accounts

Table of Contents

1. Description
2. Setup - The basics of getting started with accounts
3. Usage - Configuration options and additional functionality
   • Declare user accounts
   • Customize the home directory
   • Lock accounts
   • Manage SSH keys
   • Data in hiera
4. Reference - An under-the-hood peek at what the module is doing and how

   * [Data Types](#data-types)
   

5. Limitations - OS compatibility, etc.
6. License
7. Development - Guide for contributing to the module

Description

The accounts module manages resources related to login and service accounts.

This module works on many UNIX/Linux operating systems. It does not support configuring accounts on Microsoft Windows platforms.

Setup

Beginning with accounts

Declare the accounts::user defined type for each local user you want to manage:

node default {
  accounts::user { 'dan': }
  accounts::user { 'morgan': }
}

The above example creates accounts, home directories, and groups for dan and morgan in the default node group.

Usage

Declare user accounts

accounts::user { 'bob':
  uid      => '4001',
  gid      => '4001',
  group    => 'staff',
  shell    => '/bin/bash',
  password => '!!',
  locked   => false,
}

Customize the home directory

A simple bashrc and bash_profile rc file is managed by Puppet for each account. These rc files add some simple aliases, update the prompt, add ~/bin to the path, and source the following files (which are not managed by this module) in the following order:

1. /etc/bashrc
2. /etc/bashrc.puppet
3. ~/.bashrc.custom

Account holders can customize their shells by managing their bashrc.custom files. In addition, the system administrator can make profile changes that affect all accounts with a bash shell by managing the '/etc/bashrc.puppet' file.

To install an email foward, configure the .forward file by using the forward_content or forward_source parameters.

Lock accounts

Lock accounts by setting the locked parameter of an account to true.

For example:

accounts::user { 'villain':
  comment => 'Bad Person',
  locked  => true
}

The accounts module sets the account to an invalid shell appropriate for the system Puppet is managing and displays the following message if a user tries to access the account:

$ ssh villain@centos56
This account is currently not available.
Connection to 172.16.214.129 closed.

Manage SSH keys

Manage SSH keys with the sshkeys attribute of the accounts::user defined type. This parameter accepts an array of public key contents as strings.

Example:

accounts::user { 'jeff':
  comment => 'Jeff McCune',
  groups  => [
    'admin',
    'sudonopw',
  ],
  uid     => '1112',
  gid     => '1112',
  sshkeys => [
    'ssh-rsa AAAAB3Nza...== jeff@puppetlabs.com',
    'ssh-dss AAAAB3Nza...== jeff@metamachine.net',
  ],
}

The module supports placing sshkeys in a custom location. If you specify a value for the sshkey_custom_path attribute of the accounts::user defined type, the module will place the keys in the specified file. The module will only manage the specified file and not the full path. If you set purge_sshkeys to true, and you have also set a custom path, it will only purge the ssh keys in the custom path.

Example:

accounts::user { 'gerrard':
  sshkey_custom_path => '/var/lib/ssh/gerrard/authorized_keys',
  sshkey_group       => 'root',
  sshkey_owner       => 'root',
  shell              => '/bin/zsh',
  comment            => 'Gerrard Geldenhuis',
  groups             => [
    'engineering',
    'automation',
  ],
  uid                => '1117',
  gid                => '1117',
  sshkeys            => [
    'ssh-rsa AAAAB9Aza...== gerrard@dirtyfruit.co.uk',
    'ssh-dss AAAAB9Aza...== gerrard@dojo.training',
  ],
  password           => '!!',
}

Setting sshkey_custom_path is typically associated with setting AuthorizedKeysFile /var/lib/ssh/%u/authorized_keys in your sshd config file.

Data in Hiera

The accounts module supports storing all account data in Hiera.

Example:

accounts::group_defaults:
  system: true
accounts::group_list:
  admins: {}
  users:  {}
accounts::user_defaults:
  groups: [ 'users' ]
  managehome: true
  system:     false
accounts::user_list:
  admin:
    groups: ['admins', 'users']
  joe:
    sshkeys:
      - &joe_sshkey 'ssh-rsa ... joe@corp.com'
  sally:
    sshkeys:
      - &sally_sshkey 'ssh-rsa ... sally@corp.com'
  dba:
    sshkeys:
      - *joe_sshkey
      - *sally_sshkey
    system: true

include ::accounts

Reference

See REFERENCE.md

Data types

Accounts::Group::Hash

A hash of group data suitable for passing as the second parameter to ensure_resources.

