kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Update upstream cookbooks

Browse Source
This commit is contained in:
Greg Karékinian
2017-03-20 13:19:10 +00:00
parent bfd2d52ea8
commit bcfd44b923
340 changed files with 12576 additions and 5465 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cookbooks/users/.foodcritic Normal file
View File

@@ -0,0 +1 @@
~FC003

31
cookbooks/users/CHANGELOG.md
View File

@@ -1,13 +1,36 @@
# users Cookbook CHANGELOG
This file is used to list changes made in each version of the users cookbook.
## 4.0.3 (2016-11-23)
- Update manage provider to return true/false in guard block which avoids warnings during run on Chef 12.14+
## 4.0.2 (2016-11-18)
- Deprecate the sysadmins recipe
## 4.0.1 (2016-09-15)
- Fix creation of user home directory
## 4.0.0 (2016-09-15)
- Add chef_version to the metadata
- Require Chef 12.1+
- Testing updates
- Fixed compatibility with Chef 12.14
- Properly define the Chefspec matcher
- Add a warning if someone includes users::default since that does nothing
## v3.0.0
- @onlyhavecans - Fix FreeBSD support
- @stem - Fix user creation on Mac OS X on 10.7 and 10.8
- Remove old style chef solo code to clean up rubocop issues, move to using cookstyle
- Adding zlinux support
## v2.0.3
- ([@nkadel-skyhook][]) - create .ssh directory only if keys are configured.
- ([@signe][]) - allow force parameter to be specified for users configured to be removed.
- ([@FlorentFlament][]) - adding the ability to manage groups for existing users.
- @nkadel-skyhook - create .ssh directory only if keys are configured.
- @signe - allow force parameter to be specified for users configured to be removed.
- @FlorentFlament - adding the ability to manage groups for existing users.
## v2.0.2 (2016-1-25)
- ([@375gnu][]) - validate uid/gid for strings versus numeric
- @375gnu- validate uid/gid for strings versus numeric
- fix rubocop errors based on https://github.com/bbatsov/rubocop/issues/2608
- fix kitchen configurations for testing

12
cookbooks/users/MAINTAINERS.md
View File

@@ -1,19 +1,15 @@
<!-- This is a generated file. Please do not edit directly -->
# Maintainers
This file lists how this cookbook project is maintained. When making changes to the system, this
file tells you who needs to review your patch - you need a simple majority of maintainers
for the relevant subsystems to provide a :+1: on your pull request. Additionally, you need
to not receive a veto from a Lieutenant or the Project Lead.
Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD)
for details on the process and how to become a maintainer or the project lead.
This file lists how this cookbook project is maintained. When making changes to the system, this file tells you who needs to review your patch - you need a review from an existing maintainer for the cookbook to provide a :+1: on your pull request. Additionally, you need to not receive a veto from a Lieutenant or the Project Lead.
Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) for details on the process and how to become a maintainer or the project lead.
# Project Maintainer
* [Tim Smith](https://github.com/tas50)
* [Jennifer Davis](https://github.com/sigje)
# Maintainers
* [Jennifer Davis](https://github.com/sigje)
* [Sean OMeara](https://github.com/someara)
* [Tim Smith](https://github.com/tas50)
* [Thom May](https://github.com/thommay)

