From b837a50240da25f471010fefcee19045c0b4d37d Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Thu, 31 Mar 2016 11:22:51 -0300 Subject: Make password mandatory --- manifests/init.pp | 249 +++++++++++++++++++++++++++--------------------------- 1 file changed, 123 insertions(+), 126 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 187c160..9b8d04a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -8,6 +8,7 @@ class user { define manage( + $password, $ensure = present, $uid = 'absent', $gid = 'uid', @@ -16,7 +17,6 @@ class user { $homedir_mode = '0750', $comment = 'absent', $homedir = 'absent', - $password = 'absent', $shell = 'absent', $sshkey = 'absent', $sshkey_options = [], @@ -25,155 +25,152 @@ class user { $ticket = false, $refresh_keys = false) { - if $password != 'absent' { - - $real_groups = $groups ? { - '' => [ "$title", ], - default => $groups, - } + $real_groups = $groups ? { + '' => [ "$title", ], + default => $groups, + } - $real_homedir = $homedir ? { - 'absent' => "/home/$name", - default => $homedir, - } + $real_homedir = $homedir ? { + 'absent' => "/home/$name", + default => $homedir, + } - $real_name_comment = $comment ? { - 'absent' => $name, - default => $comment, - } + $real_name_comment = $comment ? { + 'absent' => $name, + default => $comment, + } - $real_sshkey_type = $sshkey_type ? { - 'absent' => "ssh-rsa", - default => $sshkey_type, - } + $real_sshkey_type = $sshkey_type ? { + 'absent' => "ssh-rsa", + default => $sshkey_type, + } - $real_shell = $shell ? { - 'absent' => $operatingsystem ? { - openbsd => "/usr/local/bin/bash", - default => "/bin/bash", - }, - default => $shell, - } + $real_shell = $shell ? { + 'absent' => $operatingsystem ? { + openbsd => "/usr/local/bin/bash", + default => "/bin/bash", + }, + default => $shell, + } - if $managehome == true { - if $ensure == 'absent' { - file{"$real_homedir": - ensure => absent, - purge => true, - force => true, - recurse => true, - } - } else { - file{"$real_homedir": - ensure => directory, - require => User[$name], - owner => $name, mode => $homedir_mode; - } - case $gid { - 'absent','uid': { - File[$real_homedir]{ - group => $name, - } - } - default: { - File[$real_homedir]{ - group => $gid, - } - } - } - } - } else { - if $managehome != false { - if !defined(File[$managehome]) { - file { $managehome: - ensure => present, - owner => $name, - mode => $homedir_mode, - require => User[$name], + if $managehome == true { + if $ensure == 'absent' { + file{"$real_homedir": + ensure => absent, + purge => true, + force => true, + recurse => true, + } + } else { + file{"$real_homedir": + ensure => directory, + require => User[$name], + owner => $name, mode => $homedir_mode; + } + case $gid { + 'absent','uid': { + File[$real_homedir]{ + group => $name, + } + } + default: { + File[$real_homedir]{ + group => $gid, + } + } } + } + } else { + if $managehome != false { + if !defined(File[$managehome]) { + file { $managehome: + ensure => present, + owner => $name, + mode => $homedir_mode, + require => User[$name], } + } - case $gid { - 'absent','uid': { - File[$managehome] { - group => $name, - } + case $gid { + 'absent','uid': { + File[$managehome] { + group => $name, } - default: { - File[$managehome] { - group => $gid, - } + } + default: { + File[$managehome] { + group => $gid, } } + } - file{ "$real_homedir": - ensure => $managehome, - require => File[$managehome], - } + file{ "$real_homedir": + ensure => $managehome, + require => File[$managehome], } } + } - if $uid != 'absent' { - $real_uid = $uid - } else { - $real_uid = false - } + if $uid != 'absent' { + $real_uid = $uid + } else { + $real_uid = false + } - if $gid != 'absent' { - if $gid == 'uid' { - if $uid != 'absent' { - $real_gid = $uid - } else { - $real_gid = false - } + if $gid != 'absent' { + if $gid == 'uid' { + if $uid != 'absent' { + $real_gid = $uid } else { - $real_gid = $gid + $real_gid = false } } else { - $real_gid = false + $real_gid = $gid } + } else { + $real_gid = false + } - # see http://www.mail-archive.com/puppet-users@googlegroups.com/msg00795.html - user { "$title": - ensure => $ensure, - allowdupe => false, - comment => "$real_name_comment", - home => $real_homedir, - managehome => $managehome, - shell => $real_shell, - groups => $real_groups, - membership => $membership, - password => $password, - uid => $real_uid ? { false => undef, default => $real_uid }, - gid => $real_gid ? { false => undef, default => $real_gid }, - } + # see http://www.mail-archive.com/puppet-users@googlegroups.com/msg00795.html + user { "$title": + ensure => $ensure, + allowdupe => false, + comment => "$real_name_comment", + home => $real_homedir, + managehome => $managehome, + shell => $real_shell, + groups => $real_groups, + membership => $membership, + password => $password, + uid => $real_uid ? { false => undef, default => $real_uid }, + gid => $real_gid ? { false => undef, default => $real_gid }, + } - if $refresh_keys == true { - cron { "gpg-refresh-keys-${title}": - command => "/usr/bin/gpg --refresh-keys > /dev/null 2>&1", - user => $title, - hour => "*/1", - minute => "0", - ensure => present, - require => User[$title], - } + if $refresh_keys == true { + cron { "gpg-refresh-keys-${title}": + command => "/usr/bin/gpg --refresh-keys > /dev/null 2>&1", + user => $title, + hour => "*/1", + minute => "0", + ensure => present, + require => User[$title], } + } - # lots of bugs preventing a good implementation for ssh keys - # http://projects.reductivelabs.com/issues/1409 - # http://projects.reductivelabs.com/issues/2004 - # http://projects.reductivelabs.com/issues/2020 - # http://groups.google.com/group/puppet-users/browse_thread/thread/131bc7cdc507e3c8/6b61dbcd0b6a68b5?lnk=raot - if $sshkey != 'absent' { - ssh_authorized_key { "$title": - ensure => $ensure, - key => $sshkey, - user => $title, - options => $sshkey_options, - type => $real_sshkey_type, - target => "$real_homedir/.ssh/authorized_keys", - require => User["$title"], - } + # lots of bugs preventing a good implementation for ssh keys + # http://projects.reductivelabs.com/issues/1409 + # http://projects.reductivelabs.com/issues/2004 + # http://projects.reductivelabs.com/issues/2020 + # http://groups.google.com/group/puppet-users/browse_thread/thread/131bc7cdc507e3c8/6b61dbcd0b6a68b5?lnk=raot + if $sshkey != 'absent' { + ssh_authorized_key { "$title": + ensure => $ensure, + key => $sshkey, + user => $title, + options => $sshkey_options, + type => $real_sshkey_type, + target => "$real_homedir/.ssh/authorized_keys", + require => User["$title"], } } } -- cgit v1.2.3