Accounts::Group::Provider

The allowed values for the provider attribute. Currently, this is:

• aix
• directoryservice
• groupadd
• ldap
• pw
• windows_adsi

Accounts::Group::Resource

A struct of group attributes suitable for passing as the third parameter to ensure_resource.

Accounts::User::Expiry

Allows either 'absent' or a YYY-MM-DD datestring.

Accounts::User::Hash

A hash of user data suitable for passing as the second parameter to ensure_resources.

Accounts::User::Iterations

The iterations attribute allows any positive integer, optionally expressed as a string.

Accounts::User::Name

Allows strings up to 32 characters long that begin with a lower case letter or underscore, followed by lower case letters, digits, underscores, or dashes, and optionally ending in a dollar sign. See useradd(8)

Accounts::User::PasswordMaxAge

Maximum number of days a password may be used before it must be changed. Allows any integer from -1 to 99999. See user resource.

Accounts::User::Resource

A struct of user attributes suitable for passing as the third parameter to ensure_resource.

Accounts::User::Uid

Allows any integer from 0 to 4294967295 (232 - 1), optionally expressed as a string.

Limitations

For an extensive list of supported operating systems, see metadata.json

Changes from pe_accounts

The accounts module is designed to take the place of the pe_accounts module that shipped with PE versions 2015.2 and earlier. Some of the changes include the removal of the base class, improving the validation, and allowing more flexibility regarding which files should or should not be managed in a user's home directory.

For example, the .bashrc and .bash_profile files are not managed by default but allow custom content to be passed in using the bashrc_content and bash_profile_content parameters. The content for these two files as managed by pe_accounts can continue to be used by passing bashrc_content => file('accounts/shell/bashrc') and bash_profile_content => file('accounts/shell/bash_profile') to the accounts::user defined type.

License

This codebase is licensed under the Apache2.0 licensing, however due to the nature of the codebase the open source dependencies may also use a combination of AGPL, BSD-2, BSD-3, GPL2.0, LGPL, MIT and MPL Licensing.

Development

Acceptance tests for this module leverage puppet_litmus. To run the acceptance tests follow the instructions here. You can also find a tutorial and walkthrough of using Litmus and the PDK on YouTube.

If you run into an issue with this module, or if you would like to request a feature, please create an issue. Every Tuesday the Puppet Content and Tooling team has office hours in the Puppet Community Slack for about an hour, starting at 1400 (GMT+1).

If you have problems getting this module up and running, please contact Support.

If you submit a change to this module, be sure to regenerate the reference documentation as follows:

puppet strings generate --format markdown --out REFERENCE.md

Reference

Table of Contents

Classes

• accounts: This class auto-creates user and group resources from hiera data.
• accounts::user::defaults: Load some user defaults from hiera data.

Defined types

Public Defined types

• accounts::user: This resource manages the user, group, vim/, .ssh/, .bash_profile, .bashrc, homedir, .ssh/authorized_keys files, and directories.

Private Defined types

• accounts::home_dir: This resource specifies how home directories are managed.
• accounts::key_management: This resource specifies where ssh keys are managed.
• accounts::manage_keys: This resource manages ssh keys for a user.

Functions

• accounts_ssh_authorized_keys_line_parser: Parse an ssh authorized_keys line string into an array using its expected pattern by using a combination of regex matching and extracting the
• accounts_ssh_options_parser: Parse an ssh authorized_keys option string into an array using its expected pattern which matches a crazy regex slightly modified from shell

Data types

• Accounts::Group::Hash: A hash of group resources, keyed by group name.
• Accounts::Group::Provider: The specific backend to use for this group resource.
• Accounts::Group::Resource: A hash of group attributes.
• Accounts::User::Expiry: Account access will be denied after this date.
• Accounts::User::Hash: A hash of user resources, keyed by user name.
• Accounts::User::Iterations: Chained computation iterations for the PBKDF2 password hash.
• Accounts::User::Name: Each user or group should have a unique alphanumeric name.
• Accounts::User::PasswordMaxAge: Maximum days between password changes.
• Accounts::User::Resource: A hash of user attributes.
• Accounts::User::Uid: Each user on a system should have a unique numeric uid.

