Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x
- Puppet >= 6.0.0 < 8.0.0
- , , , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'puppetlabs-accounts', '7.1.1'
Learn more about managing modules with a PuppetfileDocumentation
accounts
Table of Contents
- Description
- Setup - The basics of getting started with accounts
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
* [Data Types](#data-types)
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Description
The accounts module manages resources related to login and service accounts.
This module works on many UNIX/Linux operating systems. It does not support configuring accounts on Microsoft Windows platforms.
Setup
Beginning with accounts
Declare the accounts
class in a Puppet-managed node's manifest:
node default {
accounts::user { 'dan': }
accounts::user { 'morgan': }
}
The above example creates accounts, home directories, and groups for Dan and Morgan.
Usage
Declare user accounts
accounts::user { 'bob':
uid => '4001',
gid => '4001',
group => 'staff',
shell => '/bin/bash',
password => '!!',
locked => false,
}
Customize the home directory
A simple bashrc and bash_profile rc file is managed by Puppet for each account. These rc files add some simple aliases, update the prompt, add ~/bin to the path, and source the following files (which are not managed by this module) in the following order:
/etc/bashrc
/etc/bashrc.puppet
~/.bashrc.custom
Account holders can customize their shells by managing their bashrc.custom files. In addition, the system administrator can make profile changes that affect all accounts with a bash shell by managing the '/etc/bashrc.puppet' file.
To install an email foward, configure the .forward
file by using the forward_content
or forward_source
parameters.
Lock accounts
Lock accounts by setting the locked
parameter of an account to true.
For example:
accounts::user { 'villain':
comment => 'Bad Person',
locked => true
}
The accounts module sets the account to an invalid shell appropriate for the system Puppet is managing and displays the following message if a user tries to access the account:
$ ssh villain@centos56
This account is currently not available.
Connection to 172.16.214.129 closed.
Manage SSH keys
Manage SSH keys with the sshkeys
attribute of the accounts::user
defined type. This parameter accepts an array of public key contents as strings.
Example:
accounts::user { 'jeff':
comment => 'Jeff McCune',
groups => [
'admin',
'sudonopw',
],
uid => '1112',
gid => '1112',
sshkeys => [
'ssh-rsa AAAAB3Nza...== jeff@puppetlabs.com',
'ssh-dss AAAAB3Nza...== jeff@metamachine.net',
],
}
The module supports placing sshkeys in a custom location. If you specify a value
for the sshkey_custom_path
attribute of the accounts::user
defined type, the
module will place the keys in the specified file. The module will only manage
the specified file and not the full path. If you set purge_sshkeys
to true, and
you have also set a custom path, it will only purge the ssh keys in the custom path.
Example:
accounts::user { 'gerrard':
sshkey_custom_path => '/var/lib/ssh/gerrard/authorized_keys',
sshkey_group => 'root',
sshkey_owner => 'root',
shell => '/bin/zsh',
comment => 'Gerrard Geldenhuis',
groups => [
'engineering',
'automation',
],
uid => '1117',
gid => '1117',
sshkeys => [
'ssh-rsa AAAAB9Aza...== gerrard@dirtyfruit.co.uk',
'ssh-dss AAAAB9Aza...== gerrard@dojo.training',
],
password => '!!',
}
Setting sshkey_custom_path
is typically associated with setting AuthorizedKeysFile /var/lib/ssh/%u/authorized_keys
in your sshd config file.
Data in Hiera
The accounts module supports storing all account data in Hiera.
Example:
accounts::group_defaults:
system: true
accounts::group_list:
admins: {}
users: {}
accounts::user_defaults:
groups: [ 'users' ]
managehome: true
system: false
accounts::user_list:
admin:
groups: ['admins', 'users']
joe:
sshkeys:
- &joe_sshkey 'ssh-rsa ... joe@corp.com'
sally:
sshkeys:
- &sally_sshkey 'ssh-rsa ... sally@corp.com'
dba:
sshkeys:
- *joe_sshkey
- *sally_sshkey
system: true
include ::accounts
Reference
See REFERENCE.md
Data types
Accounts::Group::Hash
A hash of group
data suitable for passing as the second parameter to ensure_resources
.
