This change implements the adduser behavior when using the -U, --user-group flag:
As your cookbook is implemented, a gid can only be used in a data_bag item if it already exists in /etc/group. I couldn't see how to create a group using your recipes (I may just be dumb, though).
With my change, your cookbook create a distinct initial login group for each user account that it creates. In fact, the gid must not exist if the uid does not exist -- this is bad for folks doing something like a wheel group for all sysadmin users. An attempt to reuse a gid or to not supply one leads to failure.
It would be wonderful if you could generalize this somehow. I realize that my change won't support every use case, so you may not want to use my change directly. In system builds such as ours, an application installation user account is always in a default group of the same name. E.g., apache:apache, tomcat:tomcat, postgres:postgres, etc.
Thanks for a very useful cookbook,
Explicit gid supported (probably required)
@davidc-donorschoose I've just become a collaborator on this project. Sorry for the delay. I think that we now have this functionality in the user cookbook. I'm going to close this PR at this time. If you think some of these changes are still needed, please rebase and open a new PR.