Classes

accounts

This class auto-creates user and group resources from hiera data.

Parameters

The following parameters are available in the accounts class:

• group_defaults
• group_list
• user_defaults
• user_list

group_defaults

Data type: Accounts::Group::Resource

Hash of default attributes for group resources managed by this class.

Default value: {}

group_list

Data type: Accounts::Group::Hash

Hash of group resources for this class to manage. The hash is keyed by group name.

Default value: {}

user_defaults

Data type: Accounts::User::Resource

Hash of default attributes for accounts::user resources managed by this class.

Default value: {}

user_list

Data type: Accounts::User::Hash

Hash of accounts::user resources for this class to manage. The hash is keyed by user name.

Default value: {}

accounts::user::defaults

Load some user defaults from hiera data.

Parameters

The following parameters are available in the accounts::user::defaults class:

• home_template
• locked_shell
• root_home

home_template

Data type: Stdlib::AbsolutePath

The sprintf template used to determine a user's home directory.

Default value: '/home/%s'

locked_shell

Data type: Stdlib::AbsolutePath

The shell assigned to locked user accounts.

Default value: '/sbin/nologin'

root_home

Data type: Stdlib::AbsolutePath

The home directory of the root user.

Default value: '/root'

Defined types

accounts::user

This resource manages the user, group, vim/, .ssh/, .bash_profile, .bashrc, homedir, .ssh/authorized_keys files, and directories.

Examples

Basic usage

accounts::user { 'bob':
  uid      => '4001',
  gid      => '4001',
  group    => 'staff',
  shell    => '/bin/bash',
  password => '!!',
  locked   => false,
}

Parameters

The following parameters are available in the accounts::user defined type:

• ensure
• allowdupe
• bash_profile_content
• bash_profile_source
• bashrc_content
• bashrc_source
• comment
• create_group
• expiry
• forcelocal
• forward_content
• forward_source
• gid
• group
• groups
• home
• home_mode
• ignore_password_if_empty
• iterations
• locked
• managehome
• managevim
• membership
• name
• password
• password_max_age
• purge_sshkeys
• purge_user_home
• salt
• shell
• sshkey_custom_path
• sshkey_group
• sshkey_owner
• sshkey_mode
• sshkeys
• system
• uid

ensure

Data type: Enum['absent','present']

Specifies whether the user, its primary group, homedir, and ssh keys should exist. Valid values are 'present' and 'absent'. Note that when a user is created, a group with the same name as the user is also created.

Default value: 'present'

allowdupe

Data type: Boolean

Whether to allow duplicate UIDs. By default false

Default value: false

bash_profile_content

Data type: Optional[String]

The content to place in the user's ~/.bash_profile file. Mutually exclusive to bash_profile_source.

Default value: undef

bash_profile_source

Data type: Optional[Stdlib::Filesource]

A source file containing the content to place in the user's ~/.bash_profile file. Mutually exclusive to bash_profile_content.

Default value: undef

bashrc_content

Data type: Optional[String]

The content to place in the user's ~/.bashrc file. Mutually exclusive to bashrc_source.

Default value: undef

bashrc_source

Data type: Optional[Stdlib::Filesource]

A source file containing the content to place in the user's ~/.bashrc file. Mutually exclusive to bashrc_content.

Default value: undef

comment

Data type: String

A comment describing or regarding the user.

Default value: $name

create_group

Data type: Boolean

Specifies if you want to create a group with the user's name.

Default value: true

expiry

Data type: Optional[Accounts::User::Expiry]

Specifies the date the user account expires on. Valid values: YYYY-MM-DD date format, or 'absent' to remove expiry date.

Default value: undef

forcelocal

Data type: Optional[Boolean]

Specifies whether you want to manage a local user/group that is also managed by a network name service.

Default value: undef

forward_content

Data type: Optional[String]

The content to place in the user's ~/.forward file. Mutually exclusive to forward_source.

Default value: undef

forward_source

Data type: Optional[Stdlib::Filesource]

A source file containing the content to place in the user's ~/.forward file. Mutually exclusive to forward_content.

