Class: Chef::Provider::User
- Inherits:
-
Chef::Provider
- Object
- Chef::Provider
- Chef::Provider::User
- Defined in:
- lib/chef/provider/user.rb,
lib/chef/provider/user/pw.rb,
lib/chef/provider/user/aix.rb,
lib/chef/provider/user/mac.rb,
lib/chef/provider/user/dscl.rb,
lib/chef/provider/user/linux.rb,
lib/chef/provider/user/solaris.rb,
lib/chef/provider/user/windows.rb
Defined Under Namespace
Classes: Aix, Dscl, Linux, MacUser, Pw, Solaris, Windows
Instance Attribute Summary collapse
-
#change_desc ⇒ Object
Returns the value of attribute change_desc.
-
#locked ⇒ Object
Returns the value of attribute locked.
-
#user_exists ⇒ Object
Returns the value of attribute user_exists.
Attributes inherited from Chef::Provider
#action, #after_resource, #current_resource, #logger, #new_resource, #run_context
Instance Method Summary collapse
- #check_lock ⇒ Object
-
#compare_user ⇒ Object
Check to see if the user needs any changes.
- #convert_group_name ⇒ Object
- #create_user ⇒ Object
- #define_resource_requirements ⇒ Object
-
#initialize(new_resource, run_context) ⇒ User
constructor
A new instance of User.
- #load_current_resource ⇒ Object
- #load_shadow_options ⇒ Object
- #lock_user ⇒ Object
- #manage_user ⇒ Object
- #remove_user ⇒ Object
-
#supports_ruby_shadow? ⇒ Boolean
An overridable for platforms that do not support ruby shadow.
- #unlock_user ⇒ Object
Methods inherited from Chef::Provider
action, action_description, action_descriptions, #action_nothing, #check_resource_semantics!, #cleanup_after_converge, #compile_and_converge_action, #converge_by, #converge_if_changed, #cookbook_name, #description, #events, include_resource_dsl?, include_resource_dsl_module, #introduced, #load_after_resource, #node, #process_resource_requirements, provides, provides?, #recipe_name, #requirements, #resource_collection, #resource_updated?, #run_action, #set_updated_status, supports?, use, use_inline_resources, #validate_required_properties!, #whyrun_mode?, #whyrun_supported?
Methods included from Mixin::Provides
#provided_as, #provides, #provides?
Methods included from Mixin::DescendantsTracker
#descendants, descendants, direct_descendants, #direct_descendants, find_descendants_by_name, #find_descendants_by_name, #inherited, store_inherited
Methods included from Mixin::LazyModuleInclude
#descendants, #include, #included
Methods included from Mixin::PowershellOut
#powershell_out, #powershell_out!
Methods included from Mixin::WindowsArchitectureHelper
#assert_valid_windows_architecture!, #disable_wow64_file_redirection, #forced_32bit_override_required?, #is_i386_process_on_x86_64_windows?, #node_supports_windows_architecture?, #node_windows_architecture, #restore_wow64_file_redirection, #valid_windows_architecture?, #with_os_architecture, #wow64_architecture_override_required?, #wow64_directory
Methods included from DSL::Secret
#default_secret_config, #default_secret_service, #secret, #with_secret_config, #with_secret_service
Methods included from DSL::RenderHelpers
#render_json, #render_toml, #render_yaml
Methods included from DSL::ReaderHelpers
#parse_file, #parse_json, #parse_toml, #parse_yaml
Methods included from DSL::Powershell
Methods included from DSL::RegistryHelper
#registry_data_exists?, #registry_get_subkeys, #registry_get_values, #registry_has_subkeys?, #registry_key_exists?, #registry_value_exists?
Methods included from DSL::ChefVault
#chef_vault, #chef_vault_item, #chef_vault_item_for_environment
Methods included from DSL::DataQuery
#data_bag, #data_bag_item, #search, #tagged?