Accounts::Group::Provider
The allowed values for the provider
attribute. Currently, this is:
aix
directoryservice
groupadd
ldap
pw
windows_adsi
Accounts::Group::Resource
A struct of group
attributes suitable for passing as the third parameter to ensure_resource
.
Accounts::User::Expiry
Allows either 'absent'
or a YYY-MM-DD
datestring.
Accounts::User::Hash
A hash of user
data suitable for passing as the second parameter to ensure_resources
.
Accounts::User::Iterations
The iterations
attribute allows any positive integer, optionally expressed as a string.
Accounts::User::Name
Allows strings up to 32 characters long that begin with a lower case letter or underscore, followed by lower case letters, digits, underscores, or dashes, and optionally ending in a dollar sign. See useradd(8)
Accounts::User::PasswordMaxAge
Maximum number of days a password may be used before it must be changed. Allows any integer from 0
to 99999
. See user
resource.
Accounts::User::Resource
A struct of user
attributes suitable for passing as the third parameter to ensure_resource
.
Accounts::User::Uid
Allows any integer from 0
to 4294967295
(232 - 1), optionally expressed as a string.
Limitations
For an extensive list of supported operating systems, see metadata.json
Changes from pe_accounts
The accounts module is designed to take the place of the pe_accounts module that shipped with PE versions 2015.2 and earlier. Some of the changes include the removal of the base class, improving the validation, and allowing more flexibility regarding which files should or should not be managed in a user's home directory.
For example, the .bashrc and .bash_profile files are not managed by default but allow custom content to be passed in using the bashrc_content
and bash_profile_content
parameters. The content for these two files as managed by pe_accounts can continue to be used by passing bashrc_content => file('accounts/shell/bashrc')
and bash_profile_content => file('accounts/shell/bash_profile')
to the accounts::user
defined type.
Development
Acceptance tests for this module leverage puppet_litmus. To run the acceptance tests follow the instructions here. You can also find a tutorial and walkthrough of using Litmus and the PDK on YouTube.
If you run into an issue with this module, or if you would like to request a feature, please file a ticket. Every Monday the Puppet IA Content Team has office hours in the Puppet Community Slack, alternating between an EMEA friendly time (1300 UTC) and an Americas friendly time (0900 Pacific, 1700 UTC).
If you have problems getting this module up and running, please contact Support.
If you submit a change to this module, be sure to regenerate the reference documentation as follows:
puppet strings generate --format markdown --out REFERENCE.md
Reference
Table of Contents
Classes
accounts
: This class auto-creates user and group resources from hiera data.accounts::user::defaults
: Load some user defaults from hiera data.
Defined types
Public Defined types
accounts::user
: This resource manages the user, group, vim/, .ssh/, .bash_profile, .bashrc, homedir, .ssh/authorized_keys files, and directories.
Private Defined types
accounts::home_dir
: This resource specifies how home directories are managed.accounts::key_management
: This resource specifies where ssh keys are managed.accounts::manage_keys
: This resource manages ssh keys for a user.
Functions
accounts_ssh_authorized_keys_line_parser
: Parse an ssh authorized_keys line string into an array using its expected pattern by using a combination of regex matching and extracting theaccounts_ssh_options_parser
: Parse an ssh authorized_keys option string into an array using its expected pattern which matches a crazy regex slightly modified from shell
Data types
Accounts::Group::Hash
: A hash of group resources, keyed by group name.Accounts::Group::Provider
: The specific backend to use for this group resource.Accounts::Group::Resource
: A hash of group attributes.Accounts::User::Expiry
: Account access will be denied after this date.Accounts::User::Hash
: A hash of user resources, keyed by user name.Accounts::User::Iterations
: Chained computation iterations for the PBKDF2 password hash.Accounts::User::Name
: Each user or group should have a unique alphanumeric name.Accounts::User::PasswordMaxAge
: Maximum days between password changes.Accounts::User::Resource
: A hash of user attributes.Accounts::User::Uid
: Each user on a system should have a unique numeric uid.