Default value: undef

gid

Data type: Optional[Accounts::User::Uid]

Specifies the gid of the user's primary group. Must be specified numerically.

Default value: undef

group

Data type: Accounts::User::Name

Specifies the name of the user's primary group. By default, this uses a group named the same as user name

Default value: $name

groups

Data type: Array[Accounts::User::Name]

Specifies the user's group memberships.

Default value: []

home

Data type: Optional[Stdlib::Unixpath]

Specifies the path to the user's home directory.

• Linux, non-root user: '/home/$name'

• Linux, root user: '/root'

• Solaris, non-root user: '/export/home/$name'

• Solaris, root user: '/'

Default value: undef

home_mode

Data type: Optional[Stdlib::Filemode]

Manages the user's home directory permission mode. Valid values are in octal notation, specified as a string. Defaults to undef, which creates a home directory with 0700 permissions. It does not touch them if the directory already exists. Keeping it undef also allows a user to manage their own permissions. If home_mode is set, Puppet enforces the permissions on every run.

Default value: undef

ignore_password_if_empty

Data type: Boolean

Specifies whether an empty password attribute should be ignored. If set to true, a password attribute that is defined but set to the empty string is ignored, allowing the password to be managed outside of this Puppet module. If set to false, it sets the password to an empty value.

Default value: false

iterations

Data type: Optional[Accounts::User::Iterations]

This is the number of iterations of a chained computation of the PBKDF2 password hash. This field is required for managing passwords on OS X >= 10.8.

Default value: undef

locked

Data type: Boolean

Specifies whether the account should be locked and the user prevented from logging in. Set to true for users whose login privileges have been revoked.

Default value: false

managehome

Data type: Boolean

Specifies whether the user's home directory should be created when adding a user.

Default value: true

managevim

Data type: Boolean

Specifies whether or not the .vim folder should be created within the managed accounts home directory.

Default value: true

membership

Data type: Enum['inclusive','minimum']

Establishes whether specified groups should be considered the complete list (inclusive) or the minimum list (minimum) of groups to which the user belongs. Valid values: 'inclusive', 'minimum'.

Default value: 'minimum'

name

Name of the user.

password

Data type: Variant[String, Sensitive[String]]

The user's password, in whatever encrypted format the local machine requires. Default: '!!', which prevents the user from logging in with a password.

Default value: '!!'

password_max_age

Data type: Optional[Accounts::User::PasswordMaxAge]

Maximum number of days a password may be used before it must be changed. Allows any integer from -1 to 99999. See the user resource.

Default value: undef

purge_sshkeys

Data type: Boolean

Whether keys not included in sshkeys should be removed from the user. If purge_sshkeys is true and sshkeys is an empty array, all SSH keys will be removed from the user.

Default value: false

purge_user_home

Data type: Boolean

Whether to force recurse remove user home directories when removing a user. Defaults to false.

Default value: false

salt

Data type: Optional[String]

This is the 32-byte salt used to generate the PBKDF2 password used in OS X. This field is required for managing passwords on OS X >= 10.8.

Default value: undef

shell

Data type: Stdlib::Unixpath

Manages the user shell.

Default value: '/bin/bash'

sshkey_custom_path

Data type: Optional[Stdlib::Unixpath]

Custom location for ssh public key file.

Default value: undef

sshkey_group

Data type: Optional[Accounts::User::Name]

Specifies the group of the sshkey file

Default value: $group

sshkey_owner

Data type: Optional[Accounts::User::Name]

Specifies the owner of the sshkey file

Default value: $name

sshkey_mode

Data type: Variant[Integer[0],String]

Specifies the mode of the sshkey file .ssh/authorized_keys.

Default value: '0600'

sshkeys

Data type: Array[String[1]]

An array of SSH public keys associated with the user. These should be complete public key strings that include the type, content and name of the key, exactly as it would appear in its id_*.pub file, or with an optional options string preceding the other components, as it would appear as an entry in an authorized_keys file. Must be an array.

Examples:

• ssh-rsa AAAAB3NzaC1y... bob@example.com

• from="myhost.example.com,192.168.1.1" ssh-rsa AAAAQ4ng... bob2@example.com

Note that for multiple keys, the name component (the last) must be unique.

