From 82283d0b1cb9fb3a002a0add3dde3d6f7bcb479e Mon Sep 17 00:00:00 2001 From: Matthias Stecher Date: Sat, 31 Oct 2020 09:47:38 +0100 Subject: [PATCH] __nextcloud_user: new parameters to prevent changes to the user This adds new parameters `--only-setup` and `--keep-*` to prevent certain parameters to be changed in Nextcloud. This will not apply to the setup. --- type/__nextcloud_user/gencode-remote | 125 +++++++++++++----------- type/__nextcloud_user/man.rst | 52 +++++++++- type/__nextcloud_user/parameter/boolean | 6 ++ 3 files changed, 125 insertions(+), 58 deletions(-) create mode 100644 type/__nextcloud_user/parameter/boolean diff --git a/type/__nextcloud_user/gencode-remote b/type/__nextcloud_user/gencode-remote index f5b0bc4..dd0c715 100644 --- a/type/__nextcloud_user/gencode-remote +++ b/type/__nextcloud_user/gencode-remote @@ -52,7 +52,7 @@ SHELL fi # save that use user will be created and no further steps are required - occ_created="yes" + ignore_config="yes" } # Checks if the key-value exists on the remote side. Only matches first-level @@ -136,84 +136,99 @@ if [ "$state_is" != "$state_should" ]; then esac fi +# Check if the user should not be modified further from the initial setup. +if [ -f "$__object/parameter/only-setup" ]; then + ignore_config="yes" +fi + # Check if some user configuration should be changed # do not run this code if the user will be created in the previous code -if [ "$state_should" != "absent" ] && [ "$occ_created" != "yes" ]; then - # Check if the display name is correct if someone is set - if [ -f "$__object/parameter/displayname" ]; then - displayname="$(cat "$__object/parameter/displayname")" - if ! match_param display_name "$displayname"; then - cat <getUserSession()->getManager()->get("$user")->setDisplayName("$displayname") - or die("Couldn'\''t modify $user display name! Maybe unsupported or already set ..".PHP_EOL);' + or print("Couldn'\''t modify $user display name! Maybe unsupported or already set ..".PHP_EOL) + and die(1);' SU SHELL + fi + fi + # the display name can not be unset + fi + + if ! [ -f "$__object/paramter/keep-email" ]; then + # Check if the email address is correct + if [ -f "$__object/parameter/email" ]; then + email="$(cat "$__object/parameter/email")" + if ! match_param email "$email"; then + occ user:setting -- "'$user'" settings email "'$email'" + fi + else + # remove if it doesn't exist + if ! match_param email ""; then + occ user:setting --delete -- "'$user'" settings email + fi fi fi - # Check if the email address is correct - if [ -f "$__object/parameter/email" ]; then - email="$(cat "$__object/parameter/email")" - if ! match_param email "$email"; then - occ user:setting -- "'$user'" settings email "'$email'" - fi - else - # remove if it doesn't exist - if ! match_param email ""; then - occ user:setting --delete -- "'$user'" settings email - fi - fi - - # Check state of the password - # explorer handles missing passwords already - if [ "$(cat "$__object/explorer/password")" = "mismatched" ]; then - cat < "$__object/files/explorer_groups" + if ! [ -f "$__object/parameter/keep-groups" ]; then + # Handle the user groups + # extract all groups set by remote + mkdir -p "$__object/files" + # check the spaces before the value to match all sub-categories + awk '/^ -/{start=0} start{print $2} $0 == " - groups:"{start=1}' \ + "$__object/explorer/user" > "$__object/files/explorer_groups" - # Add/Remove groups not set via the parameter - if [ -s "$__object/parameter/group" ]; then - # Get all groups to remove - grep -Fxv -f "$__object/parameter/group" \ - "$__object/files/explorer_groups" > "$__object/files/group.del" || true - # Get all groups to add - grep -Fxv -f "$__object/files/explorer_groups" \ - "$__object/parameter/group" > "$__object/files/group.add" || true + # Add/Remove groups not set via the parameter + if [ -s "$__object/parameter/group" ]; then + # Get all groups to remove + grep -Fxv -f "$__object/parameter/group" \ + "$__object/files/explorer_groups" > "$__object/files/group.del" || true + # Get all groups to add + grep -Fxv -f "$__object/files/explorer_groups" \ + "$__object/parameter/group" > "$__object/files/group.add" || true - # No user groups at all if nothing wanted by the user - else - # remove all groups to stay inline with the user parameter - cp "$__object/files/explorer_groups" "$__object/files/group.del" - fi + # No