Methods included from EncryptedDataBagItem::CheckEncrypted
Methods included from DSL::PlatformIntrospection
#older_than_win_2012_or_8?, #platform?, #platform_family?, #value_for_platform, #value_for_platform_family
Methods included from DSL::Recipe
#exec, #have_resource_class_for?, #resource_class_for
Methods included from DSL::Definitions
add_definition, #evaluate_resource_definition, #has_resource_definition?
Methods included from DSL::Resources
add_resource_dsl, remove_resource_dsl
Methods included from DSL::Cheffish
Methods included from DSL::RebootPending
Methods included from DSL::IncludeRecipe
Methods included from Mixin::NotifyingBlock
#notifying_block, #subcontext_block
Methods included from DSL::DeclareResource
#build_resource, #declare_resource, #delete_resource, #delete_resource!, #edit_resource, #edit_resource!, #find_resource, #find_resource!, #resources, #with_run_context
Methods included from DSL::Compliance
#include_input, #include_profile, #include_waiver
Constructor Details
#initialize(new_resource, run_context) ⇒ User
Returns a new instance of User.
29 30 31 32 33 34 35 |
# File 'lib/chef/provider/user.rb', line 29 def initialize(new_resource, run_context) super @user_exists = true @locked = nil @shadow_lib_ok = true @group_name_resolved = true end |
Instance Attribute Details
#change_desc ⇒ Object
Returns the value of attribute change_desc.
27 28 29 |
# File 'lib/chef/provider/user.rb', line 27 def change_desc @change_desc end |
#locked ⇒ Object
Returns the value of attribute locked.
26 27 28 |
# File 'lib/chef/provider/user.rb', line 26 def locked @locked end |
#user_exists ⇒ Object
Returns the value of attribute user_exists.
26 27 28 |
# File 'lib/chef/provider/user.rb', line 26 def user_exists @user_exists end |
Instance Method Details
#check_lock ⇒ Object
249 250 251 |
# File 'lib/chef/provider/user.rb', line 249 def check_lock raise NotImplementedError end |
#compare_user ⇒ Object
Check to see if the user needs any changes
Returns
- <true>
-
If a change is required
- <false>
-
If the users are identical
149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 |
# File 'lib/chef/provider/user.rb', line 149 def compare_user @change_desc = [] if !new_resource.home.nil? && Pathname.new(new_resource.home).cleanpath != Pathname.new(current_resource.home).cleanpath @change_desc << "change homedir from #{current_resource.home} to #{new_resource.home}" end %i{comment shell password uid gid}.each do |user_attrib| new_val = new_resource.send(user_attrib) cur_val = current_resource.send(user_attrib) if !new_val.nil? && new_val.to_s != cur_val.to_s @change_desc << "change #{user_attrib} from #{cur_val} to #{new_val}" end end !@change_desc.empty? end |
#convert_group_name ⇒ Object
37 38 39 40 41 42 43 |
# File 'lib/chef/provider/user.rb', line 37 def convert_group_name if new_resource.gid.is_a?(String) && new_resource.gid.to_i == 0 new_resource.gid(TargetIO::Etc.getgrnam(new_resource.gid).gid) end rescue ArgumentError @group_name_resolved = false end |
#create_user ⇒ Object
229 230 231 |
# File 'lib/chef/provider/user.rb', line 229 def create_user raise NotImplementedError end |
#define_resource_requirements ⇒ Object
119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 |
# File 'lib/chef/provider/user.rb', line 119 def define_resource_requirements requirements.assert(:create, :modify, :manage, :lock, :unlock) do |a| a.assertion { @group_name_resolved } a. Chef::Exceptions::User, "Couldn't lookup integer GID for group name #{new_resource.gid}" a.whyrun "group name #{new_resource.gid} does not exist. This will cause group assignment to fail. Assuming this group will have been created previously." end requirements.assert(:all_actions) do |a| a.assertion { !supports_ruby_shadow? || @shadow_lib_ok } a. Chef::Exceptions::MissingLibrary, "You must have ruby-shadow installed for password support!" a.whyrun "ruby-shadow is not installed. Attempts to set user password will cause failure. Assuming that this gem will have been previously installed." \ "Note that user update