Class: Chef::Provider::User

Inherits:
Chef::Provider show all
Defined in:
lib/chef/provider/user.rb,
lib/chef/provider/user/pw.rb,
lib/chef/provider/user/aix.rb,
lib/chef/provider/user/mac.rb,
lib/chef/provider/user/dscl.rb,
lib/chef/provider/user/linux.rb,
lib/chef/provider/user/solaris.rb,
lib/chef/provider/user/windows.rb

Direct Known Subclasses

Aix, Dscl, Linux, MacUser, Pw, Solaris, Windows

Defined Under Namespace

Classes: Aix, Dscl, Linux, MacUser, Pw, Solaris, Windows

Instance Attribute Summary collapse

Attributes inherited from Chef::Provider

#action, #after_resource, #current_resource, #logger, #new_resource, #run_context

Instance Method Summary collapse

Methods inherited from Chef::Provider

action, action_description, action_descriptions, #action_nothing, #check_resource_semantics!, #cleanup_after_converge, #compile_and_converge_action, #converge_by, #converge_if_changed, #cookbook_name, #description, #events, include_resource_dsl?, include_resource_dsl_module, #introduced, #load_after_resource, #node, #process_resource_requirements, provides, provides?, #recipe_name, #requirements, #resource_collection, #resource_updated?, #run_action, #set_updated_status, supports?, use, use_inline_resources, #validate_required_properties!, #whyrun_mode?, #whyrun_supported?

Methods included from Mixin::Provides

#provided_as, #provides, #provides?

Methods included from Mixin::DescendantsTracker

#descendants, descendants, direct_descendants, #direct_descendants, find_descendants_by_name, #find_descendants_by_name, #inherited, store_inherited

Methods included from Mixin::LazyModuleInclude

#descendants, #include, #included

Methods included from Mixin::PowershellOut

#powershell_out, #powershell_out!

Methods included from Mixin::WindowsArchitectureHelper

#assert_valid_windows_architecture!, #disable_wow64_file_redirection, #forced_32bit_override_required?, #is_i386_process_on_x86_64_windows?, #node_supports_windows_architecture?, #node_windows_architecture, #restore_wow64_file_redirection, #valid_windows_architecture?, #with_os_architecture, #wow64_architecture_override_required?, #wow64_directory

Methods included from DSL::Secret

#default_secret_config, #default_secret_service, #secret, #with_secret_config, #with_secret_service

Methods included from DSL::RenderHelpers

#render_json, #render_toml, #render_yaml

Methods included from DSL::ReaderHelpers

#parse_file, #parse_json, #parse_toml, #parse_yaml

Methods included from DSL::Powershell

#ps_credential

Methods included from DSL::RegistryHelper

#registry_data_exists?, #registry_get_subkeys, #registry_get_values, #registry_has_subkeys?, #registry_key_exists?, #registry_value_exists?

Methods included from DSL::ChefVault

#chef_vault, #chef_vault_item, #chef_vault_item_for_environment

Methods included from DSL::DataQuery

#data_bag, #data_bag_item, #search, #tagged?

Methods included from EncryptedDataBagItem::CheckEncrypted

#encrypted?

Methods included from DSL::PlatformIntrospection

#older_than_win_2012_or_8?, #platform?, #platform_family?, #value_for_platform, #value_for_platform_family

Methods included from DSL::Recipe

#exec, #have_resource_class_for?, #resource_class_for

Methods included from DSL::Definitions

add_definition, #evaluate_resource_definition, #has_resource_definition?

Methods included from DSL::Resources

add_resource_dsl, remove_resource_dsl

Methods included from DSL::Cheffish

load_cheffish

Methods included from DSL::RebootPending

#reboot_pending?

Methods included from DSL::IncludeRecipe

#include_recipe, #load_recipe

Methods included from Mixin::NotifyingBlock

#notifying_block, #subcontext_block

Methods included from DSL::DeclareResource

#build_resource, #declare_resource, #delete_resource, #delete_resource!, #edit_resource, #edit_resource!, #find_resource, #find_resource!, #resources, #with_run_context

Methods included from DSL::Compliance

#include_input, #include_profile, #include_waiver

Constructor Details

#initialize(new_resource, run_context) ⇒ User

Returns a new instance of User.



