Class: Chef::Provider::User

Inherits:
Chef::Provider show all
Defined in:
lib/chef/provider/user.rb,
lib/chef/provider/user/pw.rb,
lib/chef/provider/user/aix.rb,
lib/chef/provider/user/mac.rb,
lib/chef/provider/user/dscl.rb,
lib/chef/provider/user/linux.rb,
lib/chef/provider/user/solaris.rb,
lib/chef/provider/user/windows.rb

Direct Known Subclasses

Aix, Dscl, Linux, MacUser, Pw, Solaris, Windows

Defined Under Namespace

Classes: Aix, Dscl, Linux, MacUser, Pw, Solaris, Windows

Instance Attribute Summary collapse

Attributes inherited from Chef::Provider

#action, #after_resource, #current_resource, #logger, #new_resource, #run_context

Instance Method Summary collapse

Methods inherited from Chef::Provider

action, action_description, action_descriptions, #action_nothing, #check_resource_semantics!, #cleanup_after_converge, #compile_and_converge_action, #converge_by, #converge_if_changed, #cookbook_name, #description, #events, include_resource_dsl?, include_resource_dsl_module, #introduced, #load_after_resource, #node, #process_resource_requirements, provides, provides?, #recipe_name, #requirements, #resource_collection, #resource_updated?, #run_action, #set_updated_status, supports?, use, use_inline_resources, #validate_required_properties!, #whyrun_mode?, #whyrun_supported?

Methods included from Mixin::Provides

#provided_as, #provides, #provides?

Methods included from Mixin::DescendantsTracker

#descendants, descendants, direct_descendants, #direct_descendants, find_descendants_by_name, #find_descendants_by_name, #inherited, store_inherited

Methods included from Mixin::LazyModuleInclude

#descendants, #include, #included

Methods included from Mixin::PowershellOut

#powershell_out, #powershell_out!

Methods included from Mixin::WindowsArchitectureHelper

#assert_valid_windows_architecture!, #disable_wow64_file_redirection, #forced_32bit_override_required?, #is_i386_process_on_x86_64_windows?, #node_supports_windows_architecture?, #node_windows_architecture, #restore_wow64_file_redirection, #valid_windows_architecture?, #with_os_architecture, #wow64_architecture_override_required?, #wow64_directory

Methods included from DSL::Secret

#default_secret_config, #default_secret_service, #secret, #with_secret_config, #with_secret_service

Methods included from DSL::RenderHelpers

#render_json, #render_toml, #render_yaml

Methods included from DSL::ReaderHelpers

#parse_file, #parse_json, #parse_toml, #parse_yaml

Methods included from DSL::Powershell

#ps_credential

Methods included from DSL::RegistryHelper

#registry_data_exists?, #registry_get_subkeys, #registry_get_values, #registry_has_subkeys?, #registry_key_exists?, #registry_value_exists?

Methods included from DSL::ChefVault

#chef_vault, #chef_vault_item, #chef_vault_item_for_environment

Methods included from DSL::DataQuery

#data_bag, #data_bag_item, #search, #tagged?

Methods included from EncryptedDataBagItem::CheckEncrypted

#encrypted?

Methods included from DSL::PlatformIntrospection

#older_than_win_2012_or_8?, #platform?, #platform_family?, #value_for_platform, #value_for_platform_family

Methods included from DSL::Recipe

#exec, #have_resource_class_for?, #resource_class_for

Methods included from DSL::Definitions

add_definition, #evaluate_resource_definition, #has_resource_definition?

Methods included from DSL::Resources

add_resource_dsl, remove_resource_dsl

Methods included from DSL::Cheffish

load_cheffish

Methods included from DSL::RebootPending

#reboot_pending?

Methods included from DSL::IncludeRecipe

#include_recipe, #load_recipe

Methods included from Mixin::NotifyingBlock

#notifying_block, #subcontext_block

Methods included from DSL::DeclareResource

#build_resource, #declare_resource, #delete_resource, #delete_resource!, #edit_resource, #edit_resource!, #find_resource, #find_resource!, #resources, #with_run_context

Methods included from DSL::Compliance

#include_input, #include_profile, #include_waiver

Constructor Details

#initialize(new_resource, run_context) ⇒ User

Returns a new instance of User.



