cleanup and rewrite

- add new --state parameter and support for deleting groups
- add new --system parameter to create system groups if supported by the
  os
- remove special case for legacy redhat/centos versions, they are long
  gone

Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>

cdist/conf/type/__group/TODO

@@ -1,2 +0,0 @@
-- delete groups
-

cdist/conf/type/__group/explorer/group

@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
 #
 # This file is part of cdist.
 #

cdist/conf/type/__group/explorer/gshadow

@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
 #
 # This file is part of cdist.
 #
@@ -22,7 +22,6 @@
 #
 
 name=$__object_id
-os_version="$($__explorer/os_version)"
 os="$($__explorer/os)"
 
 if [ "$os" = "freebsd" ]; then
@@ -30,13 +29,4 @@ if [ "$os" = "freebsd" ]; then
    exit 0
 fi
 
-case "$os_version" in
-   "Red Hat Enterprise Linux Server release "[45]*|"CentOS release "[45]*)
-      # TODO: find a way to get this information
-      echo "$os_version does not have getent gshadow"
-   ;;
-   *)
-      getent gshadow "$name" || true
-   ;;
-esac
-
+getent gshadow "$name" || true

cdist/conf/type/__group/gencode-remote

@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
+# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2011 Nico Schottelius (nico-cdist at schottelius.org)
 #
 # This file is part of cdist.
@@ -23,91 +23,85 @@
 #
 
 name="$__object_id"
-os_version="$(cat "$__global/explorer/os_version")"
 os="$(cat "$__global/explorer/os")"
 
-cd "$__object/parameter"
-if grep -q "^${name}:" "$__object/explorer/group"; then
-   for property in $(ls .); do
-      new_value="$(cat "$property")"
-      # argument to pass the groupmod command for this property (exceptions
-      # are made in the case statement below)
-      proparg="--$property"
 
