account_management

Table of Contents

1. Description
2. Setup - The basics of getting started with account_management
   • What account_management affects
   • Setup requirements
   • Beginning with account_management
3. Usage - Configuration options and additional functionality
4. Limitations - OS compatibility, etc.
5. Development - Guide for contributing to the module

Description

Creates users/groups and installs a users preferred shell in the correct order.

Setup

What account_management affects

It creates users/groups and installs a users preferred shell. It makes sure that groups are created and preferred shells are installed before the user is created.

Usage

The example below will create a group named bridge and a user named wriker. The bridge group will be created first, then wriker's preferred shell will be installed and finally the wriker user will be created with the requested parameters.

profile::account_management::required_groups:
  bridge:
    name: 'bridge'
    gid: '1701'
profile::account_management::required_users:
  wriker:
    comment: 'beard'
    groups:
      - 'wheel'
      - 'bridge'
    uid: '1200'
    gid: '1200'
    shell: '/bin/zsh'

Cron & Exec-Once

This module also supports providing a list of cron entries and run-once executables specified on a per user basis. This can be useful if some kind of initialization is desired when a user is first created. For example, cloning a set of dotfiles from a git repository.

profile::account_management::exec_map:
  wriker:
    - command: 'chezmoi init --apply https://github.com/wriker/dotfiles.git'
      path: '/usr/local/bin:/usr/bin'
      environment: [ 'HOME=/home/wriker' ]
      creates: '/home/wriker/.local/share/chezmoi'
profile::account_management::cron_map:
  wriker:
    - command: '/usr/local/bin/chezmoi update -a'
      hour: '0'
      minute: '30'

Note that each entry in a user array provided within exec_map must include one of the following three attributes:

• refreshonly
• creates
• onlyif

In the example above wriker's chezmoi configuration is installed when his user is first created. Additionally, a cron entry to refresh that configuration is scheduled to run every day at 00:30.

Limitations

OS Support

Tested on:

• CentOS 7
• RHEL 7
• Gentoo
• Debian 10

Shell Support

• Currently only supports bash, zsh, and ksh.

Development

See the contributing guide.

Release Notes/Contributors/Etc.

Check out the contributor list

Reference

Table of Contents

Classes

• account_management: Controls ordering of group and user creation.
• account_management::groups: Creates groups.
• account_management::shells: Installs shells before creating users
• account_management::users: Creates the users via the accounts module

Functions

• accounts_validate_authorized_key_line: Parse an ssh authorized_keys line string and return a boolean message indicating whether this line is valid or not.

Classes

account_management

A class to ensure group and user creation completes without errors. It ensures a users required groups are created and preffered shell is installed before the user is created.

Examples

include account_management

Parameters

The following parameters are available in the account_management class.

required_users

Data type: Hash[String, Account_management::User]

A hash of the users to be created with a nested hash containing all their parameters. See the accounts::user type from puppetlabs/accounts for detail.

shell_package_map

Data type: Account_management::ShellMap

A hash which maps a given shell absolute path, e.g. /bin/ksh, to the corresponding package. Hiera defaults exist for Gentoo and RedHat family operating systems.

required_groups

Data type: Hash[String, Account_management::Group]

A hash of the groups to be created with a nested hash containing all their parameters.

exec_map

Data type: Hash[String, Array[Account_management::ExecOnce]]

A hash linking a user to a list of exec command arguments which should be run once upon the creation of the user.

Default value: {}

cron_map

Data type: Hash[String, Array[Account_management::UserCron]]

A hash linking a user to a list of crontab entries which should be scheduled.

Default value: {}

account_management::groups

A class to handle group creation

account_management::shells

A class to install a users preffered shell before the user is created.

account_management::users

A class to use the accounts module to create all users with their expected parameters.

Functions

accounts_validate_authorized_key_line

Type: Ruby 4.x API

Parse an ssh authorized_keys line string and return a boolean message indicating whether this line is valid or not.

accounts_validate_authorized_key_line(String $str)

Parse an ssh authorized_keys line string and return a boolean message indicating whether this line is valid or not.

Returns: Boolean indicating whether the line is valid or not

str

Data type: String

ssh authorized_keys line string

Changelog

All notable changes to this project will be documented in this file.

Release 0.3.0

Full Changelog

Features

• Adds explicit support for Raspbian
• Tests sshkey parameters
• Validates sshkey strings
• Disables group creation when a primary group name not matching the user is specified
• Moves to a current release of puppetlabs/accounts

Release 0.2.2

Full Changelog

Features

• Adds support for Debian in the default setup
• PDK 1.14.1.x config update

Release 0.2.1

Full Changelog

Features

• Allow alternative modes for exec_map: creates or onlyif
• Reworked type definition for required groups.

Release 0.2.0

Full Changelog

Features

• Cron definitions on a per-user basis
• Run-once exec list per user

Release 0.1.3

Full Changelog

Features

• PDK 1.9.x config update
• Gentoo specific spec tests
• Correct compatibility with ensure_packages from puppet-stdlib

Release 0.1.2

Full Changelog

Features

• Added support for the Gentoo OS family.

Release 0.1.1

Full Changelog

Closed issues:

• corrected shell mapping and added error handling per issue #1

Release 0.1.0

Features

Initial release.