76
cookbooks/users/README.md
View File

@@ -1,4 +1,5 @@
# users Cookbook
[![Build Status](https://travis-ci.org/chef-cookbooks/users.svg?branch=master)](http://travis-ci.org/chef-cookbooks/users) [![Cookbook Version](https://img.shields.io/cookbook/v/users.svg)](https://supermarket.chef.io/cookbooks/users)
Manages OS users from databags.
@@ -13,22 +14,24 @@ A data bag populated with user objects must exist. The default data bag in this
### Chef
- Chef 11+
- Chef 12.1+
### Platform Support
The following platforms have been tested with Test Kitchen:
- Debian / Ubuntu and derivatives
- RHEL and derivatives
- Fedora
- RHEL and derivatives
- Fedora
- FreeBSD / OpenBSD
- Mac OS X
### Cookbook Dependencies
- none
## Usage
To use the resource `users_manage`, make sure to add the dependency on the users cookbook by the following line to your wrapper cookbook's [metadata.rb](https://docs.chef.io/config_rb_metadata.html):
```
@@ -46,7 +49,7 @@ Then in a recipe:
```ruby
users_manage 'GROUPNAME' do
group_id GROUPID
action [:remove, :create]
action [:create]
data_bag 'DATABAG_NAME'
end
```
@@ -56,7 +59,7 @@ Example:
```ruby
users_manage 'testgroup' do
group_id 3000
action [:remove, :create]
action [:create]
data_bag 'test_home_dir'
end
```
@@ -82,23 +85,22 @@ A sample user object in a users databag would look like:
}
```
### Databag Key Definitions
### Databag Key Definitions
* `id`: *String* specifies the username, as well as the data bag object id.
* `password`: *String* specifies the user's password.
* `ssh_keys`: *Array* an array of authorized keys that will be managed by Chef to the user's home directory in .ssh/authorized_keys
* `groups`: *Array* an array of groups that the user will be added to
* `uid`: *Integer* a unique identifier for the user
* `shell`: *String* the user's shell
* `comment`:*String* the [GECOS field](https://en.wikipedia.org/wiki/Gecos_field), generally the User's full name.
- `id`: _String_ specifies the username, as well as the data bag object id.
- `password`: _String_ specifies the user's password.
- `ssh_keys`: _Array_ an array of authorized keys that will be managed by Chef to the user's home directory in .ssh/authorized_keys
- `groups`: _Array_ an array of groups that the user will be added to
- `uid`: _Integer_ a unique identifier for the user
- `shell`: _String_ the user's shell
- `comment`:_String_ the [GECOS field](https://en.wikipedia.org/wiki/Gecos_field), generally the User's full name.
Other potential fields:
* `home`: *String* User's home directory. If not assigned, will be set based on platform and username.
* `action`: *String* Supported actions are one's supported by the [user](https://docs.chef.io/resource_user.html#actions) resource. If not specified, the default action is `create`.
* `ssh_private_key`: *String* manages user's private key generally ~/.ssh/id_*
* `ssh_public_key`: *String* manages user's public key generally ~/.ssh/id_*.pub
- `home`: _String_ User's home directory. If not assigned, will be set based on platform and username.
- `action`: _String_ Supported actions are one's supported by the [user](https://docs.chef.io/resource_user.html#actions) resource. If not specified, the default action is `create`.
- `ssh_private_key`: _String_ manages user's private key generally ~/.ssh/id_*
- `ssh_public_key`: _String_ manages user's public key generally ~/.ssh/id_*.pub
## Resources Overview
@@ -113,26 +115,26 @@ Creates the `sysadmin` group and users defined in the `users` databag.
```ruby
users_manage 'sysadmin' do
group_id 2300
action [:remove, :create]
action [:create]
end
```
Removes, then creates the `testgroup` group, and users defined in the `test_home_dir` databag.
Creates the `testgroup` group, and users defined in the `test_home_dir` databag.
```ruby
users_manage 'testgroup' do
group_id 3000
action [:remove, :create]
action [:create]
data_bag 'test_home_dir'
end
```
Removes, then creates the `nfsgroup` group, and users defined in the `test_home_dir` databag and does not manage nfs home directories.
Creates the `nfsgroup` group, and users defined in the `test_home_dir` databag and does not manage nfs home directories.
```ruby
users_manage 'nfsgroup' do
group_id 4000
action [:remove, :create]
action [:create]
data_bag 'test_home_dir'
manage_nfs_home_dirs false
end
@@ -140,17 +142,21 @@ end
#### Parameters
* `data_bag` *String* is the data bag to search
* `search_group` *String* groups name to search for, defaults to resource name
* `group_name` *String* name of the group to create, defaults to resource name
* `group_id` *Integer* numeric id of the group to create, default is to allow the OS to pick next
* `cookbook` *String* name of the cookbook that the authorized_keys template should be found in
* `manage_nfs_home_dirs` *Boolean* whether to manage nfs home directories.
- `data_bag` _String_ is the data bag to search
- `search_group` _String_ groups name to search for, defaults to resource name
- `group_name` _String_ name of the group to create, defaults to resource name
- `group_id` _Integer_ numeric id of the group to create, default is to allow the OS to pick next
- `cookbook` _String_ name of the cookbook that the authorized_keys template should be found in
- `manage_nfs_home_dirs` _Boolean_ whether to manage nfs home directories.
Otherwise, this cookbook is specific for setting up `sysadmin` group and users with the sysadmins recipe for now.
## Recipe Overview
### Deprecation Notice
This recipe has been deprecated and the resource will be removed from the recipe in a new major release of this cookbook in April 2017\. The functionality can easily be recreated and changed to suit your organization by copying the single resource below into your own cookbook.
`sysadmins.rb`: recipe that manages the group sysadmins with group id 2300, and adds users to this group.
To use:
@@ -164,15 +170,15 @@ The recipe is defined as follows:
```ruby
users_manage "sysadmin" do
group_id 2300
action [ :remove, :create ]
action [ :create ]
end
```
This `users_manage` resource searches the `users` data bag for the `sysadmin` group attribute, and adds those users to a Unix security group `sysadmin`. The only required attribute is group_id, which represents the numeric Unix gid and _must_ be unique. The default action for the resource is `:create`.
The recipe, by default, will also create the sysadmin group. The sysadmin group will be created with GID 2300. This may become an attribute at a later date.
The recipe, by default, will also create the sysadmin group. The sysadmin group will be created with GID 2300.
## Data bag Overview
## Data bag Overview
**Reminder** Data bags generally should not be stored in cookbooks, but in a policy repo within your organization. Data bags are useful across cookbooks, not just for a single cookbook.
@@ -289,14 +295,12 @@ $ mkdir data_bags/users
$EDITOR data_bags/users/bofh.json
```
Paste the user's public SSH key into the ssh_keys value. Also make sure the uid is unique, and if you're not using bash, that the shell is installed.
Paste the user's public SSH key into the ssh_keys value. Also make sure the uid is unique, and if you're not using bash, that the shell is installed.
The Apache cookbook can set up authentication using OpenIDs, which is set up using the openid key here. See the Chef Software 'apache2' cookbook for more information about this.
## Chef Solo
As of version 1.4.0, this cookbook might work with Chef Solo when using [chef-solo-search by edelight](https://github.com/edelight/chef-solo-search). That cookbook is not a dependency of this one as Chef solo doesn't support dependency resolution using cookbook metadata - all cookbooks must be provided to the node manually when using Chef Solo.
## License & Authors
**Author:** Cookbook Engineering Team ([cookbooks@chef.io](mailto:cookbooks@chef.io))
**Copyright:** 2009-2016, Chef Software, Inc.

