diff --git a/lib/puppet/provider/aixobject.rb b/lib/puppet/provider/aixobject.rb index 98ac13bdf..ae5180d5e 100755 --- a/lib/puppet/provider/aixobject.rb +++ b/lib/puppet/provider/aixobject.rb @@ -1,282 +1,400 @@ # # Common code for AIX providers # # Author:: Hector Rivas Gandara # # class Puppet::Provider::AixObject < Puppet::Provider desc "User management for AIX! Users are managed with mkuser, rmuser, chuser, lsuser" # Constants # Loadable AIX I/A module for users and groups. By default we manage compat. # TODO:: add a type parameter to change this class << self attr_accessor :ia_module - end - - - # AIX attributes to properties mapping. Subclasses should rewrite them - # It is a list with of hash - # :aix_attr AIX command attribute name - # :puppet_prop Puppet propertie name - # :to Method to adapt puppet property to aix command value. Optional. - # :from Method to adapt aix command value to puppet property. Optional - class << self - attr_accessor :attribute_mapping + end + + # The real provider must implement these functions. + def lscmd(value=@resource[:name]) + raise Puppet::Error, "Method not defined #{@resource.class.name} #{@resource.name}: #{detail}" end - # Provider must implement these functions. def lscmd(value=@resource[:name]) raise Puppet::Error, "Method not defined #{@resource.class.name} #{@resource.name}: #{detail}" end def addcmd(extra_attrs = []) raise Puppet::Error, "Method not defined #{@resource.class.name} #{@resource.name}: #{detail}" end def modifycmd(attributes_hash) raise Puppet::Error, "Method not defined #{@resource.class.name} #{@resource.name}: #{detail}" end def deletecmd raise Puppet::Error, "Method not defined #{@resource.class.name} #{@resource.name}: #{detail}" end - # attribute_mapping class variable, + + # Valid attributes to be managed by this provider. + # It is a list of hashes + # :aix_attr AIX command attribute name + # :puppet_prop Puppet propertie name + # :to Optional. Method name that adapts puppet property to aix command value. + # :from Optional. Method to adapt aix command line value to puppet property. Optional class << self attr_accessor :attribute_mapping end def self.attribute_mapping_to if ! @attribute_mapping_to @attribute_mapping_to = {} attribute_mapping.each { |elem| attribute_mapping_to[elem[:puppet_prop]] = { :key => elem[:aix_attr], :method => elem[:to] } } end @attribute_mapping_to end def self.attribute_mapping_from if ! @attribute_mapping_from @attribute_mapping_from = {} attribute_mapping.each { |elem| attribute_mapping_from[elem[:aix_attr]] = { :key => elem[:puppet_prop], :method => elem[:from] } } end @attribute_mapping_from end - + # This functions translates a key and value using the given mapping. # Mapping can be nil (no translation) or a hash with this format # {:key => new_key, :method => translate_method} # It returns a list [key, value] - def self.translate_attr(key, value, mapping) + def translate_attr(key, value, mapping) return [key, value] unless mapping return nil unless mapping[key] if mapping[key][:method] new_value = method(mapping[key][:method]).call(value) else new_value = value end [mapping[key][:key], new_value] end + + # Gets the given command line argument for the given key, value and mapping. + def get_arg(key, value, mapping) + arg = nil + if ret = self.translate_attr(key, val, mapping) + new_key = ret[0] + new_val = ret[1] + + # Arrays are separated by commas + if new_val.is_a? Array + value = new_val.join(",") + else + value = new_val.to_s + end + + # Get the needed argument + if mapping[key][:to_arg] + arg = method(mapping[key][:to_arg]).call(new_key, value) + else + arg = (new_key.to_s + "=" + value ) + end + end + return arg + end + - #----- - # Convert a pair key-value using the + # Reads and attribute. + # Here we implement the default behaviour. + # Subclasses must reimplement this. + def load_attribute(key, value, mapping, objectinfo) + if mapping.nil? + objectinfo[key] = value + elsif mapping[key].nil? + # is not present in mapping, ignore it. + true + elsif mapping[key][:method].nil? + objectinfo[mapping[key][:key]] = value + elsif + objectinfo[mapping[key][:key]] = method(mapping[key][:method]).call(value) + end + + return