From f3b0665d6da2ebb446f4db356eb07658201c9025 Mon Sep 17 00:00:00 2001 From: Eric Renfro Date: Sun, 17 Jul 2016 10:07:56 -0400 Subject: [PATCH 1/2] Added dummy resources and providers for ipa_user and ipa_group --- metadata.rb | 2 +- providers/ipa_group.rb | 14 ++++++++++++++ providers/ipa_user.rb | 14 ++++++++++++++ resources/ipa_group.rb | 10 ++++++++++ resources/ipa_user.rb | 36 ++++++++++++++++++++++++++++++++++++ 5 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 providers/ipa_group.rb create mode 100644 providers/ipa_user.rb create mode 100644 resources/ipa_group.rb create mode 100644 resources/ipa_user.rb diff --git a/metadata.rb b/metadata.rb index ba3ab7d..ca87abc 100644 --- a/metadata.rb +++ b/metadata.rb @@ -4,7 +4,7 @@ maintainer_email 'psi-jack@linux-help.org' license 'GPLv3' description 'Installs/Configures freeipa' long_description 'Installs/Configures freeipa' -version '0.1.4' +version '0.1.5' depends 'ohai' depends 'chef-vault' diff --git a/providers/ipa_group.rb b/providers/ipa_group.rb new file mode 100644 index 0000000..eb45e6c --- /dev/null +++ b/providers/ipa_group.rb @@ -0,0 +1,14 @@ +def whyrun_supported? + true +end + +action :remove do + Chef::Log.warn('Remove ipa_group triggered') +end + +action :create do + Chef::Log.warn('Add ipa_group triggered') +end + +private + diff --git a/providers/ipa_user.rb b/providers/ipa_user.rb new file mode 100644 index 0000000..325b82d --- /dev/null +++ b/providers/ipa_user.rb @@ -0,0 +1,14 @@ +def whyrun_supported? + true +end + +action :remove do + Chef::Log.warn('Remove ipa_user triggered') +end + +action :create do + Chef::Log.warn('Add ipa_user triggered') +end + +private + diff --git a/resources/ipa_group.rb b/resources/ipa_group.rb new file mode 100644 index 0000000..a4ab240 --- /dev/null +++ b/resources/ipa_group.rb @@ -0,0 +1,10 @@ +actions :create, :remove +default_action :create + +attribute :name, kind_of: String +attribute :desc, kind_of: String +attribute :gidnumber, kind_of: String + +attribute :nonposix, kind_of: [TrueClass, FalseClass], default: false +attribute :external, kind_of: [TrueClass, FalseClass], default: false + diff --git a/resources/ipa_user.rb b/resources/ipa_user.rb new file mode 100644 index 0000000..7d6c931 --- /dev/null +++ b/resources/ipa_user.rb @@ -0,0 +1,36 @@ +actions :create, :remove +default_action :create + +attribute :name, kind_of: String +attribute :firstname, kind_of: String +attribute :lastname, kind_of: String +attribute :fullname, kind_of: String +attribute :displayname, kind_of: String +attribute :homedir, kind_of: String +attribute :gecos, kind_of: String +attribute :email, kind_of: String +attribute :shell, kind_of: String +attribute :password, kind_of: String +attribute :uidnumber, kind_of: Integer +attribute :gidnumber, kind_of: Integer +attribute :create_group, kind_of: [TrueClass, FalseClass], default: true + +attribute :sshpubkey, kind_of: String + +attribute :street, kind_of: String +attribute :city, kind_of: String +attribute :state, kind_of: String +attribute :postal_code, kind_of: String +attribute :phone, kind_of: String +attribute :mobile, kind_of: String +attribute :pager, kind_of: String +attribute :fax, kind_of: String +attribute :carlicense, kind_of: String +attribute :orgunit, kind_of: String +attribute :title, kind_of: String +attribute :manager, kind_of: String +attribute :department_number, kind_of: String +attribute :employee_number, kind_of: String +attribute :employee_type, kind_of: String +attribute :preferred_langugae, kind_of: String + From 52e9ae202cb678b2b74dd4d1c7eaf51aa3b01551 Mon Sep 17 00:00:00 2001 From: Eric Renfro Date: Sun, 17 Jul 2016 16:37:44 -0400 Subject: [PATCH 2/2] Renamed provider and resources to more shorter names --- providers/{ipa_group.rb => group.rb} | 0 providers/ipa_user.rb | 14 ------- providers/user.rb | 62 ++++++++++++++++++++++++++++ recipes/example.rb | 17 ++++++++ resources/{ipa_group.rb => group.rb} | 0 resources/ipa_user.rb | 36 ---------------- resources/user.rb | 38 +++++++++++++++++ 7 files changed, 117 insertions(+), 50 deletions(-) rename providers/{ipa_group.rb => group.rb} (100%) delete mode 100644 providers/ipa_user.rb create mode 100644 providers/user.rb create mode 100644 recipes/example.rb rename resources/{ipa_group.rb => group.rb} (100%) delete mode 100644 resources/ipa_user.rb create mode 100644 resources/user.rb diff --git a/providers/ipa_group.rb b/providers/group.rb similarity index 100% rename from providers/ipa_group.rb rename to providers/group.rb diff --git a/providers/ipa_user.rb b/providers/ipa_user.rb deleted file mode 100644 index 325b82d..0000000 --- a/providers/ipa_user.rb +++ /dev/null @@ -1,14 +0,0 @@ -def whyrun_supported? - true -end - -action :remove do - Chef::Log.warn('Remove ipa_user triggered') -end - -action :create do - Chef::Log.warn('Add ipa_user triggered') -end - -private - diff --git a/providers/user.rb b/providers/user.rb new file mode 100644 index 0000000..3ade096 --- /dev/null +++ b/providers/user.rb @@ -0,0 +1,62 @@ +def whyrun_supported? + true +end + +use_inline_resources + +action :remove do + Chef::Log.warn('Remove ipa_user triggered') +end + +action :create do + Chef::Log.debug('Add ipa_user triggered') + if ipa_krblogin then + if ipa_userexist?