Default value: []

system

Data type: Boolean

Specifies if you want to create a system account.

Default value: false

uid

Data type: Optional[Accounts::User::Uid]

Specifies the user's uid number. Must be specified numerically.

Default value: undef

Functions

accounts_ssh_authorized_keys_line_parser

Type: Ruby 4.x API

Parse an ssh authorized_keys line string into an array using its expected pattern by using a combination of regex matching and extracting the substring before the match as ssh-options. This allows whitespaces inside the options and inside the comment and is consistent with the behavior of openssh. The returned options element can by an empty string.

Examples

Calling the function

accounts_ssh_authorized_keys_line_parser_string('options ssh-rsa AAAA... comment)

accounts_ssh_authorized_keys_line_parser(String[1] $str)

Parse an ssh authorized_keys line string into an array using its expected pattern by using a combination of regex matching and extracting the substring before the match as ssh-options. This allows whitespaces inside the options and inside the comment and is consistent with the behavior of openssh. The returned options element can by an empty string.

Returns: Array of authroized_keys_line components: ['options','keytype','key','comment']

Examples

Calling the function

accounts_ssh_authorized_keys_line_parser_string('options ssh-rsa AAAA... comment)

str

Data type: String[1]

ssh authorized_keys line string

accounts_ssh_options_parser

Type: Ruby 4.x API

Parse an ssh authorized_keys option string into an array using its expected pattern which matches a crazy regex slightly modified from shell words. The pattern should be a string.

Examples

Calling the function

accounts_ssh_option_parser_string()

accounts_ssh_options_parser(String $str)

Parse an ssh authorized_keys option string into an array using its expected pattern which matches a crazy regex slightly modified from shell words. The pattern should be a string.

Returns: Array Separated components of the string

Examples

Calling the function

accounts_ssh_option_parser_string()

str

Data type: String

ssh authorized_keys option string

Data types

Accounts::Group::Hash

Group resoureces hash. Passed as the second parameter of the ensure_resources function.

Alias of Hash[Accounts::User::Name, Accounts::Group::Resource]

Accounts::Group::Provider

Group provider. You will seldom need to specify this -- Puppet will usually discover the appropriate provider for your platform.

Alias of Enum['aix', 'directoryservice', 'groupadd', 'ldap', 'pw', 'windows_adsi']

Accounts::Group::Resource

Group attributes hash. Passed as the third parameter of the ensure_resources function.

Alias of

Struct[{ Optional[ensure]          => Enum['absent', 'present'],
    Optional[allowdupe]       => Boolean,
    Optional[auth_membership] => Boolean,
    Optional[forcelocal]      => Boolean,
    Optional[gid]             => Accounts::User::Uid,
    Optional[members]         => Array[Accounts::User::Name],
    Optional[name]            => Accounts::User::Name,
    Optional[provider]        => Accounts::Group::Provider,
    Optional[system]          => Boolean,
  }]

Accounts::User::Expiry

Account expiration date. Either 'absent' or a YYYY-MM-DD datestring.

Alias of Variant[Enum['absent'], Pattern[/\A(19|[2-9]\d)\d\d-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])\z/]]

Accounts::User::Hash

User resources hash. Passed as the second parameter of the ensure_resources function.

Alias of Hash[Accounts::User::Name, Accounts::User::Resource]

Accounts::User::Iterations

Password hash iterations. This parameter is used in OS X, and is required for managing passwords on OS X 10.8 and newer.

Alias of Variant[Integer[1,], Pattern[/\A[1-9]\d*\z/]]

Accounts::User::Name

Account (user or group) name. From useradd(8): It is usually recommended to only use usernames that begin with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes. They can end with a dollar sign. Usernames may only be up to 32 characters long.

Many installations also allow capitals or periods, for example to separate first and last names.

Alias of Pattern[/\A[a-zA-Z0-9_]([a-zA-Z.0-9_-]{0,30}[a-zA-Z0-9_$-])?\z/]

Accounts::User::PasswordMaxAge

Max password age. On most systems, the default value of 99999 is about 274 years, which effectively disables password aging.

Alias of Integer[-1, 99999]

Accounts::User::Resource

User attributes hash. Passed as the third parameter of the ensure_resources function.