objectinfo + end - # Parse AIX command attributes (string) and return provider hash + def get_arguments(key, value, mapping, objectinfo) + if mapping.nil? + new_key = key + new_value = value + elsif mapping[key].nil? + # is not present in mapping, ignore it. + new_key = nil + new_value = nil + elsif mapping[key][:method].nil? + new_key = mapping[key][:key] + new_value = value + elsif + new_key = mapping[key][:key] + new_value = method(mapping[key][:method]).call(value) + end + + # convert it to string + if new_val.is_a? Array + new_val = new_val.join(",") + else + new_val = new_val.to_s + end + + if new_key? + return [ "#{new_key}=#{new_value}" ] + else + return [] + end + end + + # Convert the provider properties to AIX command arguments (string) + # This function will translate each value/key and generate the argument. + # By default, arguments are created as aix_key=aix_value + def hash2args(hash, mapping=self.class.attribute_mapping_to) + return "" unless hash + arg_list = [] + hash.each {|key, val| + arg_list += self.get_arguments(key, val, mapping, hash) + } + arg_list + end + + # Parse AIX command attributes in a format of space separated of key=value + # pairs: "uid=100 groups=a,b,c" + # It returns and return provider hash. + # # If a mapping is provided, the keys are translated as defined in the # mapping hash. Only values included in mapping will be added # NOTE: it will ignore the items not including '=' - def self.attr2hash(str, mapping=attribute_mapping_from) + def parse_attr_list(str, mapping=self.class.attribute_mapping_from) properties = {} attrs = [] - if !str or (attrs = str.split()[0..-1]).empty? + if !str or (attrs = str.split()).empty? return nil end attrs.each { |i| if i.include? "=" # Ignore if it does not include '=' (key_str, val) = i.split('=') # Check the key if !key_str or key_str.empty? info "Empty key in string 'i'?" continue end - key = key_str.to_sym + key = key_str.downcase.to_sym - if ret = self.translate_attr(key, val, mapping) - new_key = ret[0] - new_val = ret[1] - - properties[new_key] = new_val - end + properties = self.load_attribute(key, val, mapping, properties) end } properties.empty? ? nil : properties end - # Convert the provider properties to AIX command attributes (string) - def self.hash2attr(hash, mapping=attribute_mapping_to) - return "" unless hash - attr_list = [] - hash.each {|key, val| - - if ret = self.translate_attr(key, val, mapping) - new_key = ret[0] - new_val = ret[1] - - # Arrays are separated by commas - if new_val.is_a? Array - value = new_val.join(",") - else - value = new_val.to_s - end - - attr_list << (new_key.to_s + "=" + value ) - end + # Parse AIX colon separated list of attributes, using given list of keys + # to name the attributes. This function is useful to parse the output + # of commands like lsfs -c: + # #MountPoint:Device:Vfs:Nodename:Type:Size:Options:AutoMount:Acct + # /:/dev/hd4:jfs2::bootfs:557056:rw:yes:no + # /home:/dev/hd1:jfs2:::2129920:rw:yes:no + # /usr:/dev/hd2:jfs2::bootfs:9797632:rw:yes:no + # + # If a mapping is provided, the keys are translated as defined in the + # mapping hash. Only values included in mapping will be added + # NOTE: it will ignore the items not including '=' + def parse_colon_list(str, key_list, mapping=self.class.attribute_mapping_from) + properties = {} + attrs = [] + if !str or (attrs = str.split(':')).empty? + return nil + end + + attrs.each { |val| + key = key_list.shift.downcase.to_sym + properties = self.load_attribute(key, val, mapping, properties) } - attr_list + properties.empty? ? nil : properties + + end + + # Default parsing function for colon separated list or attributte list + # (key=val pairs). It will choose the method depending of the first line. + # For the colon separated list it will: + # 1. Get keys from first line. + # 2. Parse next line. + def parse_command_output(output) + lines = output.split("\n") + # if it begins with #something:... is a colon separated list. + if lines[0] =~ /^#.*:/ + self.parse_colon_list(lines[1], lines[0][1..