(new_resource.name) then + Chef::Log.info("User " + new_resource.name + " already exists in IPA") + new_resource.updated_by_last_action(false) + else + Chef::Log.info("User " + new_resource.name + " being added to IPA") + new_resource.updated_by_last_action(true) + end + end +end + +private + +def ipa_krblogin + if ::File.exist?('/etc/ipa/admin.password') then + system 'kinit admin -l 1h < /etc/ipa/admin.password &>/dev/null' + if $? == 0 then + Chef::Log.info('IPA login successful') + true + else + Chef::Log.fatal('IPA login failed') + false + end + else + Chef::Log.fatal('IPA Admin Password file does not exist') + false + end +end + +def ipa_userexist?(username) + check = `/usr/bin/ipa user-find --pkey-only --raw | /usr/bin/tr -d " " | /bin/grep "^uid:" | /bin/cut -b 5-`.split + if check.include?(username) then + true + else + false + end +end + +def ipaFirstName(name) + name.gsub(/\s+/m, ' ').strip.split(" ")[0] +end + +def ipaLastName(name) + name.gsub(/\s+/m, ' ').strip.split(" ")[-1] +end + +def ipaInitials(name) + ipaFirstName(name)[0].upcase + ipaLastName(name)[0].upcase +end + diff --git a/recipes/example.rb b/recipes/example.rb new file mode 100644 index 0000000..bf7f194 --- /dev/null +++ b/recipes/example.rb @@ -0,0 +1,17 @@ +# +# Cookbook Name:: freeipa +# Recipe:: default +# +# Copyright (C) 2016 YOUR_NAME +# +# All rights reserved - Do Not Redistribute +# + +freeipa_user "psi-jack" do + action :create +end + +freeipa_user "admin" do + action :create +end + diff --git a/resources/ipa_group.rb b/resources/group.rb similarity index 100% rename from resources/ipa_group.rb rename to resources/group.rb diff --git a/resources/ipa_user.rb b/resources/ipa_user.rb deleted file mode 100644 index 7d6c931..0000000 --- a/resources/ipa_user.rb +++ /dev/null @@ -1,36 +0,0 @@ -actions :create, :remove -default_action :create - -attribute :name, kind_of: String -attribute :firstname, kind_of: String -attribute :lastname, kind_of: String -attribute :fullname, kind_of: String -attribute :displayname, kind_of: String -attribute :homedir, kind_of: String -attribute :gecos, kind_of: String -attribute :email, kind_of: String -attribute :shell, kind_of: String -attribute :password, kind_of: String -attribute :uidnumber, kind_of: Integer -attribute :gidnumber, kind_of: Integer -attribute :create_group, kind_of: [TrueClass, FalseClass], default: true - -attribute :sshpubkey, kind_of: String - -attribute :street, kind_of: String -attribute :city, kind_of: String -attribute :state, kind_of: String -attribute :postal_code, kind_of: String -attribute :phone, kind_of: String -attribute :mobile, kind_of: String -attribute :pager, kind_of: String -attribute :fax, kind_of: String -attribute :carlicense, kind_of: String -attribute :orgunit, kind_of: String -attribute :title, kind_of: String -attribute :manager, kind_of: String -attribute :department_number, kind_of: String -attribute :employee_number, kind_of: String -attribute :employee_type, kind_of: String -attribute :preferred_langugae, kind_of: String - diff --git a/resources/user.rb b/resources/user.rb new file mode 100644 index 0000000..b78cf51 --- /dev/null +++ b/resources/user.rb @@ -0,0 +1,38 @@ +actions :create, :remove +default_action :create + +attribute :username, :kind_of => String, :name_attribute => true, :required => true +attribute :firstname, :kind_of => String +attribute :lastname, :kind_of => String +attribute :fullname, :kind_of => String +attribute :displayname, :kind_of => String +attribute :homedir, :kind_of => String +attribute :gecos, :kind_of => String +attribute :email, :kind_of => String +attribute :shell, :kind_of => String, :default => '/bin/bash' +attribute :password, :kind_of => String +attribute :uidnumber, :kind_of => Integer +attribute :gidnumber, :kind_of => Integer +attribute :usergroup, :kind_of => [TrueClass, FalseClass], :default => true + +attribute :sshpubkey, :kind_of => Array + +attribute :street, :kind_of => String +attribute :city, :kind_of => String +attribute :state, :kind_of => String +attribute :postal_code, :kind_of => String +attribute :phone, :kind_of => String +attribute :mobile, :kind_of => String +attribute :pager, :kind_of => String +attribute :fax, :kind_of => String +attribute :carlicense, :kind_of => String +attribute :orgunit, :kind_of => String +attribute :title, :kind_of => String +attribute :manager, :kind_of => String +attribute :department_number, :kind_of => String +attribute :employee_number, :kind_of => String +attribute :employee_type, :kind_of => String +attribute :preferred_langugae, :kind_of => String + +attr_accessor :exists #This is a standard ruby accessor, use this to set flags for current state. +