converge may report false-positive on the basis of mismatched password. " end requirements.assert(:all_actions) do |a| # either neither linux-only value is set, or we need to be on Linux. a.assertion { (!new_resource.expire_date && !new_resource.inactive) || linux? } a. Chef::Exceptions::User, "Properties expire_date and inactive are not supported by this OS or have not been implemented for this OS yet." a.whyrun "Properties expire_date and inactive are ignored as they are not supported by this OS or have not been implemented yet for this OS" end requirements.assert(:modify, :lock, :unlock) do |a| a.assertion { @user_exists } a.(Chef::Exceptions::User, "Cannot modify user #{new_resource.username} - does not exist!") a.whyrun("Assuming user #{new_resource.username} would have been created") end end |
#load_current_resource ⇒ Object
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
# File 'lib/chef/provider/user.rb', line 45 def load_current_resource @current_resource = Chef::Resource::User.new(new_resource.name) current_resource.username(new_resource.username) begin user_info = TargetIO::Etc.getpwnam(new_resource.username) rescue ArgumentError @user_exists = false logger.trace("#{new_resource} user does not exist") user_info = nil end if user_info current_resource.uid(user_info.uid) current_resource.gid(user_info.gid) current_resource.home(user_info.dir) current_resource.shell(user_info.shell) current_resource.password(user_info.passwd) if new_resource.comment user_info.gecos.force_encoding(new_resource.comment.encoding) end current_resource.comment(user_info.gecos) begin require "shadow" # Cannot use this library remotely @shadow_lib_ok = false if ChefConfig::Config.target_mode? rescue LoadError @shadow_lib_ok = false else @shadow_info = TargetIO::Shadow::Passwd.getspnam(new_resource.username) # This conditional remains in place until we can sort out whether we need it. # Currently removing it causes tests to fail, but that /seems/ to be mocking/setup issues. # Some notes for context: # 1. Ruby's ETC.getpwnam makes use of /etc/passwd file (https://github.com/ruby/etc/blob/master/ext/etc/etc.c), # which returns "x" for a nil password. on AIX it returns a "*" # (https://www.ibm.com/docs/bg/aix/7.2?topic=passwords-using-etcpasswd-file) # 2. On AIX platforms ruby_shadow does not work as it does not # store encrypted passwords in the /etc/passwd file but in /etc/security/passwd file. # The AIX provider for user currently declares it does not support ruby-shadow. if new_resource.password && current_resource.password == "x" current_resource.password(@shadow_info.sp_pwdp) end end convert_group_name if new_resource.gid end current_resource end |
#load_shadow_options ⇒ Object
105 106 107 108 109 110 111 112 113 114 115 116 117 |
# File 'lib/chef/provider/user.rb', line 105 def unless @shadow_info.nil? current_resource.inactive(@shadow_info.sp_inact&.to_i) # sp_expire gives time since epoch in days till expiration. Need to convert that # to time in seconds since epoch and output date format for comparison expire_date = if @shadow_info.sp_expire.nil? @shadow_info.sp_expire else Time.at(@shadow_info.sp_expire * 60 * 60 * 24).strftime("%Y-%m-%d") end current_resource.expire_date(expire_date) end end |
#lock_user ⇒ Object
241 242 243 |
# File 'lib/chef/provider/user.rb', line 241 def lock_user raise NotImplementedError end |
#manage_user ⇒ Object
237 238 239 |
# File 'lib/chef/provider/user.rb', line 237 def manage_user raise NotImplementedError end |
#remove_user ⇒ Object
233 234 235 |
# File 'lib/chef/provider/user.rb', line 233 def remove_user raise NotImplementedError end |
#supports_ruby_shadow? ⇒ Boolean
An overridable for platforms that do not support ruby shadow. This way we can verify that the platform supports ruby shadow before requiring that it be available.
101 102 103 |
# File 'lib/chef/provider/user.rb', line 101 def supports_ruby_shadow? true end |
#unlock_user ⇒ Object
245 246 247 |
# File 'lib/chef/provider/user.rb', line 245 def unlock_user raise NotImplementedError end |