On Red Hat, Ubuntu, Debian and deriatives the -r flag
allows creation of "system" users with a UID below that
defined in /etc/login.defs.
This commit adds support for a system parameter and a
system_users feature which can be used like so:
user { "foo":
system => true,
ensure => present,
}
This will create a user with a lower UID.
The system parameter defaults to false.
Signed-off-by: James Turnbull <[email protected]>
---
lib/puppet/provider/user/useradd.rb | 7 ++++-
lib/puppet/type/user.rb | 11 ++++++++
spec/unit/provider/user/useradd_spec.rb | 39 ++++++++++++++++++++++++++++--
spec/unit/type/user_spec.rb | 4 +++
4 files changed, 57 insertions(+), 4 deletions(-)
diff --git a/lib/puppet/provider/user/useradd.rb
b/lib/puppet/provider/user/useradd.rb
index ba406cc..b879717 100644
--- a/lib/puppet/provider/user/useradd.rb
+++ b/lib/puppet/provider/user/useradd.rb
@@ -19,7 +19,7 @@ Puppet::Type.type(:user).provide :useradd, :parent =>
Puppet::Provider::NameServ
value !~ /\s/
end
- has_features :manages_homedir, :allows_duplicates, :manages_expiry
+ has_features :manages_homedir, :allows_duplicates, :manages_expiry,
:system_users
has_features :manages_passwords, :manages_password_age if
Puppet.features.libshadow?
@@ -46,6 +46,10 @@ Puppet::Type.type(:user).provide :useradd, :parent =>
Puppet::Provider::NameServ
cmd
end
+ def check_system_users
+ @resource.system? ? ["-r"] : []
+ end
+
def add_properties
cmd = []
Puppet::Type.type(:user).validproperties.each do |property|
@@ -66,6 +70,7 @@ Puppet::Type.type(:user).provide :useradd, :parent =>
Puppet::Provider::NameServ
cmd += check_allow_dup
cmd += check_manage_home
cmd += check_manage_expiry
+ cmd += check_system_users
cmd << @resource[:name]
end
diff --git a/lib/puppet/type/user.rb b/lib/puppet/type/user.rb
index e7389a0..dcba181 100755
--- a/lib/puppet/type/user.rb
+++ b/lib/puppet/type/user.rb
@@ -34,6 +34,9 @@ module Puppet
feature :manages_expiry,
"The provider can manage the expiry date for a user."
+ feature :system_users,
+ "The provider allows you to create system users with lower UIDs."
+
newproperty(:ensure, :parent => Puppet::Property::Ensure) do
newvalue(:present, :event => :user_created) do
provider.create
@@ -230,6 +233,14 @@ module Puppet
defaultto :minimum
end
+ newparam(:system, :boolean => true) do
+ desc "Whether the user is a system user with lower UID."
+
+ newvalues(:true, :false)
+
+ defaultto false
+ end
+
newparam(:allowdupe, :boolean => true) do
desc "Whether to allow duplicate UIDs."
diff --git a/spec/unit/provider/user/useradd_spec.rb
b/spec/unit/provider/user/useradd_spec.rb
index 9ebba59..81ad7d4 100755
--- a/spec/unit/provider/user/useradd_spec.rb
+++ b/spec/unit/provider/user/useradd_spec.rb
@@ -15,6 +15,7 @@ describe provider_class do
# #1360
it "should add -o when allowdupe is enabled and the user is being created" do
@resource.expects(:allowdupe?).returns true
+ @resource.expects(:system?).returns true
@provider.stubs(:execute)
@provider.expects(:execute).with { |args| args.include?("-o") }
@provider.create
@@ -27,6 +28,14 @@ describe provider_class do
@provider.uid = 150
end
+ it "should add -r when system is enabled" do
+ @resource.expects(:allowdupe?).returns true
+ @resource.expects(:system?).returns true
+ @provider.stubs(:execute)
+ @provider.expects(:execute).with { |args| args.include?("-r") }
+ @provider.create
+ end
+
it "should set password age rules" do
provider_class.has_feature :manages_password_age
@resource = Puppet::Type.type(:user).new :name => "myuser",
:password_min_age => 5, :password_max_age => 10, :provider => :useradd
@@ -53,6 +62,23 @@ describe provider_class do
end
end
+ describe "when checking to add system users" do
+ it "should check system users" do
+ @resource.expects(:system?)
+ @provider.check_system_users
+ end
+
+ it "should return an array with a flag if it's a system user" do
+ @resource.stubs(:system?).returns true
+ @provider.check_system_users.must == ["-r"]
+ end
+
+ it "should return an empty array if it's not a system user" do
+ @resource.stubs(:system?).returns false
+ @provider.check_system_users.must == []
+ end
+ end
+
describe "when checking manage home" do
it "should check manage home" do
@resource.expects(:managehome?)
@@ -88,6 +114,7 @@ describe provider_class do
before do
@resource.stubs(:allowdupe?).returns true
@resource.stubs(:managehome?).returns true
+ @resource.stubs(:system?).returns true
end
it "should call command with :add" do
@@ -105,6 +132,11 @@ describe provider_class do
@provider.addcmd
end
+ it "should check and add if it's a system user" do
+ @provider.expects(:check_system_users).returns([])
+ @provider.addcmd
+ end
+
it "should check and add if home is managed" do
@provider.expects(:check_manage_home).returns([])
@provider.addcmd
@@ -120,15 +152,15 @@ describe provider_class do
@provider.stubs(:add_properties).returns(["-G", "somegroup"])
@resource.stubs(:[]).with(:name).returns("someuser")
@resource.stubs(:[]).with(:expiry).returns("somedate")
- @provider.addcmd.must == ["useradd", "-G", "somegroup", "-o", "-m", '-e
somedate', "someuser"]
+ @provider.addcmd.must == ["useradd", "-G", "somegroup", "-o", "-m", '-e
somedate', "-r", "someuser"]
end
- it "should return an array without -e if expery is undefined full command"
do
+ it "should return an array without -e if expiry is undefined full command"
do
@provider.stubs(:command).with(:add).returns("useradd")
@provider.stubs(:add_properties).returns(["-G", "somegroup"])
@resource.stubs(:[]).with(:name).returns("someuser")
@resource.stubs(:[]).with(:expiry).returns nil
- @provider.addcmd.must == ["useradd", "-G", "somegroup", "-o", "-m",
"someuser"]
+ @provider.addcmd.must == ["useradd", "-G", "somegroup", "-o", "-m",
"-r", "someuser"]
end
end
@@ -136,6 +168,7 @@ describe provider_class do
before do
@resource.stubs(:allowdupe?).returns true
@resource.stubs(:managehome?).returns true
+ @resource.stubs(:system?).returns true
end
it "should call command with :pass" do
diff --git a/spec/unit/type/user_spec.rb b/spec/unit/type/user_spec.rb
index 2971344..5a84af4 100755
--- a/spec/unit/type/user_spec.rb
+++ b/spec/unit/type/user_spec.rb
@@ -43,6 +43,10 @@ describe user do
user.provider_feature(:manages_password_age).should_not be_nil
end
+ it "should have a system_users feature" do
+ user.provider_feature(:system_users).should_not be_nil
+ end
+
describe "instances" do
it "should have a valid provider" do
user.new(:name => "foo").provider.class.ancestors.should
be_include(Puppet::Provider)
--
1.7.1
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en.
