Skip to content

Commit 46468c8

Browse files
cmd-ntrfcmd-ntrf
authored
Merge pull request #312 from mboisson/generalize_local_users
Generalize local_user to make more parameters parametrizable
2 parents 820953c + 7ed94c1 commit 46468c8

File tree

2 files changed

+40
-12
lines changed

2 files changed

+40
-12
lines changed

README.md

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1407,14 +1407,22 @@ only type of users in Magic Castle allowed to be sudoers.
14071407
| `users` | Dictionary of users to be created locally | Hash[profile::users::local_user] |
14081408

14091409
A `profile::users::local_user` is defined as a dictionary with the following keys:
1410-
| Variable | Description | Type | Optional ? |
1411-
| ----------------- | :-----------------------------------------------| :-------------- | --------- |
1412-
| `groups` | List of groups the user has to be part of | Array[String] | No |
1413-
| `public_keys` | List of ssh authorized keys for the user | Array[String] | No |
1414-
| `sudoer` | If enable, the user can sudo without password | Boolean | Yes |
1415-
| `selinux_user` | SELinux context for the user | String | Yes |
1416-
| `mls_range` | MLS Range for the user | String | Yes |
1410+
| Variable | Description | Type | Optional ? (default) |
1411+
| ----------------- | :-----------------------------------------------| :-------------- | ------------------- |
1412+
| `groups` | List of groups the user has to be part of | Array[String] | No |
1413+
| `public_keys` | List of ssh authorized keys for the user | Array[String] | No |
1414+
| `sudoer` | If enable, the user can sudo without password | Boolean | Yes (false) |
1415+
| `selinux_user` | SELinux context for the user | String | Yes (unconfined_u) |
1416+
| `mls_range` | MLS Range for the user | String | Yes (s0-s0:c0.c1023) |
14171417
| `authenticationmethods` | Specifies AuthenticationMethods value for this user in sshd_config | String | Yes |
1418+
| `manage_home` | Whether we manage the home folder | Boolean | Yes (true) |
1419+
| `purge_ssh_keys` | Whether we purge ssh keys | Boolean | Yes (true) |
1420+
| `shell` | Default shell of the user | String | Yes (/bin/bash) |
1421+
| `uid` | UID of the user | Integer | Yes (undef) |
1422+
| `gid` | GID of the user | Integer | Yes (undef) |
1423+
| `group` | Primary group name of the user | String | No (username) |
1424+
| `home` | Home directory of the user | String | Yes (/username) |
1425+
14181426

14191427
<details>
14201428
<summary>default values</summary>

site/profile/manifests/users.pp

Lines changed: 25 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -128,19 +128,39 @@
128128
String $selinux_user = 'unconfined_u',
129129
String $mls_range = 's0-s0:c0.c1023',
130130
String $authenticationmethods = '',
131+
Boolean $manage_home = true,
132+
Boolean $purge_ssh_keys = true,
133+
Optional[String] $shell = undef,
134+
Optional[Integer] $uid = undef,
135+
Optional[Integer] $gid = undef,
136+
String $group = $name,
137+
String $home = "/${name}",
131138
) {
139+
ensure_resource('group', $group, {
140+
ensure => present,
141+
gid => $gid,
142+
forcelocal => true,
143+
}
144+
)
132145
# Configure local account and ssh keys
133146
user { $name:
134147
ensure => present,
135148
forcelocal => true,
149+
uid => $uid,
150+
gid => $group,
136151
groups => $groups,
137-
home => "/${name}",
138-
purge_ssh_keys => true,
139-
managehome => true,
140-
notify => Selinux::Exec_restorecon["/${name}"],
152+
home => $home,
153+
purge_ssh_keys => $purge_ssh_keys,
154+
managehome => $manage_home,
155+
shell => $shell,
156+
require => Group[$group],
141157
}
142158

143-
selinux::exec_restorecon { "/${name}": }
159+
if $manage_home {
160+
selinux::exec_restorecon { $home:
161+
subscribe=> User[$name]
162+
}
163+
}
144164

145165
$public_keys.each | Integer $index, String $sshkey | {
146166
$split = split($sshkey, ' ')

0 commit comments

Comments
 (0)