Alias of

Struct[{ Optional[ensure]                   => Enum['absent','present'],
    Optional[allowdupe]                => Boolean,
    Optional[bash_profile_content]     => String,
    Optional[bash_profile_source]      => Stdlib::Filesource,
    Optional[bashrc_content]           => String,
    Optional[bashrc_source]            => Stdlib::Filesource,
    Optional[comment]                  => String,
    Optional[create_group]             => Boolean,
    Optional[expiry]                   => Accounts::User::Expiry,
    Optional[forcelocal]               => Boolean,
    Optional[forward_content]          => String,
    Optional[forward_source]           => Stdlib::Filesource,
    Optional[gid]                      => Accounts::User::Uid,
    Optional[group]                    => Accounts::User::Name,
    Optional[groups]                   => Array[Accounts::User::Name],
    Optional[name]                     => Accounts::User::Name,
    Optional[home]                     => Stdlib::Unixpath,
    Optional[home_mode]                => Stdlib::Filemode,
    Optional[ignore_password_if_empty] => Boolean,
    Optional[iterations]               => Accounts::User::Iterations,
    Optional[locked]                   => Boolean,
    Optional[managehome]               => Boolean,
    Optional[managevim]                => Boolean,
    Optional[membership]               => Enum['inclusive','minimum'],
    Optional[password]                 => String,
    Optional[password_max_age]         => Accounts::User::PasswordMaxAge,
    Optional[purge_sshkeys]            => Boolean,
    Optional[purge_user_home]          => Boolean,
    Optional[salt]                     => String,
    Optional[shell]                    => Stdlib::Unixpath,
    Optional[sshkey_custom_path]       => Stdlib::Unixpath,
    Optional[sshkey_owner]             => Accounts::User::Name,
    Optional[sshkey_group]             => Accounts::User::Name,
    Optional[sshkeys]                  => Array[String],
    Optional[system]                   => Boolean,
    Optional[uid]                      => Accounts::User::Uid,
  }]

Accounts::User::Uid

Numeric user ID. On most Unix systems, the highest uid is 2^32 - 1, or 4294967295.

Alias of

Variant[Integer[0,4294967295], Pattern[/\A0\z/,
    /\A[1-3]\d{0,9}\z/,
    /\A[4-9]\d{0,8}\z/,
    /\A4[0-1]\d{8}\z/,
    /\A42[0-8]\d{7}\z/,
    /\A429[0-3]\d{6}\z/,
    /\A4294[0-8]\d{5}\z/,
    /\A42949[0-5]\d{4}\z/,
    /\A429496[0-6]\d{3}\z/,
    /\A4294967[0-1]\d{2}\z/,
    /\A42949672[0-8]\d\z/,
    /\A429496729[0-5]\z/,
  ]]

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

v8.2.1 - 2024-08-13

Full Changelog

Fixed

• (MODULES-11458) Revert deferred function #490 (Ramesh7)

v8.2.0 - 2024-05-08

Full Changelog

Added

• accounts_ssh_authorized_keys_line_parser: Output regex matches when sshkey format isnt correct #484 (bastelfreak)

Fixed

• usermanagement: prohibit empty ssh keys #483 (bastelfreak)

v8.1.1 - 2024-03-26

Full Changelog

Fixed

• Accounts::User::Resource: Fix duplicate key name #477 (Ramesh7)

v8.1.0 - 2023-06-19

Full Changelog

Added

• CONT-593_adding deferred function #447 (malikparvez)
• pdksync - (MAINT) - Allow Stdlib 9.x #446 (LukasAud)

Fixed

• Remove workaround from user.pp #439 (CoreyCook8)

v8.0.0 - 2023-04-06

Full Changelog

Changed

• (CONT-850) Puppet 8 support / Drop Puppet 6 #441 (LukasAud)

v7.3.1 - 2023-01-27

Full Changelog

Fixed

• Update bash_profile so that it identifies itself as "Puppet Managed" #426 (bschonec)
• pdksync - (CONT-189) Remove support for RedHat6 / OracleLinux6 / Scientific6 #424 (david22swan)
• pdksync - (CONT-130) Dropping Support for Debian 9 #421 (jordanbreen28)

v7.3.0 - 2022-10-03

Full Changelog

Added

• pdksync - (GH-cat-11) Certify Support for Ubuntu 22.04 #414 (david22swan)
• pdksync - (GH-cat-12) Add Support for Redhat 9 #413 (david22swan)

