puppet-prod/site/profiles/manifests/base/account.pp

# a wrapper for puppetlabs-account and saz-sudo
define profiles::base::account (
  String $username,
  Optional[Integer] $uid = undef,
  Optional[Integer] $gid = undef,
  Boolean $manage_home = true,
  Boolean $create_group = true,
  Boolean $purge_sshkeys = true,
  Boolean $system = false,
  Boolean $locked = false,
  String $password = '!!',
  Boolean $ignore_pass = false,
  Array[String] $groups = [],
  Array[String] $sshkeys = [],
  Array[String] $sudo_rules = [],
  String $shell = '/usr/bin/bash',
) {

  # Set gid to uid if gid is undef
  $final_gid = $gid ? {
    undef   => $uid,
    default => $gid,
  }

  # Manage user
  accounts::user { $username:
    uid                      => $uid,
    gid                      => $final_gid,
    shell                    => $shell,
    groups                   => $groups,
    sshkeys                  => $sshkeys,
    system                   => $system,
    locked                   => $locked,
    password                 => $password,
    create_group             => $create_group,
    managehome               => $manage_home,
    purge_sshkeys            => $purge_sshkeys,
    ignore_password_if_empty => $ignore_pass,
  }

  # Manage sudo rules
  sudo::conf { "${username}_sudo":
    content => $sudo_rules,
  }
}