4
cookbooks/users/libraries/matchers.rb
View File

@@ -1,6 +1,6 @@
# Matchers for chefspec 3
if defined?(ChefSpec)
ChefSpec.define_matcher :users_manage
def create_users_manage(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:users_manage,
:create,

2
cookbooks/users/metadata.json
View File

File diff suppressed because one or more lines are too long

232
cookbooks/users/providers/manage.rb
View File

@@ -1,9 +1,9 @@
#
# Cookbook Name:: users
# Cookbook:: users
# Provider:: manage
#
# Copyright 2011, Eric G. Wolfe
# Copyright 2009-2015, Chef Software, Inc.
# Copyright:: 2011-2016, Eric G. Wolfe
# Copyright:: 2009-2016, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -24,26 +24,11 @@ def whyrun_supported?
true
end
def chef_solo_search_installed?
klass = ::Search.const_get('Helper')
return klass.is_a?(Class)
rescue NameError
return false
end
def search_missing?
Chef::Config[:solo] && !(Chef::Config[:local_mode] || chef_solo_search_installed?)
end
action :remove do
if search_missing?
Chef::Log.warn('This recipe uses search. Chef Solo does not support search unless you install the chef-solo-search cookbook.')
else
search(new_resource.data_bag, "groups:#{new_resource.search_group} AND action:remove") do |rm_user|
user rm_user['username'] ||= rm_user['id'] do
action :remove
force rm_user['force'] ||= false
end
search(new_resource.data_bag, "groups:#{new_resource.search_group} AND action:remove") do |rm_user|
user rm_user['username'] ||= rm_user['id'] do
action :remove
force rm_user['force'] ||= false
end
end
end
@@ -52,121 +37,120 @@ action :create do
users_groups = {}
users_groups[new_resource.group_name] = []
if search_missing?
Chef::Log.warn('This recipe uses search. Chef Solo does not support search unless you install the chef-solo-search cookbook.')
else
search(new_resource.data_bag, "groups:#{new_resource.search_group} AND NOT action:remove") do |u|
u['username'] ||= u['id']
u['groups'].each do |g|
users_groups[g] = [] unless users_groups.key?(g)
users_groups[g] << u['username']
search(new_resource.data_bag, "groups:#{new_resource.search_group} AND NOT action:remove") do |u|
u['username'] ||= u['id']
u['groups'].each do |g|
users_groups[g] = [] unless users_groups.key?(g)
users_groups[g] << u['username']
end
if node['apache'] && node['apache']['allowed_openids']
Array(u['openid']).compact.each do |oid|
node.default['apache']['allowed_openids'] << oid unless node['apache']['allowed_openids'].include?(oid)
end
end
# Platform specific checks
# Set home_basedir
# Set shell on FreeBSD
home_basedir = '/home'
case node['platform_family']
when 'mac_os_x'
home_basedir = '/Users'
when 'freebsd'
# Check if we need to prepend shell with /usr/local/?
u['shell'] = (!::File.exist?(u['shell']) && ::File.exist?("/usr/local#{u['shell']}") ? "/usr/local#{u['shell']}" : '/bin/sh')
end
# Set home to location in data bag,
# or a reasonable default ($home_basedir/$user).
home_dir = (u['home'] ? u['home'] : "#{home_basedir}/#{u['username']}")
# check whether home dir is null
manage_home = (home_dir == '/dev/null' ? false : true)
# The user block will fail if the group does not yet exist.
# See the -g option limitations in man 8 useradd for an explanation.
# This should correct that without breaking functionality.
group u['username'] do # ~FC022
gid validate_id(u['gid'])
only_if { u['gid'] && u['gid'].is_a?(Numeric) }
end
# Create user object.
# Do NOT try to manage null home directories.
user u['username'] do
uid validate_id(u['uid'])
gid validate_id(u['gid']) if u['gid']
shell u['shell']
comment u['comment']
password u['password'] if u['password']
salt u['salt'] if u['salt']
iterations u['iterations'] if u['iterations']
manage_home manage_home
home home_dir
action u['action'] if u['action']
end
if manage_home_files?(home_dir, u['username'])
Chef::Log.debug("Managing home files for #{u['username']}")
directory "#{home_dir}/.ssh" do
recursive true
owner u['uid'] ? validate_id(u['uid']) : u['username']
group validate_id(u['gid']) if u['gid']
mode '0700'
only_if { !!(u['ssh_keys'] || u['ssh_private_key'] || u['ssh_public_key']) }
end
if node['apache'] && node['apache']['allowed_openids']
Array(u['openid']).compact.each do |oid|