Fixed

• Fix sshkey_mode bug #415 (holtwilkins)

v7.2.0 - 2022-05-16

Full Changelog

Added

• Added new SSH key type. #410 (PorkCharsui79)
• pdksync - (IAC-1753) - Add Support for AlmaLinux 8 #397 (david22swan)
• pdksync - (IAC-1751) - Add Support for Rocky 8 #395 (david22swan)

Fixed

• pdksync - (GH-iac-334) Remove Support for Ubuntu 16.04 #401 (david22swan)
• pdksync - (IAC-1787) Remove Support for CentOS 6 #398 (david22swan)
• pdksync - (IAC-1598) - Remove Support for Debian 8 #394 (david22swan)

v7.1.1 - 2021-08-26

Full Changelog

Fixed

• (IAC-1741) Allow stdlib v8.0.0 #392 (david22swan)

v7.1.0 - 2021-08-16

Full Changelog

Added

• pdksync - (IAC-1709) - Add Support for Debian 11 #391 (david22swan)
• MODULES-11100 - Add sk-ecdsa public key support, and implement tests for sk-ecdsa and ecdsa keys #388 (vollmerk)

v7.0.2 - 2021-03-29

Full Changelog

Fixed

• (IAC-1497) - Removal of unsupported translate dependency #373 (david22swan)
• (MODULES-10892) Update name.pp #353 (LooOOooM)

v7.0.1 - 2021-03-15

Full Changelog

Fixed

• (MODULES-10960) Selector needs multiple checks in brackets. #369 (tuxmea)

v7.0.0 - 2021-03-01

Full Changelog

Changed

• Update metadata.json - remove ubuntu 14.04 #368 (daianamezdrea)
• pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 #359 (carabasdaniel)

Fixed

• (MODULES-10867) Ensure ssh key name is unique based on type, content and description #340 (mdklapwijk)

v6.4.0 - 2020-12-14

Full Changelog

Added

• pdksync - (maint) - Add support for Puppet 7 #350 (pmcmaw)
• MODULES-10862 add support for authorized_keys file mode #338 (simondeziel)

v6.3.0 - 2020-09-24

Full Changelog

v6.2.0 - 2020-09-24

Full Changelog

Added

• Allow for Sensitive type passwords in accounts::user #333 (jarretlavallee)
• pdksync - (IAC-973) - Update travis/appveyor to run on new default branch main #318 (david22swan)
• (IAC-746) - Add ubuntu 20.04 support #312 (david22swan)

Fixed

• (MODULES-10798) Ensure group is created for user only if undefined #334 (michaeltlombardi)
• (IAC-975) - Removal of inappropriate terminology in module #320 (pmcmaw)

v6.1.1 - 2020-04-30

Full Changelog

v6.1.0 - 2020-04-30

Full Changelog

Added

• Employ more lenient username checks (allow capitals) #286 (mvandegarde)
• (MODULES-10242) Re-add Ubuntu 14 to supported OS list #281 (sheenaajay)

Fixed

• MODULES-10550 fix keyspec parsing to allow whitespaces in options and… #291 (janit42)

v6.0.0 - 2019-11-11

Full Changelog

Changed

• pdksync - FM-8499 - remove ubuntu14 support #277 (lionce)

Added

• (FM-8671) - Support added for CentOS 8 #278 (david22swan)

Fixed

• fix small typo on the root_home key at Debian.yaml #260 (wandenberg)
• Use user group instead of user name for sshkey owner group #258 (florindragos)

v5.0.0 - 2019-09-11

Full Changelog

Changed

• (MODULES-9712) Move data into hiera. #241 (pillarsdotnet)

Added

• (FM-8392) Add debian 10 to provision.yaml #251 (ThoughtCrhyme)

Fixed

• (MODULES-9849) wrong order when removing user with custom sshkey file #250 (tuxmea)
• fix problematic parsing of keyspec #246 (EECOLOR)
• (MODULES-9697) fix for correct management of sshkey_custom_path #242 (tuxmea)

v4.2.0 - 2019-08-02

Full Changelog

Added

• (FM-8231) Convert testing to litmus #230 (eimlav)

