@ define user::managed(
              if $password_salt {
                $real_password = mkpasswd($password,$password_salt)
              } else {
-                fail("To use unencrypted passwords you have to define a variable \$password_salt to an 8 character salt for passwords!")
+                fail("To use unencrypted passwords you have to define a \
 variable \$password_salt to an 8 character salt for passwords!")
              }
            }
            User[$name]{