diff --git a/metadata.rb b/metadata.rb index ba3ab7d..ca87abc 100644 --- a/metadata.rb +++ b/metadata.rb @@ -4,7 +4,7 @@ maintainer_email 'psi-jack@linux-help.org' license 'GPLv3' description 'Installs/Configures freeipa' long_description 'Installs/Configures freeipa' -version '0.1.4' +version '0.1.5' depends 'ohai' depends 'chef-vault' diff --git a/providers/group.rb b/providers/group.rb new file mode 100644 index 0000000..eb45e6c --- /dev/null +++ b/providers/group.rb @@ -0,0 +1,14 @@ +def whyrun_supported? + true +end + +action :remove do + Chef::Log.warn('Remove ipa_group triggered') +end + +action :create do + Chef::Log.warn('Add ipa_group triggered') +end + +private + diff --git a/providers/user.rb b/providers/user.rb new file mode 100644 index 0000000..3ade096 --- /dev/null +++ b/providers/user.rb @@ -0,0 +1,62 @@ +def whyrun_supported? + true +end + +use_inline_resources + +action :remove do + Chef::Log.warn('Remove ipa_user triggered') +end + +action :create do + Chef::Log.debug('Add ipa_user triggered') + if ipa_krblogin then + if ipa_userexist?(new_resource.name) then + Chef::Log.info("User " + new_resource.name + " already exists in IPA") + new_resource.updated_by_last_action(false) + else + Chef::Log.info("User " + new_resource.name + " being added to IPA") + new_resource.updated_by_last_action(true) + end + end +end + +private + +def ipa_krblogin + if ::File.exist?('/etc/ipa/admin.password') then + system 'kinit admin -l 1h < /etc/ipa/admin.password &>/dev/null' + if $? == 0 then + Chef::Log.info('IPA login successful') + true + else + Chef::Log.fatal('IPA login failed') + false + end + else + Chef::Log.fatal('IPA Admin Password file does not exist') + false + end +end + +def ipa_userexist?(username) + check = `/usr/bin/ipa user-find --pkey-only --raw | /usr/bin/tr -d " " | /bin/grep "^uid:" | /bin/cut -b 5-`.split + if check.include?(username) then + true + else + false + end +end + +def ipaFirstName(name) + name.gsub(/\s+/m, ' ').strip.split(" ")[0] +end + +def ipaLastName(name) + name.gsub(/\s+/m, ' ').strip.split(" ")[-1] +end + +def ipaInitials(name) + ipaFirstName(name)[0].upcase + ipaLastName(name)[0].upcase +end + diff --git a/recipes/example.rb b/recipes/example.rb new file mode 100644 index 0000000..bf7f194 --- /dev/null +++ b/recipes/example.rb @@ -0,0 +1,17 @@ +# +# Cookbook Name:: freeipa +# Recipe:: default +# +# Copyright (C) 2016 YOUR_NAME +# +# All rights reserved - Do Not Redistribute +# + +freeipa_user "psi-jack" do + action :create +end + +freeipa_user "admin" do + action :create +end + diff --git a/resources/group.rb b/resources/group.rb new file mode 100644 index 0000000..a4ab240 --- /dev/null +++ b/resources/group.rb @@ -0,0 +1,10 @@ +actions :create, :remove +default_action :create + +attribute :name, kind_of: String +attribute :desc, kind_of: String +attribute :gidnumber, kind_of: String + +attribute :nonposix, kind_of: [TrueClass, FalseClass], default: false +attribute :external, kind_of: [TrueClass, FalseClass], default: false + diff --git a/resources/user.rb b/resources/user.rb new file mode 100644 index 0000000..b78cf51 --- /dev/null +++ b/resources/user.rb @@ -0,0 +1,38 @@ +actions :create, :remove +default_action :create + +attribute :username, :kind_of => String, :name_attribute => true, :required => true +attribute :firstname, :kind_of => String +attribute :lastname, :kind_of => String +attribute :fullname, :kind_of => String +attribute :displayname, :kind_of => String +attribute :homedir, :kind_of => String +attribute :gecos, :kind_of => String +attribute :email, :kind_of => String +attribute :shell, :kind_of => String, :default => '/bin/bash' +attribute :password, :kind_of => String +attribute :uidnumber, :kind_of => Integer +attribute :gidnumber, :kind_of => Integer +attribute :usergroup, :kind_of => [TrueClass, FalseClass], :default => true + +attribute :sshpubkey, :kind_of => Array + +attribute :street, :kind_of => String +attribute :city, :kind_of => String +attribute :state, :kind_of => String +attribute :postal_code, :kind_of => String +attribute :phone, :kind_of => String +attribute :mobile, :kind_of => String +attribute :pager, :kind_of => String +attribute :fax, :kind_of => String +attribute :carlicense, :kind_of => String +attribute :orgunit, :kind_of => String +attribute :title, :kind_of => String +attribute :manager, :kind_of => String +attribute :department_number, :kind_of => String +attribute :employee_number, :kind_of => String +attribute :employee_type, :kind_of => String +attribute :preferred_langugae, :kind_of => String + +attr_accessor :exists #This is a standard ruby accessor, use this to set flags for current state. +