On Jul 12, 2012, at 6:46 AM, jcbollinger wrote:
> If it is the case that each user always has the same potential secondary
> groups, and you need to narrow the actual secondary groups to those that are
> actually present, then I think you could do it without too much pain. The
> main ingredients would be a list (array) of the groups that are supposed to
> be present, and a custom function that forms the intersection of two arrays.
> (Or you could use an inline template and split(), but yuck!)
>
> Hiera would probably provide a good means for building the list of available
> groups, which you could then use not only to filter user definitions but also
> to drive virtual group realization. Here's a skeleton of how it might work:
>
> class auth::constants {
> $available_groups = hiera('groups')
> }
Interesting idea, but depends on an external datasource that tells us which
groups are valid. Since all of these groups are already defined in puppet, I
simply don't see the value of managing intersections of data between a hiera
data source and puppet.
> # Virtual user declarations, such as
> @user { 'jbolling':
> uid => 4200,
> gid => 4200,
> groups => intersect(['dev', 'support', 'ops'],
> $auth::constants::available_groups)
> }
> }
I think the intersect idea is valid, as long as I can find out if a parameter
is realized or not. Basically, write a function that removes from the array
any group which isn't realized. This removes any need for heira. However I'm
poking around and the docs don't show any methods to determine if something has
been realized or not.
If I am reading this right, intersect is provided by stdlib, right? So I
really just need to write a function to determine if something is realized or
not. I suspect this is going to fall back to the same issues as defined()
unless I can delay execution until the end.
--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