29
30
31
32
33
34
35
# File 'lib/chef/provider/user.rb', line 29

def initialize(new_resource, run_context)
  super
  @user_exists = true
  @locked = nil
  @shadow_lib_ok = true
  @group_name_resolved = true
end

Instance Attribute Details

#change_descObject

Returns the value of attribute change_desc.



27
28
29
# File 'lib/chef/provider/user.rb', line 27

def change_desc
  @change_desc
end

#lockedObject

Returns the value of attribute locked.



26
27
28
# File 'lib/chef/provider/user.rb', line 26

def locked
  @locked
end

#user_existsObject

Returns the value of attribute user_exists.



26
27
28
# File 'lib/chef/provider/user.rb', line 26

def user_exists
  @user_exists
end

Instance Method Details

#check_lockObject

Raises:

  • (NotImplementedError)


250
251
252
# File 'lib/chef/provider/user.rb', line 250

def check_lock
  raise NotImplementedError
end

#compare_userObject

Check to see if the user needs any changes

=== Returns :: If a change is required :: If the users are identical



146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
# File 'lib/chef/provider/user.rb', line 146

def compare_user
  @change_desc = []
  if !new_resource.home.nil? && Pathname.new(new_resource.home).cleanpath != Pathname.new(current_resource.home).cleanpath
    @change_desc << "change homedir from #{current_resource.home} to #{new_resource.home}"
  end

  %i{comment shell password uid gid}.each do |user_attrib|
    new_val = new_resource.send(user_attrib)
    cur_val = current_resource.send(user_attrib)
    if !new_val.nil? && new_val.to_s != cur_val.to_s
      if user_attrib.to_s == "password" && new_resource.sensitive
        @change_desc << "change #{user_attrib} from ******** to ********"
      else
        @change_desc << "change #{user_attrib} from #{cur_val} to #{new_val}"
      end
    end
  end

  !@change_desc.empty?
end

#convert_group_nameObject



37
38
39
40
41
42
43
# File 'lib/chef/provider/user.rb', line 37

def convert_group_name
  if new_resource.gid.is_a?(String) && new_resource.gid.to_i == 0
    new_resource.gid(Etc.getgrnam(new_resource.gid).gid)
  end
rescue ArgumentError
  @group_name_resolved = false
end

#create_userObject

Raises:

  • (NotImplementedError)


230
231
232
# File 'lib/chef/provider/user.rb', line 230

def create_user
  raise NotImplementedError
end

#define_resource_requirementsObject



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# File 'lib/chef/provider/user.rb', line 116

def define_resource_requirements
  requirements.assert(:create, :modify, :manage, :lock, :unlock) do |a|
    a.assertion { @group_name_resolved }
    a.failure_message Chef::Exceptions::User, "Couldn't lookup integer GID for group name #{new_resource.gid}"
    a.whyrun "group name #{new_resource.gid} does not exist.  This will cause group assignment to fail.  Assuming this group will have been created previously."
  end
  requirements.assert(:all_actions) do |a|
    a.assertion { !supports_ruby_shadow? || @shadow_lib_ok }
    a.failure_message Chef::Exceptions::MissingLibrary, "You must have ruby-shadow installed for password support!"
    a.whyrun "ruby-shadow is not installed. Attempts to set user password will cause failure.  Assuming that this gem will have been previously installed." \
      "Note that user update converge may report false-positive on the basis of mismatched password. "
  end
  requirements.assert(:all_actions) do |a|
    # either neither linux-only value is set, or we need to be on Linux.
    a.assertion { (!new_resource.expire_date && !new_resource.inactive) || linux? }
    a.failure_message Chef::Exceptions::User, "Properties expire_date and inactive are not supported by this OS or have not been implemented for this OS yet."
    a.whyrun "Properties expire_date and inactive are ignored as they are not supported by this OS or have not been implemented yet for this OS"
  end
  requirements.assert(:modify, :lock, :unlock) do |a|
    a.assertion { @user_exists }
    a.failure_message(Chef::Exceptions::User, "Cannot modify user #{new_resource.username} - does not exist!")
    a.whyrun("Assuming user #{new_resource.username} would have been created")
  end
end