Classes
accounts
This class auto-creates user and group resources from hiera data.
Parameters
The following parameters are available in the accounts
class:
group_defaults
Data type: Accounts::Group::Resource
Hash of default attributes for group resources managed by this class.
Default value: {}
group_list
Data type: Accounts::Group::Hash
Hash of group resources for this class to manage. The hash is keyed by group name.
Default value: {}
user_defaults
Data type: Accounts::User::Resource
Hash of default attributes for accounts::user resources managed by this class.
Default value: {}
user_list
Data type: Accounts::User::Hash
Hash of accounts::user resources for this class to manage. The hash is keyed by user name.
Default value: {}
accounts::user::defaults
Load some user defaults from hiera data.
Parameters
The following parameters are available in the accounts::user::defaults
class:
home_template
Data type: Stdlib::AbsolutePath
The sprintf template used to determine a user's home directory.
Default value: '/home/%s'
locked_shell
Data type: Stdlib::AbsolutePath
The shell assigned to locked user accounts.
Default value: '/sbin/nologin'
root_home
Data type: Stdlib::AbsolutePath
The home directory of the root user.
Default value: '/root'
Defined types
accounts::user
This resource manages the user, group, vim/, .ssh/, .bash_profile, .bashrc, homedir, .ssh/authorized_keys files, and directories.
Examples
Basic usage
accounts::user { 'bob':
uid => '4001',
gid => '4001',
group => 'staff',
shell => '/bin/bash',
password => '!!',
locked => false,
}
Parameters
The following parameters are available in the accounts::user
defined type:
ensure
allowdupe
bash_profile_content
bash_profile_source
bashrc_content
bashrc_source
comment
create_group
expiry
forcelocal
forward_content
forward_source
gid
group
groups
home
home_mode
ignore_password_if_empty
iterations
locked
managehome
managevim
membership
name
password
password_max_age
purge_sshkeys
purge_user_home
salt
shell
sshkey_custom_path
sshkey_group
sshkey_owner
sshkey_mode
sshkeys
system
uid
ensure
Data type: Enum['absent','present']
Specifies whether the user, its primary group, homedir, and ssh keys should exist. Valid values are 'present' and 'absent'. Note that when a user is created, a group with the same name as the user is also created.
Default value: 'present'
allowdupe
Data type: Boolean
Whether to allow duplicate UIDs. By default false
Default value: false
bash_profile_content
Data type: Optional[String]
The content to place in the user's ~/.bash_profile file. Mutually exclusive to bash_profile_source.
Default value: undef
bash_profile_source
Data type: Optional[Stdlib::Filesource]
A source file containing the content to place in the user's ~/.bash_profile file. Mutually exclusive to bash_profile_content.
Default value: undef
bashrc_content
Data type: Optional[String]
The content to place in the user's ~/.bashrc file. Mutually exclusive to bashrc_source.
Default value: undef
bashrc_source
Data type: Optional[Stdlib::Filesource]
A source file containing the content to place in the user's ~/.bashrc file. Mutually exclusive to bashrc_content.
Default value: undef
comment
Data type: String
A comment describing or regarding the user.
Default value: $name
create_group
Data type: Boolean
Specifies if you want to create a group with the user's name.
Default value: true
expiry
Data type: Optional[Accounts::User::Expiry]
Specifies the date the user account expires on. Valid values: YYYY-MM-DD date format, or 'absent' to remove expiry date.
Default value: undef
forcelocal
Data type: Optional[Boolean]
Specifies whether you want to manage a local user/group that is also managed by a network name service.
Default value: undef
forward_content
Data type: Optional[String]
The content to place in the user's ~/.forward file. Mutually exclusive to forward_source.
Default value: undef
forward_source
Data type: Optional[Stdlib::Filesource]
A source file containing the content to place in the user's ~/.forward file. Mutually exclusive to forward_content.
Default value: undef
gid
Data type: Optional[Accounts::User::Uid]
Specifies the gid of the user's primary group. Must be specified numerically.
