Merge pull request #10 from jlambert121/remove_users

cleanup unused users, root pw, ohshit user

.fixtures.yml

@@ -1,7 +1,8 @@
 fixtures:
   repositories:
-    beaver: git://github.com/evenup/evenup-beaver.git
-    concat: git://github.com/ripienaar/puppet-concat.git
+    account: https://github.com/torrancew/puppet-account.git
+    beaver: https://github.com/evenup/evenup-beaver.git
+    concat: https://github.com/ripienaar/puppet-concat.git
   symlinks:
     common: "#{source_dir}"
 

CHANGELOG

@@ -4,6 +4,8 @@ v0.3.0:
 v0.2.0:
   Secure RH init scripts
   Add option for beaver log shipping
+  Add ability to set root PW and create an "ohshit" user
+  Cleanup unused users from default install
 v0.1.11:
   Add default bash PS1 prompt
 v0.1.10:

manifests/users.pp

@@ -0,0 +1,59 @@
+# Moved to their own class to set stage
+class common::users (
+  $root_pw    = undef,
+  $ohshit_pw  = undef,
+  $ohshit_key = undef,
+){
+
+  if $root_pw {
+    account { 'root':
+      home_dir  => '/root',
+      password  => $root_pw,
+    }
+  }
+
+  if $ohshit_pw {
+    account { 'ohshit':
+      ensure        => 'present',
+      comment       => 'Emergency Backup User',
+      uid           => '999',
+      create_group  => true,
+      groups        => [ 'wheel' ],
+      password      => $ohshit_pw,
+      home_dir      => '/home/.ohshit',
+      shell         => '/bin/bash',
+      manage_home   => true,
+      ssh_key       => $ohshit_key,
+    }
+  }
+
+  # Clean users/groups  Easiest way to make sure users before groups, just chain them
+  user { 'bin': ensure => 'absent'} ->
+  user { 'games': ensure => 'absent'} ->
+  user { 'gopher': ensure => 'absent'} ->
+  user { 'uucp': ensure => 'absent'} ->
+  user { 'adm': ensure => 'absent'} ->
+  user { 'lp': ensure => 'absent'} ->
+  user { 'shutdown': ensure => 'absent'} ->
+  user { 'halt': ensure => 'absent'} ->
+  user { 'mail': ensure => 'absent'} ->
+  user { 'sync': ensure => 'absent'} ->
+  user { 'ftp': ensure => 'absent'} ->
+  user { 'vcsa': ensure => 'absent'} ->
+  group { 'adm': ensure => 'absent'} ->
+  group { 'lp': ensure => 'absent'} ->
+  group { 'news': ensure => 'absent'} ->
+  group { 'uucp': ensure => 'absent'} ->
+  group { 'games': ensure => 'absent'} ->
+  group { 'dip': ensure => 'absent'} ->
+  group { 'popusers': ensure => 'absent'} ->
+  group { 'video': ensure => 'absent'} ->
+  group { 'ftp': ensure => 'absent'} ->
+  group { 'audio': ensure => 'absent'} ->
+  group { 'floppy': ensure => 'absent'} ->
+  group { 'vcsa': ensure => 'absent'} ->
+  group { 'cdrom': ensure => 'absent'} ->
+  group { 'tape': ensure => 'absent'} ->
+  group { 'dialout': ensure => 'absent'}
+
+}

spec/classes/common_users_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe 'common::users', :type => :class do
+  let(:facts) { { :concat_basedir => '/var/lib/puppet/concat' } }
+
+  describe "no parameters" do
+    it { should create_class('common::users') }
+    it { should_not contain_account('root') }
+    it { should_not contain_account('ohshit') }
+
+    # just make sure one works
+    it { should contain_user('bin').with_ensure('absent') }
+    it { should contain_group('adm').with_ensure('absent') }
+  end
+
+  describe 'root_pw' do
+    let(:params) { { :root_pw => 'asdf' } }
+    it { should contain_account('root').with_password('asdf') }
+    it { should_not contain_account('ohshit') }
+  end
+
+  describe 'ohshit_pw' do
+    let(:params) { { :ohshit_pw => 'asdf' } }
+    it { should contain_account('ohshit').with_password('asdf').with_key(nil) }
+
+    describe 'ohshit_key' do
+      let(:params) { { :ohshit_pw => 'asdf', :ohshit_key => 'biglongstring' } }
+      it { should contain_account('ohshit').with_password('asdf').with_ssh_key('biglongstring') }
+    end
+  end
+
+end