Make password mandatory

author: Silvio Rhatto <rhatto@riseup.net> 2016-03-31 11:22:51 -0300
committer: Silvio Rhatto <rhatto@riseup.net> 2016-03-31 11:22:51 -0300
commit: b837a50240da25f471010fefcee19045c0b4d37d (patch)
tree: 3fff5deaf149d1ffad532c8b47633e170d35abd2
parent: c45475e9e3f5fc3dad9cc110e1de7ca26166c41f (diff)
download: puppet-user-b837a50240da25f471010fefcee19045c0b4d37d.tar.gz
puppet-user-b837a50240da25f471010fefcee19045c0b4d37d.tar.bz2
1 files changed, 123 insertions, 126 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index 187c160..9b8d04a 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -8,6 +8,7 @@
 class user {
 
   define manage(
+    $password,
     $ensure           = present,
     $uid              = 'absent',
     $gid              = 'uid',
@@ -16,7 +17,6 @@ class user {
     $homedir_mode     = '0750',
     $comment          = 'absent',
     $homedir          = 'absent',
-    $password         = 'absent',
     $shell            = 'absent',
     $sshkey           = 'absent',
     $sshkey_options   = [],
@@ -25,155 +25,152 @@ class user {
     $ticket           = false,
     $refresh_keys     = false) {
 
-    if $password != 'absent' {
-
-      $real_groups = $groups ? {
-        '' => [ "$title", ],
-        default => $groups,
-      }
+    $real_groups = $groups ? {
+      '' => [ "$title", ],
+      default => $groups,
+    }
 
-      $real_homedir = $homedir ? {
-        'absent' => "/home/$name",
-        default  => $homedir,
-      }
+    $real_homedir = $homedir ? {
+      'absent' => "/home/$name",
+      default  => $homedir,
+    }
 
-      $real_name_comment = $comment ? {
-        'absent' => $name,
-        default  => $comment,
-      }
+    $real_name_comment = $comment ? {
+      'absent' => $name,
+      default  => $comment,
+    }
 
-      $real_sshkey_type = $sshkey_type ? {
-        'absent' => "ssh-rsa",
-        default  => $sshkey_type,
-      }
+    $real_sshkey_type = $sshkey_type ? {
+      'absent' => "ssh-rsa",
+      default  => $sshkey_type,
+    }
 
-      $real_shell = $shell ? {
-        'absent' =>  $operatingsystem ? {
-                       openbsd => "/usr/local/bin/bash",
-                       default => "/bin/bash",
-                      },
-        default => $shell,
-      }
+    $real_shell = $shell ? {
+      'absent' =>  $operatingsystem ? {
+                     openbsd => "/usr/local/bin/bash",
+                     default => "/bin/bash",
+                    },
+      default => $shell,
+    }
 
-      if $managehome == true {
-          if $ensure == 'absent' {
-              file{"$real_homedir":
-                  ensure => absent,
-                  purge => true,
-                  force => true,
-                  recurse => true,
-              }
-          } else {
-              file{"$real_homedir":
-                  ensure => directory,
-                  require => User[$name],
-                  owner => $name, mode => $homedir_mode;
-              }
-              case $gid {
-                  'absent','uid': {
-                      File[$real_homedir]{
-                          group => $name,
-                      }
-                  }
-                  default: {
-                      File[$real_homedir]{
-                          group => $gid,
-                      }
-                  }
-              }
-          }
-      } else {
-        if $managehome != false {
-          if !defined(File[$managehome]) {
-            file { $managehome:
-              ensure  => present,
-              owner   => $name,
-              mode    => $homedir_mode,
-              require => User[$name],
+    if $managehome == true {
+        if $ensure == 'absent' {
+            file{"$real_homedir":
+                ensure => absent,
+                purge => true,
+                force => true,
+                recurse => true,
+            }
+        } else {
+            file{"$real_homedir":
+                ensure => directory,
+                require => User[$name],
+                owner => $name, mode => $homedir_mode;
+            }
+            case $gid {
+                'absent','uid': {
+                    File[$real_homedir]{
+                        group => $name,
+                    }
+                }
+                default: {
+                    File[$real_homedir]{
+                        group => $gid,
+                    }
+                }
             }
+        }
+    } else {
+      if $managehome != false {
+        if !defined(File[$managehome]) {
+          file { $managehome:
+            ensure  => present,
+            owner   => $name,
+            mode    => $homedir_mode,
+            require => User[$name],
           }
+        }
 
-          case $gid {
-            'absent','uid': {
-              File[$managehome] {
-                group => $name,
-              }
+        case $gid {
+          'absent','uid': {
+            File[$managehome] {
+              group => $name,
             }
-            default: {
-              File[$managehome] {
-                group => $gid,
-              }
+          }
+          default: {
+            File[$managehome] {
+              group => $gid,
             }
           }
+        }
 