Default value: undef
group
Data type: Accounts::User::Name
Specifies the name of the user's primary group. By default, this uses a group named the same as user name
Default value: $name
groups
Data type: Array[Accounts::User::Name]
Specifies the user's group memberships.
Default value: []
home
Data type: Optional[Stdlib::Unixpath]
Specifies the path to the user's home directory.
-
Linux, non-root user: '/home/$name'
-
Linux, root user: '/root'
-
Solaris, non-root user: '/export/home/$name'
-
Solaris, root user: '/'
Default value: undef
home_mode
Data type: Optional[Stdlib::Filemode]
Manages the user's home directory permission mode. Valid values are in octal notation, specified as a string. Defaults to undef, which creates a home directory with 0700 permissions. It does not touch them if the directory already exists. Keeping it undef also allows a user to manage their own permissions. If home_mode is set, Puppet enforces the permissions on every run.
Default value: undef
ignore_password_if_empty
Data type: Boolean
Specifies whether an empty password attribute should be ignored. If set to true, a password attribute that is defined but set to the empty string is ignored, allowing the password to be managed outside of this Puppet module. If set to false, it sets the password to an empty value.
Default value: false
iterations
Data type: Optional[Accounts::User::Iterations]
This is the number of iterations of a chained computation of the PBKDF2 password hash. This field is required for managing passwords on OS X >= 10.8.
Default value: undef
locked
Data type: Boolean
Specifies whether the account should be locked and the user prevented from logging in. Set to true for users whose login privileges have been revoked.
Default value: false
managehome
Data type: Boolean
Specifies whether the user's home directory should be created when adding a user.
Default value: true
managevim
Data type: Boolean
Specifies whether or not the .vim folder should be created within the managed accounts home directory.
Default value: true
membership
Data type: Enum['inclusive','minimum']
Establishes whether specified groups should be considered the complete list (inclusive) or the minimum list (minimum) of groups to which the user belongs. Valid values: 'inclusive', 'minimum'.
Default value: 'minimum'
name
Name of the user.
password
Data type: Variant[String, Sensitive[String]]
The user's password, in whatever encrypted format the local machine requires. Default: '!!', which prevents the user from logging in with a password.
Default value: '!!'
password_max_age
Data type: Optional[Accounts::User::PasswordMaxAge]
Maximum number of days a password may be used before it must be changed.
Allows any integer from 0
to 99999
. See the
user
resource.
Default value: undef
purge_sshkeys
Data type: Boolean
Whether keys not included in sshkeys should be removed from the user. If purge_sshkeys is true and sshkeys is an empty array, all SSH keys will be removed from the user.
Default value: false
purge_user_home
Data type: Boolean
Whether to force recurse remove user home directories when removing a user. Defaults to false.
Default value: false
salt
Data type: Optional[String]
This is the 32-byte salt used to generate the PBKDF2 password used in OS X. This field is required for managing passwords on OS X >= 10.8.
Default value: undef
shell
Data type: Optional[Stdlib::Unixpath]
Manages the user shell.
Default value: '/bin/bash'
sshkey_custom_path
Data type: Optional[Stdlib::Unixpath]
Custom location for ssh public key file.
Default value: undef
sshkey_group
Data type: Optional[Accounts::User::Name]
Specifies the group of the sshkey file
Default value: $group
sshkey_owner
Data type: Optional[Accounts::User::Name]
Specifies the owner of the sshkey file
Default value: $name
sshkey_mode
Data type: Variant[Integer[0],String]
Specifies the mode of the sshkey file .ssh/authorized_keys.
Default value: '0600'
sshkeys
Data type: Array[String]
An array of SSH public keys associated with the user. These should be complete public key strings that include the type, content and name of the key, exactly as it would appear in its id_*.pub file, or with an optional options string preceding the other components, as it would appear as an entry in an authorized_keys file. Must be an array.
Examples:
-
ssh-rsa AAAAB3NzaC1y... bob@example.com
-
from="myhost.example.com,192.168.1.1" ssh-rsa AAAAQ4ng... bob2@example.com
Note that for multiple keys, the name component (the last) must be unique.