Fixed

• MODULES-9447 -- Narrow dependency between removed user and group. #232 (pillarsdotnet)

v4.1.0 - 2019-05-29

Full Changelog

Added

• (FM-8023) Add RedHat 8 support #227 (eimlav)
• (MODULES-7469) Add password_max_age parameter #221 (eimlav)

Fixed

• (MODULES-8968) Test account removal. #226 (pillarsdotnet)

v4.0.0 - 2019-05-10

Full Changelog

Changed

• pdksync - (MODULES-8444) - Raise lower Puppet bound #218 (david22swan)
• (MODULES-8909) Add type-aliases and auto-loading. #214 (pillarsdotnet)

Fixed

• (MODULES-8909) Allow periods in usernames. #220 (pillarsdotnet)
• Remove user when custom sshkey file is set #213 (tuxmea)

3.2.0 - 2019-01-22

Full Changelog

Added

• (MODULES-8302) - Add allowdupe parameter #199 (eimlav)
• (MODULES-8149) - Addition of support for SLES 15 #197 (david22swan)

Fixed

• (MODULES-8216) - Fix fail when custom_sshkey_path and managehome=false #194 (eimlav)
• Fixing the limitations section of the README #191 (HelenCampbell)

3.1.0 - 2018-09-27

Full Changelog

Added

• pdksync - (FM-7392) puppet 6 testing changes #187 (tphoney)
• pdksync - (MODULES-6805) metadata.json shows support for puppet 6 #185 (tphoney)
• (LOC-173) Delivering translation for readmes/README_ja_JP.markdown #177 (ehom)

Fixed

• (maint) corrected filename extension for both en and ja #182 (ehom)
• Only take care of ssh-keys if ensure is set to 'present' #174 (opteamax)
• Rename README.markdown to README.MD #173 (clairecadman)

3.0.0 - 2018-09-07

Full Changelog

Changed

• Adding ability to specify custom ssh_key location #149 (ggeldenhuis)

Added

• (MODULES-7687) - Added Darwin compatibility #167 (eimlav)
• (FM-7287) - i18n Process Implemented. #159 (david22swan)
• (MODULES-5222) - managevim option added to manifests. #156 (david22swan)
• (FM-7289) - Added Puppet 4 data types to parameters #155 (eimlav)
• (MODULES-7671) - Support spaces in ssh key options #153 (dleske)
• (FM-7254) - Addition of support for Ubuntu 18.04 #150 (david22swan)

Fixed

• pdksync - (MODULES-7658) use beaker4 in puppet-module-gems #170 (tphoney)
• Fix error when deploying key into directory not owned by user #152 (tuxmea)

2.0.0 - 2018-06-28

Full Changelog

Changed

• [FM-6969] Removal of unsupported OS from accounts #143 (david22swan)

Added

• Add expiry property to user resource. #145 (jonnytdevops)
• (FM-7052) - Addition of Debian 9 support to accounts #144 (david22swan)
• Allow sshkeys to be reused for multiple accounts #130 (jcharaoui)
• Allow mode for homedir to be undef #126 (arjenz)

1.3.0 - 2018-01-22

Full Changelog

Fixed

• Don't create accounts::home_dir resources #123 (arjenz)

1.2.1 - 2017-11-20

Full Changelog

1.2.0 - 2017-11-14

Full Changelog

Added

• Support ssh authorized key options #110 (rgevaert)
• Group name #85 (wpowell-ossg)
• added option to set system user or group #82 (netman2k)
• Added the option to create or not a group with the user name #81 (jsanvall)
• Allow the use of the source param for bash files. #74 (MG2R)
• Allow duplicate keys to be associated with multiple accounts. #54 (ian-d)

Fixed

• Skips password check test on Solaris #105 (willmeek)
• (MODULES-5778) Set operatingsystem fact in specs #104 (rodjek)
• Update Puppet version compatibility #87 (HelenCampbell)
• Revert "Allow duplicate keys to be associated with multiple accounts." #75 (eputnam)

1.1.0 - 2016-09-20

Full Changelog

Added

• Allow non-managed SSH keys to be purged from user. #42 (ian-d)

1.0.0 - 2015-12-08

Full Changelog