node.default['apache']['allowed_openids'] << oid unless node['apache']['allowed_openids'].include?(oid)
end
template "#{home_dir}/.ssh/authorized_keys" do
source 'authorized_keys.erb'
cookbook new_resource.cookbook
owner u['uid'] ? validate_id(u['uid']) : u['username']
group validate_id(u['gid']) if u['gid']
mode '0600'
variables ssh_keys: u['ssh_keys']
only_if { !!(u['ssh_keys']) }
end
# Platform specific checks
# Set home_basedir
# Set shell on FreeBSD
home_basedir = '/home'
case node['platform_family']
when 'mac_os_x'
home_basedir = '/Users'
when 'freebsd'
# Check if we need to prepend shell with /usr/local/?
u['shell'] = (!File.exist?(u['shell']) && File.exist?("/usr/local#{u['shell']}") ? "/usr/local#{u['shell']}" : '/bin/sh')
end
# Set home to location in data bag,
# or a reasonable default ($home_basedir/$user).
home_dir = (u['home'] ? u['home'] : "#{home_basedir}/#{u['username']}")
# check whether home dir is null
manage_home = (home_dir == '/dev/null' ? false : true)
# The user block will fail if the group does not yet exist.
# See the -g option limitations in man 8 useradd for an explanation.
# This should correct that without breaking functionality.
group u['username'] do
gid validate_id(u['gid'])
only_if { u['gid'] && u['gid'].is_a?(Numeric) }
end
# Create user object.
# Do NOT try to manage null home directories.
user u['username'] do
uid validate_id(u['uid'])
gid validate_id(u['gid']) if u['gid']
shell u['shell']
comment u['comment']
password u['password'] if u['password']
supports manage_home: manage_home
home home_dir
action u['action'] if u['action']
end
if manage_home_files?(home_dir, u['username'])
Chef::Log.debug("Managing home files for #{u['username']}")
directory "#{home_dir}/.ssh" do
owner u['uid'] ? validate_id(u['uid']) : u['username']
group validate_id(u['gid']) if u['gid']
mode '0700'
only_if { u['ssh_keys'] || u['ssh_private_key'] || u['ssh_public_key'] }
end
template "#{home_dir}/.ssh/authorized_keys" do
source 'authorized_keys.erb'
if u['ssh_private_key']
key_type = u['ssh_private_key'].include?('BEGIN RSA PRIVATE KEY') ? 'rsa' : 'dsa'
template "#{home_dir}/.ssh/id_#{key_type}" do
source 'private_key.erb'
cookbook new_resource.cookbook
owner u['uid'] ? validate_id(u['uid']) : u['username']
group validate_id(u['gid']) if u['gid']
mode '0600'
variables ssh_keys: u['ssh_keys']
only_if { u['ssh_keys'] }
mode '0400'
variables private_key: u['ssh_private_key']
end
if u['ssh_private_key']
key_type = u['ssh_private_key'].include?('BEGIN RSA PRIVATE KEY') ? 'rsa' : 'dsa'
template "#{home_dir}/.ssh/id_#{key_type}" do
source 'private_key.erb'
cookbook new_resource.cookbook
owner u['uid'] ? validate_id(u['uid']) : u['username']
group validate_id(u['gid']) if u['gid']
mode '0400'
variables private_key: u['ssh_private_key']
end
end
if u['ssh_public_key']
key_type = u['ssh_public_key'].include?('ssh-rsa') ? 'rsa' : 'dsa'
template "#{home_dir}/.ssh/id_#{key_type}.pub" do
source 'public_key.pub.erb'
cookbook new_resource.cookbook
owner u['uid'] ? validate_id(u['uid']) : u['username']
group validate_id(u['gid']) if u['gid']
mode '0400'
variables public_key: u['ssh_public_key']
end
end
else
Chef::Log.debug("Not managing home files for #{u['username']}")
end
end
# Populating users to appropriates groups
users_groups.each do |g, u|
group g do
members u
append true
action :manage # Do nothing if group doesn't exist
end unless g == new_resource.group_name # Dealing with managed group later
if u['ssh_public_key']
key_type = u['ssh_public_key'].include?('ssh-rsa') ? 'rsa' : 'dsa'
template "#{home_dir}/.ssh/id_#{key_type}.pub" do
source 'public_key.pub.erb'
cookbook new_resource.cookbook
owner u['uid'] ? validate_id(u['uid']) : u['username']
group validate_id(u['gid']) if u['gid']
mode '0400'
variables public_key: u['ssh_public_key']
end
end
else
Chef::Log.debug("Not managing home files for #{u['username']}")
end
end
# Populating users to appropriates groups
users_groups.each do |g, u|
group g do
members u
append true
action :manage # Do nothing if group doesn't exist
end unless g == new_resource.group_name # Dealing with managed group later
end
group new_resource.group_name do
gid new_resource.group_id if new_resource.group_id
members users_groups[new_resource.group_name]

