Work in progress

tree/30_generic_methods/user_group.cf

@@ -0,0 +1,98 @@
+#####################################################################################
+# Copyright 2020 Normation SAS
+#####################################################################################
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, Version 3.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#####################################################################################
+
+# @name User group
+# @description Define secondary group for a user
+# @documentation Ensure that a user is within a group
+#
+# #### Behavour
+#
+# Ensure that the user belongs in the given secondary group (non-exclusive)
+#
+# ##### Parameters
+#
+# `user`      : the user login
+# `group_name`: secondary group name the user should belong to (non-exclusive)
+#
+# #### Examples
+#
+# To ensure that user `test` belongs in group `dev`
+#
+# ```
+#  user_group("test", "99_rudder", "0", "")
+# ```
+# Note that it will make sure that user test is in group dev, but won't remove it
+# from other groups it may belong to
+#
+# @parameter user           User login
+# @parameter group_name     Secondary group name for the user
+# @class_prefix user_group
+# @class_parameter user
+
+
+
+bundle agent user_group(user, group_name) {
+  vars:
+      "old_class_prefix"      string => canonify("user_group_${user}");
+
+      "args"                   slist => { "${user}", "${group_name}" };
+      "report_param"          string => join("_", args);
+      "full_class_prefix"     string => canonify("user_group__${report_param}");
+      "class_prefix"          string => string_head("${full_class_prefix}", "1000");
+
+    user_exists.group_exists::
+      "groups_test"           string => execresult("/bin/id -Gn ${user}", "noshell");
+      "current_groups"         slist => string_split("${groups_test}", " ", "999999");
+
+    pass2.user_exists.group_exists.!within_group::
+      "expected_group_list"    slist => { @{current_groups}, ${group_name}};
+    pass2.user_exists.group_exists.within_group::
+      "expected_group_list"    slist => { @{current_groups} };
+
+  classes:
+      "user_exists"   expression => userexists("${user}");
+      "group_exists"  expression => groupexists("${group_name}");
+
+    pass1::
+      # check if the required group is in the current groups
+      "within_group"  expression => strcmp("${current_groups}", "${group_name}");  
+
+    any::
+      "pass3" expression => "pass2";
+      "pass2" expression => "pass1";
+      "pass1" expression => "any";
+
+  users:
+    pass3.user_exists.group_exists::
+      "${user}"
+                  policy => "present",
+        groups_secondary => { "@{expected_group_list}" },
+                 classes => classes_generic_two("${old_class_prefix}", "${class_prefix}");
+
+  methods:
+    !user_exists|!group_exists::
+      "error" usebundle => _classes_failure("${old_class_prefix}");
+      "error" usebundle => _classes_failure("${class_prefix}");
+
+      "report_failure"
+        usebundle => _log_v3("User ${user} or group ${group_name} don't exist,", "${user}", "${old_class_prefix}", "${class_prefix}", @{args});
+
+    pass3.user_exists.group_exists::
+      "report"
+        usebundle => _log_v3("Secondary group ${group_name} for user ${user}", "${user}", "${old_class_prefix}", "${class_prefix}", @{args});
+ }