cleanup and rewrite

- add new --state parameter and support for deleting groups
- add new --system parameter to create system groups if supported by the
  os
- remove special case for legacy redhat/centos versions, they are long
  gone

Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>
This commit is contained in:
Steven Armstrong 2015-01-20 21:29:04 +01:00
parent 0cf170b18e
commit d247f083e8
7 changed files with 93 additions and 93 deletions

View file

@ -1,2 +0,0 @@
- delete groups

View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# 2011 Steven Armstrong (steven-cdist at armstrong.cc) # 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
# #
# This file is part of cdist. # This file is part of cdist.
# #

View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# 2011 Steven Armstrong (steven-cdist at armstrong.cc) # 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
# #
# This file is part of cdist. # This file is part of cdist.
# #
@ -22,7 +22,6 @@
# #
name=$__object_id name=$__object_id
os_version="$($__explorer/os_version)"
os="$($__explorer/os)" os="$($__explorer/os)"
if [ "$os" = "freebsd" ]; then if [ "$os" = "freebsd" ]; then
@ -30,13 +29,4 @@ if [ "$os" = "freebsd" ]; then
exit 0 exit 0
fi fi
case "$os_version" in getent gshadow "$name" || true
"Red Hat Enterprise Linux Server release "[45]*|"CentOS release "[45]*)
# TODO: find a way to get this information
echo "$os_version does not have getent gshadow"
;;
*)
getent gshadow "$name" || true
;;
esac

View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# 2011 Steven Armstrong (steven-cdist at armstrong.cc) # 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
# 2011 Nico Schottelius (nico-cdist at schottelius.org) # 2011 Nico Schottelius (nico-cdist at schottelius.org)
# #
# This file is part of cdist. # This file is part of cdist.
@ -23,91 +23,85 @@
# #
name="$__object_id" name="$__object_id"
os_version="$(cat "$__global/explorer/os_version")"
os="$(cat "$__global/explorer/os")" os="$(cat "$__global/explorer/os")"
cd "$__object/parameter"
if grep -q "^${name}:" "$__object/explorer/group"; then
for property in $(ls .); do
new_value="$(cat "$property")"
# argument to pass the groupmod command for this property (exceptions
# are made in the case statement below)
proparg="--$property"
case "$property" in # Use short option names for portability
password) shorten_property() {
if [ "$os" = "freebsd" ]; then case "$1" in
echo "group/$name: FreeBSD doesn't support password modification" >&2 gid) echo "-g";;
exit 1 password) echo "-p";;
fi system) echo "-r";;
case "$os_version" in esac
"Red Hat Enterprise Linux Server release "[45]*|"CentOS release "[45]*) }
# TODO: Use gpasswd? Need to fix gshadow explorer first.
echo "group/$name: '$os_version' groupmod does not support password modification" >&2
exit 1 if [ "$state" = "present" ]; then
case "$os" in
freebsd)
supported_add_properties="gid"
supported_change_properties="gid"
;;
*)
supported_add_properties="gid password system"
supported_change_properties="gid password"
;;
esac
if grep -q "^${name}:" "$__object/explorer/group"; then
# change existing
for property in $supported_change_properties; do
if [ -f "$__object/parameter/$property" ]; then
new_value="$(cat "$__object/parameter/$property")"
unset current_value
case "$property" in
password)
current_value="$(awk -F: '{ print $2 }' "$__object/explorer/gshadow")"
;;
gid)
current_value="$(awk -F: '{ print $3 }' "$__object/explorer/group")"
;; ;;
esac esac
current_value="$(awk -F: '{ print $2 }' < "$__object/explorer/gshadow")" if [ "$new_value" != "$current_value" ]; then
;; set -- "$@" "$(shorten_property $property)" \'$new_value\'
gid) echo change $property $new_value $current_value >> "$__messages_out"
# set to -g to support older redhat/centos fi
proparg="-g" fi
current_value="$(awk -F: '{ print $3 }' < "$__object/explorer/group")" done
;; if [ $# -gt 0 ]; then
esac if [ "$os" = "freebsd" ]; then
echo pw groupmod "$@" "$name"
if [ "$new_value" != "$current_value" ]; then else
set -- "$@" "$proparg" \"$new_value\"
echo change $property $new_value $current_value >> "$__messages_out"
fi
done
if [ $# -gt 0 ]; then
echo mod >> "$__messages_out"
case $os in
freebsd)
echo pw group mod "$@" "$name"
;;
*)
echo groupmod "$@" "$name" echo groupmod "$@" "$name"
;; fi
esac echo mod >> "$__messages_out"
fi
else
# create new
for property in $supported_change_properties; do
if [ -f "$__object/parameter/$property" ]; then
new_value="$(cat "$__object/parameter/$property")"
if [ -z "$new_value" ]; then
# Boolean parameters have no value
set -- "$@" "$(shorten_property $property)"
else
set -- "$@" "$(shorten_property $property)" \'$new_value\'
fi
fi
if [ "$os" = "freebsd" ]; then
echo pw groupadd "$@" "$name"
else
echo groupadd "$@" "$name"
fi
done
fi fi
else else
echo add >> "$__messages_out" # delete existing
for property in $(ls .); do if grep -q "^${name}:" "$__object/explorer/group"; then
new_value="$(cat "$property")"
if [ "$os" = "freebsd" ]; then if [ "$os" = "freebsd" ]; then
case $property in echo pw groupdel "$name"
gid)
proparg="-g"
;;
password)
echo "group/$name: FreeBSD doesn't support password setting" >&2
exit 1
;;
*)
# The type has been updated to support more properties than it knows how to handle for FreeBSD
# tell the user about this.
echo "Currently unknown property: $property" >&2
exit 1
;;
esac
else else
proparg="--$property" echo groupdel "$name"
fi fi
echo remove >> "$__messages_out"
set -- "$@" "$proparg" \"$new_value\" fi
echo set $property $new_value >> "$__messages_out"
done
case $os in
freebsd)
echo pw group add "$@" "$name"
;;
*)
echo groupadd "$@" "$name"
;;
esac
fi fi

View file

@ -20,18 +20,28 @@ None.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
state::
absent or present, defaults to present
gid:: gid::
see groupmod(8) see groupmod(8)
password:: password::
see above see above
BOOLEAN PARAMETERS
------------------
system::
see groupadd(8), apply only on group creation
MESSAGES MESSAGES
-------- --------
mod:: mod::
group is modified group is modified
add:: add::
New group added New group added
remove::
group is removed
change <property> <new_value> <current_value>:: change <property> <new_value> <current_value>::
Changed group property from current_value to new_value Changed group property from current_value to new_value
set <property> <new_value>:: set <property> <new_value>::
@ -45,6 +55,12 @@ EXAMPLES
# Create a group 'foobar' with operating system default settings # Create a group 'foobar' with operating system default settings
__group foobar __group foobar
# Remove the 'foobar' group
__group foobar --state absent
# Create a system group 'myservice' with operating system default settings
__group myservice --system
# Same but with a specific gid # Same but with a specific gid
__group foobar --gid 1234 __group foobar --gid 1234
@ -60,5 +76,5 @@ SEE ALSO
COPYING COPYING
------- -------
Copyright \(C) 2011 Steven Armstrong. Free use of this software is Copyright \(C) 2011-2015 Steven Armstrong. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3). granted under the terms of the GNU General Public License version 3 (GPLv3).

View file

@ -0,0 +1 @@
system

View file

@ -1,2 +1,3 @@
gid gid
password password
state