Initial Chef repository

cookbooks/rbac/providers/user.rb

@@ -0,0 +1,22 @@
+# The rbac_user LWRP is an internal set of classes used by other LWRPs to
+# delay writing of user attributes until the end of the chef run. It should not be
+# manually run.
+
+def load_current_resource
+  @current_resource = Chef::Resource::Rbac::User.new(@new_resource.user)
+end
+
+action :apply do
+  username = new_resource.user
+
+  auths = RBAC.authorizations[username]
+  permissions = auths.inject([]) do |auth, name|
+    auth + ["solaris.smf.manage.#{name}", "solaris.smf.value.#{name}"]
+  end.sort.uniq.join(',')
+
+  execute "Apply rbac authorizations to #{username}" do
+    command "usermod -A #{permissions} #{username}"
+    action :nothing
+    not_if "grep #{username} /etc/user_attr | grep 'auths=#{permissions}'"
+  end.run_action(:run)
+end