Ben Vincent
cf0ff85b70
- prevent different gid/uid for git users when deploying cluster - only add sudo conf when sudo_rules is a list Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/339
48 lines
1.3 KiB
Puppet
48 lines
1.3 KiB
Puppet
# a wrapper for puppetlabs-account and saz-sudo
|
|
define profiles::base::account (
|
|
String $username,
|
|
Optional[Integer] $uid = undef,
|
|
Optional[Integer] $gid = undef,
|
|
Boolean $manage_home = true,
|
|
Boolean $create_group = true,
|
|
Boolean $purge_sshkeys = true,
|
|
Boolean $system = false,
|
|
Boolean $locked = false,
|
|
String $password = '!!',
|
|
Boolean $ignore_pass = false,
|
|
Array[String] $groups = [],
|
|
Array[String] $sshkeys = [],
|
|
String $shell = '/usr/bin/bash',
|
|
Optional[Array[String]] $sudo_rules = undef,
|
|
) {
|
|
|
|
# Set gid to uid if gid is undef
|
|
$final_gid = $gid ? {
|
|
undef => $uid,
|
|
default => $gid,
|
|
}
|
|
|
|
# Manage user
|
|
accounts::user { $username:
|
|
uid => $uid,
|
|
gid => $final_gid,
|
|
shell => $shell,
|
|
groups => $groups,
|
|
sshkeys => $sshkeys,
|
|
system => $system,
|
|
locked => $locked,
|
|
password => $password,
|
|
create_group => $create_group,
|
|
managehome => $manage_home,
|
|
purge_sshkeys => $purge_sshkeys,
|
|
ignore_password_if_empty => $ignore_pass,
|
|
}
|
|
|
|
# Manage sudo rules
|
|
if $sudo_rules {
|
|
sudo::conf { "${username}_sudo":
|
|
content => $sudo_rules,
|
|
}
|
|
}
|
|
}
|