6
cookbooks/users/recipes/default.rb
View File

@@ -1,8 +1,8 @@
#
# Cookbook Name:: users
# Cookbook:: users
# Recipe:: default
#
# Copyright 2009-2015, Chef Software, Inc.
# Copyright:: 2009-2016, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,4 +17,4 @@
# limitations under the License.
#
# Empty default recipe for including LWRPs.
Chef::Log.warn('The default users recipe does nothing. See the readme for information on using the users resources')

8
cookbooks/users/recipes/sysadmins.rb
View File

@@ -1,9 +1,9 @@
#
# Cookbook Name:: users
# Cookbook:: users
# Recipe:: sysadmins
#
# Copyright 2011, Eric G. Wolfe
# Copyright 2009-2015, Chef Software, Inc.
# Copyright:: 2011-2016, Eric G. Wolfe
# Copyright:: 2009-2016, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,6 +18,8 @@
# limitations under the License.
#
Chef::Log.warn('The sysadmins recipe has been deprecated. We suggest using the users_manage resource in your own cookbook if you need similar functionality. The resource in this recipe will be removed with a major release of the cookbook in April 2017')
# Searches data bag "users" for groups attribute "sysadmin".
# Places returned users in Unix group "sysadmin" with GID 2300.
users_manage 'sysadmin' do

4
cookbooks/users/resources/manage.rb
View File

@@ -1,8 +1,8 @@
#
# Cookbook Name:: users
# Cookbook:: users
# Resources:: manage
#
# Copyright 2011, Eric G. Wolfe
# Copyright:: 2011-2016, Eric G. Wolfe
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.