diff --git a/cdist/conf/type/__group/TODO b/cdist/conf/type/__group/TODO deleted file mode 100644 index c20a5d21..00000000 --- a/cdist/conf/type/__group/TODO +++ /dev/null @@ -1,2 +0,0 @@ -- delete groups - diff --git a/cdist/conf/type/__group/explorer/group b/cdist/conf/type/__group/explorer/group index 4c1e6ac0..07f73a91 100755 --- a/cdist/conf/type/__group/explorer/group +++ b/cdist/conf/type/__group/explorer/group @@ -1,6 +1,6 @@ #!/bin/sh # -# 2011 Steven Armstrong (steven-cdist at armstrong.cc) +# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # diff --git a/cdist/conf/type/__group/explorer/gshadow b/cdist/conf/type/__group/explorer/gshadow index 5ab4ed80..8d40e9e0 100755 --- a/cdist/conf/type/__group/explorer/gshadow +++ b/cdist/conf/type/__group/explorer/gshadow @@ -1,6 +1,6 @@ #!/bin/sh # -# 2011 Steven Armstrong (steven-cdist at armstrong.cc) +# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc) # # This file is part of cdist. # @@ -22,7 +22,6 @@ # name=$__object_id -os_version="$($__explorer/os_version)" os="$($__explorer/os)" if [ "$os" = "freebsd" ]; then @@ -30,13 +29,4 @@ if [ "$os" = "freebsd" ]; then exit 0 fi -case "$os_version" in - "Red Hat Enterprise Linux Server release "[45]*|"CentOS release "[45]*) - # TODO: find a way to get this information - echo "$os_version does not have getent gshadow" - ;; - *) - getent gshadow "$name" || true - ;; -esac - +getent gshadow "$name" || true diff --git a/cdist/conf/type/__group/gencode-remote b/cdist/conf/type/__group/gencode-remote index 1cffa8d4..f3c566d6 100755 --- a/cdist/conf/type/__group/gencode-remote +++ b/cdist/conf/type/__group/gencode-remote @@ -1,6 +1,6 @@ #!/bin/sh # -# 2011 Steven Armstrong (steven-cdist at armstrong.cc) +# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc) # 2011 Nico Schottelius (nico-cdist at schottelius.org) # # This file is part of cdist. @@ -23,91 +23,85 @@ # name="$__object_id" -os_version="$(cat "$__global/explorer/os_version")" os="$(cat "$__global/explorer/os")" -cd "$__object/parameter" -if grep -q "^${name}:" "$__object/explorer/group"; then - for property in $(ls .); do - new_value="$(cat "$property")" - # argument to pass the groupmod command for this property (exceptions - # are made in the case statement below) - proparg="--$property" - case "$property" in - password) - if [ "$os" = "freebsd" ]; then - echo "group/$name: FreeBSD doesn't support password modification" >&2 - exit 1 - fi - case "$os_version" in - "Red Hat Enterprise Linux Server release "[45]*|"CentOS release "[45]*) - # TODO: Use gpasswd? Need to fix gshadow explorer first. - echo "group/$name: '$os_version' groupmod does not support password modification" >&2 - exit 1 +# Use short option names for portability +shorten_property() { + case "$1" in + gid) echo "-g";; + password) echo "-p";; + system) echo "-r";; + esac +} + + +if [ "$state" = "present" ]; then + case "$os" in + freebsd) + supported_add_properties="gid" + supported_change_properties="gid" + ;; + *) + supported_add_properties="gid password system" + supported_change_properties="gid password" + ;; + esac + if grep -q "^${name}:" "$__object/explorer/group"; then + # change existing + for property in $supported_change_properties; do + if [ -f "$__object/parameter/$property" ]; then + new_value="$(cat "$__object/parameter/$property")" + unset current_value + case "$property" in + password) + current_value="$(awk -F: '{ print $2 }' "$__object/explorer/gshadow")" + ;; + gid) + current_value="$(awk -F: '{ print $3 }' "$__object/explorer/group")" ;; esac - current_value="$(awk -F: '{ print $2 }' < "$__object/explorer/gshadow")" - ;; - gid) - # set to -g to support older redhat/centos - proparg="-g" - current_value="$(awk -F: '{ print $3 }' < "$__object/explorer/group")" - ;; - esac - - if [ "$new_value" != "$current_value" ]; then - set -- "$@" "$proparg" \"$new_value\" - echo change $property $new_value $current_value >> "$__messages_out" - fi - done - - if [ $# -gt 0 ]; then - echo mod >> "$__messages_out" - case $os in - freebsd) - echo pw group mod "$@" "$name" - ;; - *) + if [ "$new_value" != "$current_value" ]; then + set -- "$@" "$(shorten_property $property)" \'$new_value\' + echo change $property $new_value $current_value >> "$__messages_out" + fi + fi + done + if [ $# -gt 0 ]; then + if [ "$os" = "freebsd" ]; then + echo pw groupmod "$@" "$name" + else echo groupmod "$@" "$name" - ;; - esac + fi + echo mod >> "$__messages_out" + fi + else + # create new + for property in $supported_change_properties; do + if [ -f "$__object/parameter/$property" ]; then + new_value="$(cat "$__object/parameter/$property")" + if [ -z "$new_value" ]; then + # Boolean parameters have no value + set -- "$@" "$(shorten_property $property)" + else + set -- "$@" "$(shorten_property $property)" \'$new_value\' + fi + fi + if [ "$os" = "freebsd" ]; then + echo pw groupadd "$@" "$name" + else + echo groupadd "$@" "$name" + fi + done fi else - echo add >> "$__messages_out" - for property in $(ls .); do - new_value="$(cat "$property")" + # delete existing + if grep -q "^${name}:" "$__object/explorer/group"; then if [ "$os" = "freebsd" ]; then - case $property in - gid) - proparg="-g" - ;; - password) - echo "group/$name: FreeBSD doesn't support password setting" >&2 - exit 1 - ;; - *) - # The type has been updated to support more properties than it knows how to handle for FreeBSD - # tell the user about this. - echo "Currently unknown property: $property" >&2 - exit 1 - ;; - esac + echo pw groupdel "$name" else - proparg="--$property" + echo groupdel "$name" fi - - set -- "$@" "$proparg" \"$new_value\" - echo set $property $new_value >> "$__messages_out" - done - - case $os in - freebsd) - echo pw group add "$@" "$name" - ;; - *) - echo groupadd "$@" "$name" - ;; - esac + echo remove >> "$__messages_out" + fi fi - diff --git a/cdist/conf/type/__group/man.text b/cdist/conf/type/__group/man.text index def0232f..4b18a552 100644 --- a/cdist/conf/type/__group/man.text +++ b/cdist/conf/type/__group/man.text @@ -20,18 +20,28 @@ None. OPTIONAL PARAMETERS ------------------- +state:: + absent or present, defaults to present gid:: see groupmod(8) password:: see above +BOOLEAN PARAMETERS +------------------ +system:: + see groupadd(8), apply only on group creation + + MESSAGES -------- mod:: group is modified add:: New group added +remove:: + group is removed change :: Changed group property from current_value to new_value set :: @@ -45,6 +55,12 @@ EXAMPLES # Create a group 'foobar' with operating system default settings __group foobar +# Remove the 'foobar' group +__group foobar --state absent + +# Create a system group 'myservice' with operating system default settings +__group myservice --system + # Same but with a specific gid __group foobar --gid 1234 @@ -60,5 +76,5 @@ SEE ALSO COPYING ------- -Copyright \(C) 2011 Steven Armstrong. Free use of this software is +Copyright \(C) 2011-2015 Steven Armstrong. Free use of this software is granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__group/parameter/boolean b/cdist/conf/type/__group/parameter/boolean new file mode 100644 index 00000000..bec3a35e --- /dev/null +++ b/cdist/conf/type/__group/parameter/boolean @@ -0,0 +1 @@ +system diff --git a/cdist/conf/type/__group/parameter/optional b/cdist/conf/type/__group/parameter/optional index 4c661c8f..dd51c173 100644 --- a/cdist/conf/type/__group/parameter/optional +++ b/cdist/conf/type/__group/parameter/optional @@ -1,2 +1,3 @@ gid password +state