-1].split(':')) + else + self.parse_attr_list(lines[0]) + end end # Retrieve what we can about our object def getinfo(refresh = false) if @objectinfo.nil? or refresh == true # Execute lsuser, split all attributes and add them to a dict. begin - attrs = execute(self.lscmd).split("\n")[0] - @objectinfo = self.class.attr2hash(attrs) + @objectinfo = self.parse_command_output(execute(self.lscmd)) rescue Puppet::ExecutionFailure => detail - # Print error if needed - Puppet.debug "aix.getinfo(): Could not find #{@resource.class.name} #{@resource.name}: #{detail}" \ - unless detail.to_s.include? "User \"#{@resource.name}\" does not exist." + # Print error if needed. FIXME: Do not check the user here. + Puppet.debug "aix.getinfo(): Could not find #{@resource.class.name} #{@resource.name}: #{detail}" end end @objectinfo end + # List all elements of given type. It works for colon separated commands and + # list commands. + def list_all + names = [] + begin + output = execute(self.lsallcmd()).split('\n') + (output.select{ |l| l != /^#/ }).each { |v| + name = v.split(/[ :]/) + names << name if not name.empty? + } + rescue Puppet::ExecutionFailure => detail + # Print error if needed + Puppet.debug "aix.list_all(): Could not get all resources of type #{@resource.class.name}: #{detail}" + end + names + end + + #------------- # Provider API # ------------ # Clear out the cached values. def flush @property_hash.clear if @property_hash - @object_info.clear if @object_info + @objectinfo.clear if @objectinfo end # Check that the user exists def exists? !!getinfo(true) # !! => converts to bool end #- **ensure** # The basic state that the object should be in. Valid values are # `present`, `absent`, `role`. # From ensurable: exists?, create, delete def ensure if exists? :present else :absent end end # Return all existing instances # The method for returning a list of provider instances. Note that it returns # providers, preferably with values already filled in, not resources. def self.instances - objects = [] - execute(lscmd("ALL")).each { |entry| - objects << new(:name => entry.split(" ")[0], :ensure => :present) + objects=[] + self.list_all().each { |entry| + objects << new(:name => entry, :ensure => :present) } objects end def create if exists? info "already exists" # The object already exists return nil end begin execute(self.addcmd) rescue Puppet::ExecutionFailure => detail raise Puppet::Error, "Could not create #{@resource.class.name} #{@resource.name}: #{detail}" end end def delete unless exists? info "already absent" # the object already doesn't exist return nil end begin execute(self.deletecmd) rescue Puppet::ExecutionFailure => detail raise Puppet::Error, "Could not delete #{@resource.class.name} #{@resource.name}: #{detail}" end end #-------------------------------- # Call this method when the object is initialized, # create getter/setter methods for each property our resource type supports. # If setter or getter already defined it will not be overwritten def self.mk_resource_methods [resource_type.validproperties, resource_type.parameters].flatten.each do |prop| next if prop == :ensure define_method(prop) { get(prop) || :absent} unless public_method_defined?(prop) define_method(prop.to_s + "=") { |*vals| set(prop, *vals) } unless public_method_defined?(prop.to_s + "=") end end # # Define the needed getters and setters as soon as we know the resource type def self.resource_type=(resource_type) super mk_resource_methods end # Retrieve a specific value by name. def get(param) (hash = getinfo(false)) ? hash[param] : nil end # Set a property. def set(param, value) @property_hash[symbolize(param)] = value - # If value does not change, do not update. + + if getinfo().nil? + # This is weird... + raise Puppet::Error, "Trying to update parameter '#{param}' to '#{value}' for a resource that does not exists #{@resource.class.name} #{@resource.name}: #{detail}" + end if value == getinfo()[param.to_sym] return end #self.class.validate(param, value) - cmd = modifycmd({param => value}) - begin - execute(cmd) - rescue Puppet::ExecutionFailure => detail - raise Puppet::Error, "Could not set #{param} on #{@resource.class.name}[#{@resource.name}]: #{detail}" + + if cmd = modifycmd({param =>value}) + begin + execute(cmd) + rescue Puppet::ExecutionFailure => detail + raise Puppet::Error, "Could not set #{param} on #{@resource.class.name}[#{@resource.name}]: #{detail}" + end end # Refresh de info. hash = getinfo(true) end def initialize(resource) super @objectinfo = nil # FIXME: Initiallize this properly. self.class.ia_module="compat" end end -#end diff --git a/lib/puppet/provider/group/aix.rb b/lib/puppet/provider/group/aix.rb index bcb81e1c5..0c3122b86 100755 --- a/lib/puppet/provider/group/aix.rb +++ b/lib/puppet/provider/group/aix.rb @@ -1,76 +1,76 @@ # # Group Puppet provider for AIX. It uses standard commands to manage groups: # mkgroup, rmgroup, lsgroup, chgroup # # Author:: Hector Rivas Gandara # require 'puppet/provider/aixobject' Puppet::Type.type(:group).provide :aix, :parent => Puppet::Provider::AixObject do desc "Group management for AIX! Users are managed with mkgroup, rmgroup, lsgroup, chgroup" # Constants # Default extra attributes to add when element is created # registry=compat: Needed if you are using LDAP by default. @DEFAULT_EXTRA_ATTRS = [ "registry=compat", ] # This will the the default provider for this platform defaultfor :operatingsystem => :aix confine :operatingsystem => :aix # Provider features has_features :manages_members # Commands that manage the element commands :list => "/usr/sbin/lsgroup" commands :add => "/usr/bin/mkgroup" commands :delete => "/usr/sbin/rmgroup" commands :modify => "/usr/bin/chgroup" # AIX attributes to properties mapping. # # Valid attributes to be managed by this provider. # It is a list with of hash # :aix_attr AIX command attribute name # :puppet_prop Puppet propertie name # :to Method to adapt puppet property to aix command value. Optional. # :from Method to adapt aix command value to puppet property. Optional self.attribute_mapping = [ #:name => :name, {:aix_attr => :id, :puppet_prop => :gid }, {:aix_attr => :users, :puppet_prop => :members, :from => :users_from_attr}, ] #-------------- # Command lines def lscmd(value=@resource[:name]) [self.class.command(:list), "-R", self.class.ia_module , value] end def addcmd(extra_attrs = []) # Here we use the @resource.to_hash to get the list of provided parameters # Puppet does not call to self.= method if it does not exists. # # It gets an extra list of arguments to add to the user. [self.class.command(:add), "-R", self.class.ia_module ]+ self.class.hash2attr(@resource.to_hash) + extra_attrs + [@resource[:name]] end def modifycmd(hash = property_hash) [self.class.command(:modify), "-R", self.class.ia_module ]+ self.class.hash2attr(hash) + [@resource[:name]] end def deletecmd [self.class.command(:delete),"-R", self.class.ia_module, @resource[:name]] end # Force convert users it a list. - def self.users_from_attr(value) + def users_from_attr(value) (value.is_a? String) ? value.split(',') : value end end diff --git a/lib/puppet/provider/user/aix.rb b/lib/puppet/provider/user/aix.rb index ba95dbc49..4a5c4ee79 100755 --- a/lib/puppet/provider/user/aix.rb +++ b/lib/puppet/provider/user/aix.rb @@ -1,294 +1,299 @@ # # User Puppet provider for AIX. It uses standar commands to manage users: # mkuser, rmuser, lsuser, chuser # # Notes: # - AIX users can have expiry date defined with minute granularity, # but puppet does not allow it. There is a ticket open for that (#5431) # - AIX maximum password age is in WEEKs, not days # - I force the compat IA module. # # See http://projects.puppetlabs.com/projects/puppet/wiki/Development_Provider_Development # for more information # # Author:: Hector Rivas Gandara # # TODO:: # - Add new AIX specific attributes, specilly registry and SYSTEM. # require 'puppet/provider/aixobject' require 'tempfile' require 'date' Puppet::Type.type(:user).provide :aix, :parent => Puppet::Provider::AixObject do desc "User management for AIX! Users are managed with mkuser, rmuser, chuser, lsuser" # Constants # Default extra attributes to add when element is created # registry=compat SYSTEM=compat: Needed if you are using LDAP by default. - @DEFAULT_EXTRA_ATTRS = [ "registry=compat", " SYSTEM=compat" ] + @DEFAULT_EXTRA_ATTRS = [ "registry=compat", "SYSTEM=compat" ] # This will the the default provider for this platform defaultfor :operatingsystem => :aix confine :operatingsystem => :aix # Commands that manage the element - commands :lsgroup => "/usr/sbin/lsgroup" - commands :list => "/usr/sbin/lsuser" commands :add => "/usr/bin/mkuser" commands :delete => "/usr/sbin/rmuser" commands :modify => "/usr/bin/chuser" + + commands :lsgroup => "/usr/sbin/lsgroup" commands :chpasswd => "/bin/chpasswd" # Provider features - has_features :manages_homedir, :manages_passwords, :manages_expiry, :manages_password_age + has_features :manages_homedir, :manages_passwords + has_features :manages_expiry, :manages_password_age # Attribute verification (TODO) #verify :gid, "GID must be an string or int of a valid group" do |value| # value.is_a? String || value.is_a? Integer #end # #verify :groups, "Groups must be comma-separated" do |value| # value !~ /\s/ #end # AIX attributes to properties mapping. # # Valid attributes to be managed by this provider. # It is a list with of hash # :aix_attr AIX command attribute name # :puppet_prop Puppet propertie name # :to Method to adapt puppet property to aix command value. Optional. # :from Method to adapt aix command value to puppet property. Optional self.attribute_mapping = [ #:name => :name, {:aix_attr => :pgrp, :puppet_prop => :gid, :to => :gid_to_attr, :from => :gid_from_attr}, {:aix_attr => :id, :puppet_prop => :uid}, {:aix_attr => :groups, :puppet_prop => :groups}, {:aix_attr => :home, :puppet_prop => :home}, {:aix_attr => :shell, :puppet_prop => :shell}, {:aix_attr => :expires, :puppet_prop => :expiry, :to => :expiry_to_attr, :from => :expiry_from_attr}, {:aix_attr => :maxage, :puppet_prop => :password_max_age}, {:aix_attr => :minage, :puppet_prop => :password_min_age}, ] #-------------- # Command lines - def self.lsgroupscmd(value=@resource[:name]) - [command(:lsgroup),"-R", ia_module, "-a", "id", value] + def lsgroupscmd(value=@resource[:name]) + [command(:lsgroup),"-R", self.class.ia_module, "-a", "id", value] end def lscmd(value=@resource[:name]) [self.class.command(:list), "-R", self.class.ia_module , value] end + def lsallcmd() + lscmd("ALL") + end + def addcmd(extra_attrs = []) # Here we use the @resource.to_hash to get the list of provided parameters # Puppet does not call to self.= method if it does not exists. # # It gets an extra list of arguments to add to the user. [self.class.command(:add), "-R", self.class.ia_module ]+ self.class.hash2attr(@resource.to_hash) + extra_attrs + [@resource[:name]] end def modifycmd(hash = property_hash) [self.class.command(:modify), "-R", self.class.ia_module ]+ self.class.hash2attr(hash) + [@resource[:name]] end def deletecmd [self.class.command(:delete),"-R", self.class.ia_module, @resource[:name]] end #-------------- # We overwrite the create function to change the password after creation. def create super # Reset the password if needed self.password = @resource[:password] if @resource[:password] end # Get the groupname from its id def self.groupname_by_id(gid) groupname=nil execute(lsgroupscmd("ALL")).each { |entry| - attrs = attr2hash(entry, nil) + attrs = parse_attr_list(entry, nil) if attrs and attrs.include? :id and gid == attrs[:id].to_i groupname = entry.split(" ")[0] end } groupname end # Get the groupname from its id - def self.groupid_by_name(groupname) - attrs = attr2hash(execute(lsgroupscmd(groupname)).split("\n")[0], nil) + def groupid_by_name(groupname) + attrs = parse_attr_list(execute(lsgroupscmd(groupname)).split("\n")[0], nil) attrs ? attrs[:id].to_i : nil end # Check that a group exists and is valid - def self.verify_group(value) + def verify_group(value) if value.is_a? Integer or value.is_a? Fixnum groupname = self.groupname_by_id(value) raise ArgumentError, "AIX group must be a valid existing group" unless groupname else raise ArgumentError, "AIX group must be a valid existing group" unless groupid_by_name(value) groupname = value end groupname end # The user's primary group. Can be specified numerically or by name. - def self.gid_to_attr(value) + def gid_to_attr(value) verify_group(value) end - def self.gid_from_attr(value) + def gid_from_attr(value) groupid_by_name(value) end # The expiry date for this user. Must be provided in # a zero padded YYYY-MM-DD HH:MM format - def self.expiry_to_attr(value) + def expiry_to_attr(value) # For chuser the expires parameter is a 10-character string in the MMDDhhmmyy format # that is,"%m%d%H%M%y" newdate = '0' if value.is_a? String and value!