-      case "$property" in
-         password)
-            if [ "$os" = "freebsd" ]; then
-               echo "group/$name: FreeBSD doesn't support password modification" >&2
-               exit 1
-            fi
-            case "$os_version" in
-               "Red Hat Enterprise Linux Server release "[45]*|"CentOS release "[45]*)
-                  # TODO: Use gpasswd?  Need to fix gshadow explorer first.
-                  echo "group/$name: '$os_version' groupmod does not support password modification" >&2
-                  exit 1
+# Use short option names for portability
+shorten_property() {
+   case "$1" in
+      gid) echo "-g";;
+      password) echo "-p";;
+      system) echo "-r";;
+   esac
+}
+
+
+if [ "$state" = "present" ]; then
+   case "$os" in
+      freebsd)
+         supported_add_properties="gid"
+         supported_change_properties="gid"
+      ;;
+      *)
+         supported_add_properties="gid password system"
+         supported_change_properties="gid password"
+      ;;
+   esac
+   if grep -q "^${name}:" "$__object/explorer/group"; then
+      # change existing
+      for property in $supported_change_properties; do
+         if [ -f "$__object/parameter/$property" ]; then
+            new_value="$(cat "$__object/parameter/$property")"
+            unset current_value
+            case "$property" in
+               password)
+                  current_value="$(awk -F: '{ print $2 }' "$__object/explorer/gshadow")"
+               ;;
+               gid)
+                  current_value="$(awk -F: '{ print $3 }' "$__object/explorer/group")"
                ;;
             esac
-            current_value="$(awk -F: '{ print $2 }' < "$__object/explorer/gshadow")"
-         ;;
-         gid)
-            # set to -g to support older redhat/centos
-            proparg="-g"
-            current_value="$(awk -F: '{ print $3 }' < "$__object/explorer/group")"
-         ;;
-      esac
-
-      if [ "$new_value" != "$current_value" ]; then
-         set -- "$@" "$proparg" \"$new_value\"
-         echo change $property $new_value $current_value >> "$__messages_out"
-      fi
-   done
-
-   if [ $# -gt 0 ]; then
-      echo mod >> "$__messages_out"
-      case $os in
-         freebsd)
-            echo pw group mod "$@" "$name"
-            ;;
-         *)
+            if [ "$new_value" != "$current_value" ]; then
+               set -- "$@" "$(shorten_property $property)" \'$new_value\'
+               echo change $property $new_value $current_value >> "$__messages_out"
+            fi
+         fi
+      done
+      if [ $# -gt 0 ]; then
+         if [ "$os" = "freebsd" ]; then
+            echo pw groupmod "$@" "$name"
+         else
             echo groupmod "$@" "$name"
-            ;;
-      esac
+         fi
+         echo mod >> "$__messages_out"
+      fi
+   else
+      # create new
+      for property in $supported_change_properties; do
+         if [ -f "$__object/parameter/$property" ]; then
+            new_value="$(cat "$__object/parameter/$property")"
+            if [ -z "$new_value" ]; then
+               # Boolean parameters have no value
+               set -- "$@" "$(shorten_property $property)"
+            else
+               set -- "$@" "$(shorten_property $property)" \'$new_value\'
+            fi
+         fi
+         if [ "$os" = "freebsd" ]; then
+            echo pw groupadd "$@" "$name"
+         else
+            echo groupadd "$@" "$name"
+         fi
+      done
    fi
 else
-   echo add >> "$__messages_out"
-   for property in $(ls .); do
-      new_value="$(cat "$property")"
+   # delete existing
+   if grep -q "^${name}:" "$__object/explorer/group"; then
       if [ "$os" = "freebsd" ]; then
-         case $property in
-            gid)
-               proparg="-g"
-               ;;
-            password)
-               echo "group/$name: FreeBSD doesn't support password setting" >&2
-               exit 1
-               ;;
-            *)
-               # The type has been updated to support more properties than it knows how to handle for FreeBSD
-               # tell the user about this.
-               echo "Currently unknown property: $property" >&2
-               exit 1
-               ;;
-         esac
+         echo pw groupdel "$name"
       else
-         proparg="--$property"
+         echo groupdel "$name"
       fi
-
-      set -- "$@" "$proparg" \"$new_value\"
-      echo set $property $new_value >> "$__messages_out"
-   done
-
-   case $os in
-      freebsd)
-         echo pw group add "$@" "$name"
-         ;;
-      *)
-         echo groupadd "$@" "$name"
-         ;;
-   esac
+      echo remove >> "$__messages_out"
+   fi
 fi
-

cdist/conf/type/__group/man.text

@@ -20,18 +20,28 @@ None.
 
 OPTIONAL PARAMETERS
 -------------------
+state::
+    absent or present, defaults to present
 gid::
    see groupmod(8)
 password::
    see above
 
 
+BOOLEAN PARAMETERS
+------------------
+system::
+    see groupadd(8), apply only on group creation
+
+
 MESSAGES
 --------
 mod::
     group is modified
 add::
     New group added
+remove::
+    group is removed
 change <property> <new_value> <current_value>::
     Changed group property from current_value to new_value
 set <property> <new_value>::
@@ -45,6 +55,12 @@ EXAMPLES
 # Create a group 'foobar' with operating system default settings
 __group foobar
 
+# Remove the 'foobar' group
+__group foobar --state absent
+
+# Create a system group 'myservice' with operating system default settings
+__group myservice --system
+
 # Same but with a specific gid
 __group foobar --gid 1234
 
@@ -60,5 +76,5 @@ SEE ALSO
 
 COPYING
 -------
-Copyright \(C) 2011 Steven Armstrong. Free use of this software is
+Copyright \(C) 2011-2015 Steven Armstrong. Free use of this software is
 granted under the terms of the GNU General Public License version 3 (GPLv3).

cdist/conf/type/__group/parameter/boolean

@@ -0,0 +1 @@
+system

cdist/conf/type/__group/parameter/optional

@@ -1,2 +1,3 @@
 gid
 password
+state