extended type __user: parameter state, system, remove-home new

cdist/conf/type/__user/TODO

@@ -1,2 +0,0 @@
-- delete users
-

cdist/conf/type/__user/gencode-remote

@@ -2,6 +2,7 @@
 #
 # 2011 Steven Armstrong (steven-cdist at armstrong.cc)
 # 2011 Nico Schottelius (nico-cdist at schottelius.org)
+# 2013 Daniel Heule (hda at sfs.biz)
 #
 # This file is part of cdist.
 #
@@ -21,11 +22,14 @@
 #
 # Manage users.
 #
+#set -x
 
 name="$__object_id"
 
 os="$(cat "$__global/explorer/os")"
 
+state=$(cat "$__object/parameter/state")
+
 # We need to shorten options for both usermod and useradd since on some
 # systems (such as *BSD, Darwin) those commands do not handle GNU style long
 # options.
@@ -40,80 +44,97 @@ shorten_property() {
 	shell) ret="-s";;
 	uid) ret="-u";;
     create-home) ret="-m";;
+    system) ret="-r";;
     esac
     echo "$ret"
 }
 
-cd "$__object/parameter"
+if [ "$state" = "present" ]; then
-if grep -q "^${name}:" "$__object/explorer/passwd"; then
+    cd "$__object/parameter"
-   for property in $(ls .); do
+    if grep -q "^${name}:" "$__object/explorer/passwd"; then
-      new_value="$(cat "$property")"
+       for property in $(ls .); do
-      unset current_value
+          new_value="$(cat "$property")"
+          unset current_value
 
-      file="$__object/explorer/passwd"
+          file="$__object/explorer/passwd"
 
-      case "$property" in
+          case "$property" in
-         gid)
+             gid)
-            if $(echo "$new_value" | grep -q '^[0-9][0-9]*$'); then
+                if $(echo "$new_value" | grep -q '^[0-9][0-9]*$'); then
-               field=4
+                   field=4
+                else
+                   # We were passed a group name.  Compare the gid in
+                   # the user's /etc/passwd entry with the gid of the
+                   # group returned by the group explorer.
+                   gid_from_group=$(awk -F: '{ print $3 }' "$__object/explorer/group")
+                   gid_from_passwd=$(awk -F: '{ print $4 }' "$file")
+                   if [ "$gid_from_group" != "$gid_from_passwd" ]; then
+                      current_value="$gid_from_passwd"
+                   else
+                      current_value="$new_value"
+                   fi
+                fi
+             ;;
+             password)
+                field=2
+                file="$__object/explorer/shadow"
+             ;;
+             comment) field=5 ;;
+             home)    field=6 ;;
+             shell)   field=7 ;;
+             uid)     field=3 ;;
+             create-home) continue;; # Does not apply to user modification
+             system) continue;; # Does not apply to user modification
+             state) continue;; # Does not apply to user modification
+             remove-home) continue;; # Does not apply to user modification
+          esac
+
+          # If we haven't already set $current_value above, pull it from the
+          # appropriate file/field.
+          if [ -z "$current_value" ]; then
+             export field
+             current_value="$(awk -F: '{ print $ENVIRON["field"] }' < "$file")"
+          fi
+
+          if [ "$new_value" != "$current_value" ]; then
+              set -- "$@" "$(shorten_property $property)" \'$new_value\'
+          fi
+       done
+
+       if [ $# -gt 0 ]; then
+          if [ "$os" = "freebsd" ]; then
+             echo pw usermod "$@" "$name"
+          else
+             echo usermod "$@" "$name"
+          fi
+       else
+          true
+       fi
+    else
+        for property in $(ls .); do
+            [ "$property" = "state" ] && continue
+            [ "$property" = "remove-home" ] && continue
+            new_value="$(cat "$property")"
+            if [ -z "$new_value" ];then       # Boolean values have no value
+              set -- "$@" "$(shorten_property $property)"
             else
-               # We were passed a group name.  Compare the gid in
+              set -- "$@" "$(shorten_property $property)" \'$new_value\'
-               # the user's /etc/passwd entry with the gid of the
-               # group returned by the group explorer.
-               gid_from_group=$(awk -F: '{ print $3 }' "$__object/explorer/group")
-               gid_from_passwd=$(awk -F: '{ print $4 }' "$file")
-               if [ "$gid_from_group" != "$gid_from_passwd" ]; then
-                  current_value="$gid_from_passwd"
-               else
-                  current_value="$new_value"
-               fi
             fi
-         ;;
+        done
-         password)
-            field=2
-            file="$__object/explorer/shadow"
-         ;;
-         comment) field=5 ;;
-         home)    field=6 ;;
-         shell)   field=7 ;;
-         uid)     field=3 ;;
-         create-home) continue;; # Does not apply to user modification
-      esac
 
