class Chef::Provider::User

Attributes

change_desc[RW]
locked[RW]
user_exists[RW]

Public Class Methods

new(new_resource, run_context) click to toggle source
Calls superclass method Chef::Provider::new
# File lib/chef/provider/user.rb, line 29
def initialize(new_resource, run_context)
  super
  @user_exists = true
  @locked = nil
  @shadow_lib_ok = true
  @group_name_resolved = true
end

Public Instance Methods

check_lock() click to toggle source
# File lib/chef/provider/user.rb, line 249
def check_lock
  raise NotImplementedError
end
compare_user() click to toggle source

Check to see if the user needs any changes

Returns

<true>

If a change is required

<false>

If the users are identical

# File lib/chef/provider/user.rb, line 149
def compare_user
  @change_desc = []
  if !new_resource.home.nil? && Pathname.new(new_resource.home).cleanpath != Pathname.new(current_resource.home).cleanpath
    @change_desc << "change homedir from #{current_resource.home} to #{new_resource.home}"
  end

  %i{comment shell password uid gid}.each do |user_attrib|
    new_val = new_resource.send(user_attrib)
    cur_val = current_resource.send(user_attrib)
    if !new_val.nil? && new_val.to_s != cur_val.to_s
      @change_desc << "change #{user_attrib} from #{cur_val} to #{new_val}"
    end
  end

  !@change_desc.empty?
end
convert_group_name() click to toggle source
# File lib/chef/provider/user.rb, line 37
def convert_group_name
  if new_resource.gid.is_a?(String) && new_resource.gid.to_i == 0
    new_resource.gid(TargetIO::Etc.getgrnam(new_resource.gid).gid)
  end
rescue ArgumentError
  @group_name_resolved = false
end
create_user() click to toggle source
# File lib/chef/provider/user.rb, line 229
def create_user
  raise NotImplementedError
end
define_resource_requirements() click to toggle source
# File lib/chef/provider/user.rb, line 119
def define_resource_requirements
  requirements.assert(:create, :modify, :manage, :lock, :unlock) do |a|
    a.assertion { @group_name_resolved }
    a.failure_message Chef::Exceptions::User, "Couldn't lookup integer GID for group name #{new_resource.gid}"
    a.whyrun "group name #{new_resource.gid} does not exist.  This will cause group assignment to fail.  Assuming this group will have been created previously."
  end
  requirements.assert(:all_actions) do |a|
    a.assertion { !supports_ruby_shadow? || @shadow_lib_ok }
    a.failure_message Chef::Exceptions::MissingLibrary, "You must have ruby-shadow installed for password support!"
    a.whyrun "ruby-shadow is not installed. Attempts to set user password will cause failure.  Assuming that this gem will have been previously installed." \
      "Note that user update converge may report false-positive on the basis of mismatched password. "
  end
  requirements.assert(:all_actions) do |a|
    # either neither linux-only value is set, or we need to be on Linux.
    a.assertion { (!new_resource.expire_date && !new_resource.inactive) || linux? }
    a.failure_message Chef::Exceptions::User, "Properties expire_date and inactive are not supported by this OS or have not been implemented for this OS yet."
    a.whyrun "Properties expire_date and inactive are ignored as they are not supported by this OS or have not been implemented yet for this OS"
  end
  requirements.assert(:modify, :lock, :unlock) do |a|
    a.assertion { @user_exists }
    a.failure_message(Chef::Exceptions::User, "Cannot modify user #{new_resource.username} - does not exist!")
    a.whyrun("Assuming user #{new_resource.username} would have been created")
  end
end
load_current_resource() click to toggle source
# File lib/chef/provider/user.rb, line 45
def load_current_resource
  @current_resource = Chef::Resource::User.new(new_resource.name)
  current_resource.username(new_resource.username)

  begin
    user_info = TargetIO::Etc.getpwnam(new_resource.username)
  rescue ArgumentError
    @user_exists = false
    logger.trace("#{new_resource} user does not exist")
    user_info = nil
  end

  if user_info
    current_resource.uid(user_info.uid)
    current_resource.gid(user_info.gid)
    current_resource.home(user_info.dir)
    current_resource.shell(user_info.shell)
    current_resource.password(user_info.passwd)

    if new_resource.comment
      user_info.gecos.force_encoding(new_resource.comment.encoding)
    end
    current_resource.comment(user_info.gecos)

    begin
      require "shadow"

      # Cannot use this library remotely
      @shadow_lib_ok = false if ChefConfig::Config.target_mode?
    rescue LoadError
      @shadow_lib_ok = false
    else
      @shadow_info = TargetIO::Shadow::Passwd.getspnam(new_resource.username)
      # This conditional remains in place until we can sort out whether we need it.
      # Currently removing it causes tests to fail, but that /seems/ to be mocking/setup issues.
      # Some notes for context:
      # 1. Ruby's ETC.getpwnam makes use of /etc/passwd file (https://github.com/ruby/etc/blob/master/ext/etc/etc.c),
      #    which returns "x" for a nil password. on AIX it returns a "*"
      #    (https://www.ibm.com/docs/bg/aix/7.2?topic=passwords-using-etcpasswd-file)
      # 2. On AIX platforms ruby_shadow does not work as it does not
      #    store encrypted passwords in the /etc/passwd file but in /etc/security/passwd file.
      #    The AIX provider for user currently declares it does not support ruby-shadow.
      if new_resource.password && current_resource.password == "x"
        current_resource.password(@shadow_info.sp_pwdp)
      end
    end

    convert_group_name if new_resource.gid
  end

  current_resource
end
load_shadow_options() click to toggle source
# File lib/chef/provider/user.rb, line 105
def load_shadow_options
  unless @shadow_info.nil?
    current_resource.inactive(@shadow_info.sp_inact&.to_i)
    # sp_expire gives time since epoch in days till expiration. Need to convert that
    # to time in seconds since epoch and output date format for comparison
    expire_date = if @shadow_info.sp_expire.nil?
                    @shadow_info.sp_expire
                  else
                    Time.at(@shadow_info.sp_expire * 60 * 60 * 24).strftime("%Y-%m-%d")
                  end
    current_resource.expire_date(expire_date)
  end
end
lock_user() click to toggle source
# File lib/chef/provider/user.rb, line 241
def lock_user
  raise NotImplementedError
end
manage_user() click to toggle source
# File lib/chef/provider/user.rb, line 237
def manage_user
  raise NotImplementedError
end
remove_user() click to toggle source
# File lib/chef/provider/user.rb, line 233
def remove_user
  raise NotImplementedError
end
supports_ruby_shadow?() click to toggle source

An overridable for platforms that do not support ruby shadow. This way we can verify that the platform supports ruby shadow before requiring that it be available.

# File lib/chef/provider/user.rb, line 101
def supports_ruby_shadow?
  true
end
unlock_user() click to toggle source
# File lib/chef/provider/user.rb, line 245
def unlock_user
  raise NotImplementedError
end

Private Instance Methods

should_set?(sym) click to toggle source

helpers for subclasses

# File lib/chef/provider/user.rb, line 259
def should_set?(sym)
  current_resource.send(sym).to_s != new_resource.send(sym).to_s && new_resource.send(sym)
end
updating_home?() click to toggle source
# File lib/chef/provider/user.rb, line 263
def updating_home?
  return false if new_resource.home.nil?
  return true if current_resource.home.nil?

  # Pathname#cleanpath matches more edge conditions than File.expand_path()
  new_resource.home && Pathname.new(current_resource.home).cleanpath != Pathname.new(new_resource.home).cleanpath
end