="0000-00-00" d = DateTime.parse(value, "%Y-%m-%d %H:%M") newdate = d.strftime("%m%d%H%M%y") end newdate end - def self.expiry_from_attr(value) + def expiry_from_attr(value) if value =~ /(..)(..)(..)(..)(..)/ #d= DateTime.parse("20#{$5}-#{$1}-#{$2} #{$3}:#{$4}") #expiry_date = d.strftime("%Y-%m-%d %H:%M") #expiry_date = d.strftime("%Y-%m-%d") expiry_date = "20#{$5}-#{$1}-#{$2}" else Puppet.warn("Could not convert AIX expires date '#{value}' on #{@resource.class.name}[#{@resource.name}]") \ unless value == '0' expiry_date = :absent end expiry_date end #-------------------------------- # Getter and Setter # When the provider is initialized, create getter/setter methods for each # property our resource type supports. # If setter or getter already defined it will not be overwritten #- **password** # The user's password, in whatever encrypted format the local machine # requires. Be sure to enclose any value that includes a dollar sign ($) # in single quotes ('). Requires features manages_passwords. # # Retrieve the password parsing directly the /etc/security/passwd def password password = :absent user = @resource[:name] f = File.open("/etc/security/passwd", 'r') # Skip to the user f.each { |l| break if l =~ /^#{user}:\s*$/ } if ! f.eof? f.each { |l| # If there is a new user stanza, stop break if l =~ /^\S*:\s*$/ # If the password= entry is found, return it if l =~ /^\s*password\s*=\s*(.*)$/ password = $1; break; end } end f.close() return password end def password=(value) user = @resource[:name] # Puppet execute does not support strings as input, only files. tmpfile = Tempfile.new('puppet_#{user}_pw') tmpfile << "#{user}:#{value}\n" tmpfile.close() # Options '-e', '-c', use encrypted password and clear flags # Must receibe "user:enc_password" as input # command, arguments = {:failonfail => true, :combine => true} cmd = [self.class.command(:chpasswd),"-R", ia_module, '-e', '-c', user] begin execute(cmd, {:failonfail => true, :combine => true, :stdinfile => tmpfile.path }) rescue Puppet::ExecutionFailure => detail raise Puppet::Error, "Could not set #{param} on #{@resource.class.name}[#{@resource.name}]: #{detail}" ensure tmpfile.delete() end end #- **comment** # A description of the user. Generally is a user's full name. #def comment=(value) #end # #def comment #end # UNSUPPORTED #- **profile_membership** # Whether specified roles should be treated as the only roles # of which the user is a member or whether they should merely # be treated as the minimum membership list. Valid values are # `inclusive`, `minimum`. # UNSUPPORTED #- **profiles** # The profiles the user has. Multiple profiles should be # specified as an array. Requires features manages_solaris_rbac. # UNSUPPORTED #- **project** # The name of the project associated with a user Requires features # manages_solaris_rbac. # UNSUPPORTED #- **role_membership** # Whether specified roles should be treated as the only roles # of which the user is a member or whether they should merely # be treated as the minimum membership list. Valid values are # `inclusive`, `minimum`. # UNSUPPORTED #- **roles** # The roles the user has. Multiple roles should be # specified as an array. Requires features manages_solaris_rbac. # UNSUPPORTED #- **key_membership** # Whether specified key value pairs should be treated as the only # attributes # of the user or whether they should merely # be treated as the minimum list. Valid values are `inclusive`, # `minimum`. # UNSUPPORTED #- **keys** # Specify user attributes in an array of keyvalue pairs Requires features # manages_solaris_rbac. # UNSUPPORTED #- **allowdupe** # Whether to allow duplicate UIDs. Valid values are `true`, `false`. # UNSUPPORTED #- **auths** # The auths the user has. Multiple auths should be # specified as an array. Requires features manages_solaris_rbac. # UNSUPPORTED #- **auth_membership** # Whether specified auths should be treated as the only auths # of which the user is a member or whether they should merely # be treated as the minimum membership list. Valid values are # `inclusive`, `minimum`. # UNSUPPORTED end