-      # If we haven't already set $current_value above, pull it from the
+       if [ "$os" = "freebsd" ]; then
-      # appropriate file/field.
+          echo pw useradd "$@" "$name"
-      if [ -z "$current_value" ]; then
+       else
-         export field
+          echo useradd "$@" "$name"
-         current_value="$(awk -F: '{ print $ENVIRON["field"] }' < "$file")"
+       fi
-      fi
+    fi
-
-      if [ "$new_value" != "$current_value" ]; then
-          set -- "$@" "$(shorten_property $property)" \'$new_value\'
-      fi
-   done
-
-   if [ $# -gt 0 ]; then
-      if [ "$os" = "freebsd" ]; then
-         echo pw usermod "$@" "$name"
-      else
-         echo usermod "$@" "$name"
-      fi
-   else
-      true
-   fi
 else
-   for property in $(ls .); do
+    if grep -q "^${name}:" "$__object/explorer/passwd"; then
-      new_value="$(cat "$property")"
+        #user exists, but state != present, so delete it
-      if [ -z "$new_value" ];then       # Boolean values have no value
+        if [ -f "$__object/parameter/remove-home" ]; then
-          set -- "$@" "$(shorten_property $property)"
+            echo userdel -r "${name}"
-      else
+        else
-          set -- "$@" "$(shorten_property $property)" \'$new_value\'
+            echo userdel "${name}"
-      fi
+        fi
-   done
+    fi
-
-   if [ "$os" = "freebsd" ]; then
-      echo pw useradd "$@" "$name"
-   else
-      echo useradd "$@" "$name"
-   fi
 fi

cdist/conf/type/__user/man.text

@@ -20,19 +20,29 @@ None.
 
 OPTIONAL PARAMETERS
 -------------------
+state::
+    absent or present, defaults to present
 comment::
-   see usermod(8)
+    see usermod(8)
 home::
-   see above
+    see above
 gid::
-   see above
+    see above
 password::
-   see above
+    see above
 shell::
-   see above
+    see above
 uid::
-   see above
+    see above
+system::
+    see above
 
+BOOLEAN PARAMETERS
+------------------
+create-home::
+    see useradd(8), apply only on user create
+remove-home::
+    see userdel(8), apply only on user delete
 
 EXAMPLES
 --------
@@ -44,8 +54,14 @@ __user foobar
 # Same but with a different shell
 __user foobar --shell /bin/zsh
 
+# Same but for a system account
+__user foobar --system
+
 # Set explicit uid and home
 __user foobar --uid 1001 --shell /bin/zsh --home /home/foobar
+
+# Drop user if exists
+__user foobar --state absent
 --------------------------------------------------------------------------------
 
 

cdist/conf/type/__user/parameter/boolean

@@ -1 +1,3 @@
 create-home
+remove-home
+system

cdist/conf/type/__user/parameter/default/state

@@ -0,0 +1 @@
+present

cdist/conf/type/__user/parameter/optional

@@ -1,3 +1,4 @@
+state
 comment
 home
 gid