-          file{ "$real_homedir":
-              ensure  => $managehome,
-              require => File[$managehome],
-          }
+        file{ "$real_homedir":
+            ensure  => $managehome,
+            require => File[$managehome],
         }
       }
+    }
 
-      if $uid != 'absent' {
-        $real_uid = $uid
-      } else {
-        $real_uid = false
-      }
+    if $uid != 'absent' {
+      $real_uid = $uid
+    } else {
+      $real_uid = false
+    }
 
-      if $gid != 'absent' {
-        if $gid == 'uid' {
-          if $uid != 'absent' {
-            $real_gid = $uid
-          } else {
-            $real_gid = false
-          }
+    if $gid != 'absent' {
+      if $gid == 'uid' {
+        if $uid != 'absent' {
+          $real_gid = $uid
         } else {
-          $real_gid = $gid
+          $real_gid = false
         }
       } else {
-        $real_gid = false
+        $real_gid = $gid
       }
+    } else {
+      $real_gid = false
+    }
 
-      # see http://www.mail-archive.com/puppet-users@googlegroups.com/msg00795.html
-      user { "$title":
-        ensure     => $ensure,
-        allowdupe  => false,
-        comment    => "$real_name_comment",
-        home       => $real_homedir,
-        managehome => $managehome,
-        shell      => $real_shell,
-        groups     => $real_groups,
-        membership => $membership,
-        password   => $password,
-        uid        => $real_uid ? { false => undef, default => $real_uid },
-        gid        => $real_gid ? { false => undef, default => $real_gid },
-      }
+    # see http://www.mail-archive.com/puppet-users@googlegroups.com/msg00795.html
+    user { "$title":
+      ensure     => $ensure,
+      allowdupe  => false,
+      comment    => "$real_name_comment",
+      home       => $real_homedir,
+      managehome => $managehome,
+      shell      => $real_shell,
+      groups     => $real_groups,
+      membership => $membership,
+      password   => $password,
+      uid        => $real_uid ? { false => undef, default => $real_uid },
+      gid        => $real_gid ? { false => undef, default => $real_gid },
+    }
 
-      if $refresh_keys == true {
-        cron { "gpg-refresh-keys-${title}":
-          command  => "/usr/bin/gpg --refresh-keys > /dev/null 2>&1",
-          user     => $title,
-          hour     => "*/1",
-          minute   => "0",
-          ensure   => present,
-          require  => User[$title],
-        }
+    if $refresh_keys == true {
+      cron { "gpg-refresh-keys-${title}":
+        command  => "/usr/bin/gpg --refresh-keys > /dev/null 2>&1",
+        user     => $title,
+        hour     => "*/1",
+        minute   => "0",
+        ensure   => present,
+        require  => User[$title],
       }
+    }
 
-      # lots of bugs preventing a good implementation for ssh keys
-      # http://projects.reductivelabs.com/issues/1409
-      # http://projects.reductivelabs.com/issues/2004
-      # http://projects.reductivelabs.com/issues/2020
-      # http://groups.google.com/group/puppet-users/browse_thread/thread/131bc7cdc507e3c8/6b61dbcd0b6a68b5?lnk=raot
-      if $sshkey != 'absent' {
-        ssh_authorized_key { "$title":
-          ensure  => $ensure,
-          key     => $sshkey,
-          user    => $title,
-          options => $sshkey_options,
-          type    => $real_sshkey_type,
-          target  => "$real_homedir/.ssh/authorized_keys",
-          require => User["$title"],
-        }
+    # lots of bugs preventing a good implementation for ssh keys
+    # http://projects.reductivelabs.com/issues/1409
+    # http://projects.reductivelabs.com/issues/2004
+    # http://projects.reductivelabs.com/issues/2020
+    # http://groups.google.com/group/puppet-users/browse_thread/thread/131bc7cdc507e3c8/6b61dbcd0b6a68b5?lnk=raot
+    if $sshkey != 'absent' {
+      ssh_authorized_key { "$title":
+        ensure  => $ensure,
+        key     => $sshkey,
+        user    => $title,
+        options => $sshkey_options,
+        type    => $real_sshkey_type,
+        target  => "$real_homedir/.ssh/authorized_keys",
+        require => User["$title"],
       }
     }
   }
author	Silvio Rhatto <rhatto@riseup.net>	2016-03-31 11:22:51 -0300
committer	Silvio Rhatto <rhatto@riseup.net>	2016-03-31 11:22:51 -0300
commit	b837a50240da25f471010fefcee19045c0b4d37d (patch)
tree	3fff5deaf149d1ffad532c8b47633e170d35abd2
parent	c45475e9e3f5fc3dad9cc110e1de7ca26166c41f (diff)
download	puppet-user-b837a50240da25f471010fefcee19045c0b4d37d.tar.gz puppet-user-b837a50240da25f471010fefcee19045c0b4d37d.tar.bz2