Issue #4607 has been updated by Clay Caviness.
I'm doing this now with some typically ugly execs:
<pre>
exec { "add_somenestedgroup_to_somegroup":
path => "/usr/sbin:/usr/bin",
command => "dseditgroup -o edit -n . -t group -a somenestedgroup somegroup",
unless => "dseditgroup -o read somegroup 2>&1 | grep $(dsmemberutil getuuid
-G somenestedgroup)",
}
</pre>
.. but it would all be much nicer to manage this in a group resource.
----------------------------------------
Feature #4607: directoryservice group provider for OS X should allow groups to
be members of a group
https://projects.puppetlabs.com/issues/4607
Author: Nigel Kersten
Status: Accepted
Priority: Normal
Assignee:
Category: OSX
Target version:
Affected Puppet version:
Keywords:
Branch:
Unlike many other systems, OS X considers group membership to be an attribute
of the group, not the members, and so we have a situation where in Puppet the
provider can manage group membership.
It turns out that we can only manage users as members of this group, but it's
perfectly valid to have nested groups in OS X.
We should support this.
This came up because of someone wanting to use the Puppet group type to manage
Service ACLs in OS X, which are simply groups with a specific naming scheme.
The vast majority of the time when you wish to do this, you want to nest groups
inside the SACL.
There are a few unanswered questions about how we'd do this, as the provider
simply doesn't know whether a given string refers to a user or a group, and it
needs to execute different commands in each scenario.
We also don't really want to have to supply Puppet resource references, as some
of these groups may be in a remote directoryservice node, and thus unsuitable
for being managed by Puppet.
Perhaps we have another 'group_members' attribute? Then we need to work out
whether something is a group or a user when checking status...
Anyway, while it's not clear how best to do this, I think it's something we
should do.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