user groups at all if nothing wanted by the user + else + # remove all groups to stay inline with the user parameter + cp "$__object/files/explorer_groups" "$__object/files/group.del" + fi - # Remove all groups not exist anymore - if [ -s "$__object/files/group.del" ]; then - while read -r GROUP; do - occ group:removeuser "'$GROUP'" "'$user'" - done < "$__object/files/group.del" - fi + # Remove all groups not exist anymore + if [ -s "$__object/files/group.del" ]; then + while read -r GROUP; do + occ group:removeuser "'$GROUP'" "'$user'" + done < "$__object/files/group.del" + fi - # Add all existing groups - if [ -s "$__object/files/group.add" ]; then - while read -r GROUP; do - occ group:adduser "'$GROUP'" "'$user'" - done < "$__object/files/group.add" + # Add all existing groups + if [ -s "$__object/files/group.add" ]; then + while read -r GROUP; do + occ group:adduser "'$GROUP'" "'$user'" + done < "$__object/files/group.add" + fi fi fi diff --git a/type/__nextcloud_user/man.rst b/type/__nextcloud_user/man.rst index 3a51a98..f68a092 100644 --- a/type/__nextcloud_user/man.rst +++ b/type/__nextcloud_user/man.rst @@ -9,6 +9,10 @@ cdist-type__nextcloud_user - Setup a Nextcloud user DESCRIPTION ----------- It manages a single Nextcloud user given by the object id or parameter `--user`. +This type can create and manage most properties of the Nextcloud user. If you +only want to setup the user, but want that the user will take full control over +all settings (so cdist will not touch the user anymore), use the parameter +`--only-setup` or `--keep-*` for special parameters. REQUIRED PARAMETERS @@ -44,13 +48,21 @@ www-user webserver and cli execution. As default, `www-data` will be used. displayname - The display name the user should have. + The display name the user should have. As the display name can not be unset + or set to empty, this type will ignore the display name if this parameter + is not set. Setting the parameter to an empty string leads to an error from + the Nextcloud side. email - The email address of the Nextcloud user. + The email address of the Nextcloud user. Will be unset if no parameter + given. password - The password of the Nextcloud user. + The password of the Nextcloud user. If the password not match, the new + password will be set to the user. If no password is given, it will not + touch the current password. **A password is required for the user setup!** + If you do not want to modify the user password, set a password via this + parameter and set the parameter `--keep-password`. quota TBA. @@ -60,6 +72,40 @@ group user will be removed from every group he is in. +BOOLEAN PARAMETERS +------------------ +only-setup + Only provisioning the user if he does not exist. Do not touch the user if + he already exists (except to enforce the given state). + +keep-displayname + Do not touch the display name of the user if he is already set up. This + will avoid to delete the user-set value because it does not match with the + predefined state. If the parameter `--displayname` is set despite of this + parameter, it will be used in the user setup if he does not already exist. + +keep-email + Do not touch the email attributes of the user if he is already set up. This + will avoid to delete the user-set value because it does not match with the + predefined state. If the parameter `--email` is set despite of this + parameter, it will be used in the user setup if he does not already exist. + +keep-password + Do not touch the password if the user is already set up. This will avoid to + delete user-set passwords because they do not match with the predefined + state. If the parameter `--password` is set despite of this parameter, it + will be used in the user setup if he does not already exists. + +keep-quota + TBA. + +keep-groups + Do not touch the user groups if the user is already set up. This will avoid + to delete group assosiactions not defined via cdist. If the parameter + `--group` is set despite of this parameter, it will be used in the user + setup if he does not already exists. + + MESSAGES -------- created diff --git a/type/__nextcloud_user/parameter/boolean b/type/__nextcloud_user/parameter/boolean new file mode 100644 index 0000000..cf0a40a --- /dev/null +++ b/type/__nextcloud_user/parameter/boolean @@ -0,0 +1,6 @@ +only-setup +keep-displayname +keep-email +keep-password +keep-quota +keep-groups