Skip to content

REFERENCE.md

Latest commit

 

History

History
339 lines (196 loc) · 7.87 KB

REFERENCE.md

File metadata and controls

339 lines (196 loc) · 7.87 KB

Reference

Table of Contents

Classes

  • account: Parameters needed by defined types in this module

Defined types

Public Defined types

Private Defined types

  • account::user::splatnix: This is not intended to be used directly. Use account::user instead.
  • account::user::windows: This is not intended to be used directly. Use account::user instead.

Data types

Classes

account

There's no need to instantiate this class; it does nothing. It's used for setting parameters in hiera that account::user and friends can access.

Parameters

The following parameters are available in the account class:

common_shared_accounts

Data type: Array[String[1]]

An array of shared accounts to which all users will have their keys added.

Default value: []

cygwin

Data type: Boolean

Whether or not to use Cygwin on Windows. This defaults to the value of cygwin::enable in hiera, which is where you should set it. (It, in turn, defaults to false.)

Default value: lookup('cygwin::enable', Boolean, undef, false)

Defined types

account::grant::administrators

This takes all accounts in a specified group, and adds them to the Administrators group. On splatnix this does nothing.

Examples

Give all the sysadmins administrative access
account::grant::administrators { 'sysadmin': }

Parameters

The following parameters are available in the account::grant::administrators defined type:

to_group

Data type: String[1]

The group to give administrative access to. Generally, you should just use the title.

Default value: $title

account::grant::group

This grants all accounts with access to one group, access to another group.

Examples

Add all sysadmins to the adm group
account::grant::group { 'adm>sysadmin': }
Another way to add all sysadmins to the adm group
account::grant::group { 'give sysadmins adm access':
  new_group => 'adm',
  to_group  => 'sysadmin',
}

Parameters

The following parameters are available in the account::grant::group defined type:

new_group

Data type: String[1]

The new group. Generally, you should just use the title.

Default value: ('>')[0]

to_group

Data type: String[1]

The group that will get the new access. Generally, you should just use the title.

Default value: ('>')[1]

account::grant::rdp

This takes all accounts in a specified group, and adds them to the Remote Desktop Users group. On splatnix this does nothing.

Examples

Give all users RDP access
account::grant::rdp { 'Users': }

Parameters

The following parameters are available in the account::grant::rdp defined type:

to_group

Data type: String[1]

The group to give RDP access to. Generally, you should just use the title.

Default value: $title

account::user

Manage a user account

Parameters

The following parameters are available in the account::user defined type:

ensure

Data type: Enum['present', 'absent']

Whether to ensure the user is present or absent on the node.

Default value: 'present'

group

Data type: Optional[String[1]]

Primary group for the user.

Default value: undef

groups

Data type: Array[String[1]]

Secondary groups for the user. There is no distinction on Windows.

Default value: []

comment

Data type: Optional[String]

Comment field for the user. This is generally the user's name.

Default value: undef

shell

Data type: Stdlib::Unixpath

Full path to the user's preferred shell. This does nothing on Windows.

Default value: '/bin/bash'

home

Data type: Optional[Stdlib::Unixpath]

Full path to the user's home directory. This does nothing on Windows.

Default value: undef

home_source_module

Data type: Optional[String[1]]

A module that contains files to put in the user's home directory, e.g. .bashrc. By default, the home directory is just set up with a .README file that explains how to use this parameter.

The module is expected to have a directory named after the user at the top level that contains the user's files. For example, pass profile/users, then create a site/profile/files/luke/.bashrc file.

This does nothing on Windows.

Default value: undef

uid

Data type: Optional[Integer[1]]

User id number for the user. This does nothing on Windows.

Default value: undef

usekey

Data type: Boolean

Whether or not to manage SSH keys for the user. If this is false, then keys will not be added or removed.

You can still set up keys externally if $usekey is false.

This doesn't do anything on Windows; it is effectively always true.

Default value: true

key

Data type: Optional[Ssh::Key::String]

SSH public key. This must not contain the type or the comment — it's just the second part, after ssh-rsa or whatever your keytype is.

Default value: undef

keytype

Data type: Ssh::Key::Type

The type of your SSH key.

Default value: 'ssh-rsa'

expire

Data type: Optional[Account::Date]

When the user account expires in YYYY-MM-DD format.

Default value: undef

password

Data type: Optional[Sensitive]

A password for the user. If this is left undefined, you will simply not be able to use password authentication on splatnix (*nix: Linux, BSD, macOS, and Solaris).

You may specify this in hiera under account::user parameter. See the Passwords section in README.md.

Windows requires passwords. If it is not specified here or in hiera, this will remove the user account.

Default value: undef

shared_accounts

Data type: Array[String[1]]

An array of shared accounts to add the user's SSH key to. To activate, collect the Ssh::Authorized_key virtual resources in a profile, e.g:

Ssh::Authorized_key <| tag == "${shared_account}-keys" |>

See the Shared accounts section in README.md.

Default value: []

Data types

Account::Date

A date for the password expiration parameter

Alias of

Pattern[/\A\d{4}-\d{2}-\d{2}\z/]