29
30
31
32
33
34
35
# File 'lib/chef/provider/user.rb', line 29

def initialize(new_resource, run_context)
  super
  @user_exists = true
  @locked = nil
  @shadow_lib_ok = true
  @group_name_resolved = true
end

Instance Attribute Details

#change_descObject

Returns the value of attribute change_desc.



27
28
29
# File 'lib/chef/provider/user.rb', line 27

def change_desc
  @change_desc
end

#lockedObject

Returns the value of attribute locked.



26
27
28
# File 'lib/chef/provider/user.rb', line 26

def locked
  @locked
end

#user_existsObject

Returns the value of attribute user_exists.



26
27
28
# File 'lib/chef/provider/user.rb', line 26

def user_exists
  @user_exists
end

Instance Method Details

#check_lockObject

Raises:

  • (NotImplementedError)


253
254
255
# File 'lib/chef/provider/user.rb', line 253

def check_lock
  raise NotImplementedError
end

#compare_userObject

Check to see if the user needs any changes

=== Returns :: If a change is required :: If the users are identical



149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
# File 'lib/chef/provider/user.rb', line 149

def compare_user
  @change_desc = []
  if !new_resource.home.nil? && Pathname.new(new_resource.home).cleanpath != Pathname.new(current_resource.home).cleanpath
    @change_desc << "change homedir from #{current_resource.home} to #{new_resource.home}"
  end

  %i{comment shell password uid gid}.each do |user_attrib|
    new_val = new_resource.send(user_attrib)
    cur_val = current_resource.send(user_attrib)
    if !new_val.nil? && new_val.to_s != cur_val.to_s
      if user_attrib.to_s == "password" && new_resource.sensitive
        @change_desc << "change #{user_attrib} from ******** to ********"
      else
        @change_desc << "change #{user_attrib} from #{cur_val} to #{new_val}"
      end
    end
  end

  !@change_desc.empty?
end

#convert_group_nameObject



37
38
39
40
41
42
43
# File 'lib/chef/provider/user.rb', line 37

def convert_group_name
  if new_resource.gid.is_a?(String) && new_resource.gid.to_i == 0
    new_resource.gid(TargetIO::Etc.getgrnam(new_resource.gid).gid)
  end
rescue ArgumentError
  @group_name_resolved = false
end

#create_userObject

Raises:

  • (NotImplementedError)


233
234
235
# File 'lib/chef/provider/user.rb', line 233

def create_user
  raise NotImplementedError
end

#define_resource_requirementsObject



119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# File 'lib/chef/provider/user.rb', line 119

def define_resource_requirements
  requirements.assert(:create, :modify, :manage, :lock, :unlock) do |a|
    a.assertion { @group_name_resolved }
    a.failure_message Chef::Exceptions::User, "Couldn't lookup integer GID for group name #{new_resource.gid}"
    a.whyrun "group name #{new_resource.gid} does not exist.  This will cause group assignment to fail.  Assuming this group will have been created previously."
  end
  requirements.assert(:all_actions) do |a|
    a.assertion { !supports_ruby_shadow? || @shadow_lib_ok }
    a.failure_message Chef::Exceptions::MissingLibrary, "You must have ruby-shadow installed for password support!"
    a.whyrun "ruby-shadow is not installed. Attempts to set user password will cause failure.  Assuming that this gem will have been previously installed." \
      "Note that user update converge may report false-positive on the basis of mismatched password. "
  end
  requirements.assert(:all_actions) do |a|
    # either neither linux-only value is set, or we need to be on Linux.
    a.assertion { (!new_resource.expire_date && !new_resource.inactive) || linux? }
    a.failure_message Chef::Exceptions::User, "Properties expire_date and inactive are not supported by this OS or have not been implemented for this OS yet."
    a.whyrun "Properties expire_date and inactive are ignored as they are not supported by this OS or have not been implemented yet for this OS"
  end
  requirements.assert(:modify, :lock, :unlock) do |a|
    a.assertion { @user_exists }
    a.failure_message(Chef::Exceptions::User, "Cannot modify user #{new_resource.username} - does not exist!")
    a.whyrun("Assuming user #{new_resource.username} would have been created")
  end
end