#load_current_resourceObject



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# File 'lib/chef/provider/user.rb', line 45

def load_current_resource
  @current_resource = Chef::Resource::User.new(new_resource.name)
  current_resource.username(new_resource.username)

  begin
     = Etc.getpwnam(new_resource.username)
  rescue ArgumentError
    @user_exists = false
    logger.trace("#{new_resource} user does not exist")
     = nil
  end

  if 
    current_resource.uid(.uid)
    current_resource.gid(.gid)
    current_resource.home(.dir)
    current_resource.shell(.shell)
    current_resource.password(.passwd)

    if new_resource.comment
      .gecos.force_encoding(new_resource.comment.encoding)
    end
    current_resource.comment(.gecos)

    begin
      require "shadow"
    rescue LoadError
      @shadow_lib_ok = false
    else
      @shadow_info = Shadow::Passwd.getspnam(new_resource.username)
      # This conditional remains in place until we can sort out whether we need it.
      # Currently removing it causes tests to fail, but that /seems/ to be mocking/setup issues.
      # Some notes for context:
      # 1. Ruby's ETC.getpwnam makes use of /etc/passwd file (https://github.com/ruby/etc/blob/master/ext/etc/etc.c),
      #    which returns "x" for a nil password. on AIX it returns a "*"
      #    (https://www.ibm.com/docs/bg/aix/7.2?topic=passwords-using-etcpasswd-file)
      # 2. On AIX platforms ruby_shadow does not work as it does not
      #    store encrypted passwords in the /etc/passwd file but in /etc/security/passwd file.
      #    The AIX provider for user currently declares it does not support ruby-shadow.
      if new_resource.password && current_resource.password == "x"
        current_resource.password(@shadow_info.sp_pwdp)
      end
    end

    convert_group_name if new_resource.gid
  end

  current_resource
end

#load_shadow_optionsObject



102
103
104
105
106
107
108
109
110
111
112
113
114
# File 'lib/chef/provider/user.rb', line 102

def load_shadow_options
  unless @shadow_info.nil?
    current_resource.inactive(@shadow_info.sp_inact&.to_i)
    # sp_expire gives time since epoch in days till expiration. Need to convert that
    # to time in seconds since epoch and output date format for comparison
    expire_date = if @shadow_info.sp_expire.nil?
                    @shadow_info.sp_expire
                  else
                    Time.at(@shadow_info.sp_expire * 60 * 60 * 24).strftime("%Y-%m-%d")
                  end
    current_resource.expire_date(expire_date)
  end
end

#lock_userObject

Raises:

  • (NotImplementedError)


242
243
244
# File 'lib/chef/provider/user.rb', line 242

def lock_user
  raise NotImplementedError
end

#manage_userObject

Raises:

  • (NotImplementedError)


238
239
240
# File 'lib/chef/provider/user.rb', line 238

def manage_user
  raise NotImplementedError
end

#remove_userObject

Raises:

  • (NotImplementedError)


234
235
236
# File 'lib/chef/provider/user.rb', line 234

def remove_user
  raise NotImplementedError
end

#supports_ruby_shadow?Boolean

An overridable for platforms that do not support ruby shadow. This way we can verify that the platform supports ruby shadow before requiring that it be available.

Returns:

  • (Boolean)


98
99
100
# File 'lib/chef/provider/user.rb', line 98

def supports_ruby_shadow?
  true
end

#unlock_userObject

Raises:

  • (NotImplementedError)


246
247
248
# File 'lib/chef/provider/user.rb', line 246

def unlock_user
  raise NotImplementedError
end