#load_current_resourceObject



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# File 'lib/chef/provider/user.rb', line 45

def load_current_resource
  @current_resource = Chef::Resource::User.new(new_resource.name)
  current_resource.username(new_resource.username)

  begin
     = TargetIO::Etc.getpwnam(new_resource.username)
  rescue ArgumentError
    @user_exists = false
    logger.trace("#{new_resource} user does not exist")
     = nil
  end

  if 
    current_resource.uid(.uid)
    current_resource.gid(.gid)
    current_resource.home(.dir)
    current_resource.shell(.shell)
    current_resource.password(.passwd)

    if new_resource.comment
      .gecos.force_encoding(new_resource.comment.encoding)
    end
    current_resource.comment(.gecos)

    begin
      require "shadow"

      # Cannot use this library remotely
      @shadow_lib_ok = false if ChefConfig::Config.target_mode?
    rescue LoadError
      @shadow_lib_ok = false
    else
      @shadow_info = TargetIO::Shadow::Passwd.getspnam(new_resource.username)
      # This conditional remains in place until we can sort out whether we need it.
      # Currently removing it causes tests to fail, but that /seems/ to be mocking/setup issues.
      # Some notes for context:
      # 1. Ruby's ETC.getpwnam makes use of /etc/passwd file (https://github.com/ruby/etc/blob/master/ext/etc/etc.c),
      #    which returns "x" for a nil password. on AIX it returns a "*"
      #    (https://www.ibm.com/docs/bg/aix/7.2?topic=passwords-using-etcpasswd-file)
      # 2. On AIX platforms ruby_shadow does not work as it does not
      #    store encrypted passwords in the /etc/passwd file but in /etc/security/passwd file.
      #    The AIX provider for user currently declares it does not support ruby-shadow.
      if new_resource.password && current_resource.password == "x"
        current_resource.password(@shadow_info.sp_pwdp)
      end
    end

    convert_group_name if new_resource.gid
  end

  current_resource
end

#load_shadow_optionsObject



105
106
107
108
109
110
111
112
113
114
115
116
117
# File 'lib/chef/provider/user.rb', line 105

def load_shadow_options
  unless @shadow_info.nil?
    current_resource.inactive(@shadow_info.sp_inact&.to_i)
    # sp_expire gives time since epoch in days till expiration. Need to convert that
    # to time in seconds since epoch and output date format for comparison
    expire_date = if @shadow_info.sp_expire.nil?
                    @shadow_info.sp_expire
                  else
                    Time.at(@shadow_info.sp_expire * 60 * 60 * 24).strftime("%Y-%m-%d")
                  end
    current_resource.expire_date(expire_date)
  end
end

#lock_userObject

Raises:

  • (NotImplementedError)


245
246
247
# File 'lib/chef/provider/user.rb', line 245

def lock_user
  raise NotImplementedError
end

#manage_userObject

Raises:

  • (NotImplementedError)


241
242
243
# File 'lib/chef/provider/user.rb', line 241

def manage_user
  raise NotImplementedError
end

#remove_userObject

Raises:

  • (NotImplementedError)


237
238
239
# File 'lib/chef/provider/user.rb', line 237

def remove_user
  raise NotImplementedError
end

#supports_ruby_shadow?Boolean

An overridable for platforms that do not support ruby shadow. This way we can verify that the platform supports ruby shadow before requiring that it be available.

Returns:

  • (Boolean)


101
102
103
# File 'lib/chef/provider/user.rb', line 101

def supports_ruby_shadow?
  true
end

#unlock_userObject

Raises:

  • (NotImplementedError)


249
250
251
# File 'lib/chef/provider/user.rb', line 249

def unlock_user
  raise NotImplementedError
end