Default value: []
system
Data type: Boolean
Specifies if you want to create a system account.
Default value: false
uid
Data type: Optional[Accounts::User::Uid]
Specifies the user's uid number. Must be specified numerically.
Default value: undef
Functions
accounts_ssh_authorized_keys_line_parser
Type: Ruby 4.x API
Parse an ssh authorized_keys line string into an array using its expected pattern by using a combination of regex matching and extracting the substring before the match as ssh-options. This allows whitespaces inside the options and inside the comment and is consistent with the behavior of openssh. The returned options element can by an empty string.
Examples
Calling the function
accounts_ssh_authorized_keys_line_parser_string('options ssh-rsa AAAA... comment)
accounts_ssh_authorized_keys_line_parser(String $str)
Parse an ssh authorized_keys line string into an array using its expected pattern by using a combination of regex matching and extracting the substring before the match as ssh-options. This allows whitespaces inside the options and inside the comment and is consistent with the behavior of openssh. The returned options element can by an empty string.
Returns: Array
of authroized_keys_line components:
['options','keytype','key','comment']
Examples
Calling the function
accounts_ssh_authorized_keys_line_parser_string('options ssh-rsa AAAA... comment)
str
Data type: String
ssh authorized_keys line string
accounts_ssh_options_parser
Type: Ruby 4.x API
Parse an ssh authorized_keys option string into an array using its expected pattern which matches a crazy regex slightly modified from shell words. The pattern should be a string.
Examples
Calling the function
accounts_ssh_option_parser_string()
accounts_ssh_options_parser(String $str)
Parse an ssh authorized_keys option string into an array using its expected pattern which matches a crazy regex slightly modified from shell words. The pattern should be a string.
Returns: Array
Separated components of the string
Examples
Calling the function
accounts_ssh_option_parser_string()
str
Data type: String
ssh authorized_keys option string
Data types
Accounts::Group::Hash
Group resoureces hash. Passed as the second parameter of the ensure_resources function.
Alias of
Hash[Accounts::User::Name, Accounts::Group::Resource]
Accounts::Group::Provider
Group provider. You will seldom need to specify this -- Puppet will usually discover the appropriate provider for your platform.
Alias of
Enum['aix', 'directoryservice', 'groupadd', 'ldap', 'pw', 'windows_adsi']
Accounts::Group::Resource
Group attributes hash. Passed as the third parameter of the ensure_resources function.
Alias of
Struct[{ Optional[ensure] => Enum['absent', 'present'],
Optional[allowdupe] => Boolean,
Optional[auth_membership] => Boolean,
Optional[forcelocal] => Boolean,
Optional[gid] => Accounts::User::Uid,
Optional[members] => Array[Accounts::User::Name],
Optional[name] => Accounts::User::Name,
Optional[provider] => Accounts::Group::Provider,
Optional[system] => Boolean,
}]
Accounts::User::Expiry
Account expiration date. Either 'absent' or a YYYY-MM-DD datestring.
Alias of
Variant[Enum['absent'], Pattern[/\A(19|[2-9]\d)\d\d-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])\z/]]
Accounts::User::Hash
User resources hash. Passed as the second parameter of the ensure_resources function.
Alias of
Hash[Accounts::User::Name, Accounts::User::Resource]
Accounts::User::Iterations
Password hash iterations. This parameter is used in OS X, and is required for managing passwords on OS X 10.8 and newer.
Alias of
Variant[Integer[1,], Pattern[/\A[1-9]\d*\z/]]
Accounts::User::Name
Account (user or group) name. From useradd(8): It is usually recommended to only use usernames that begin with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes. They can end with a dollar sign. Usernames may only be up to 32 characters long.
Many installations also allow capitals or periods, for example to separate first and last names.
Alias of
Pattern[/\A[a-zA-Z0-9_]([a-zA-Z.0-9_-]{0,30}[a-zA-Z0-9_$-])?\z/]
Accounts::User::PasswordMaxAge
Max password age. On most systems, the default value of 99999 is about 274 years, which effectively disables password aging.
Alias of
Integer[1, 99999]
Accounts::User::Resource
User attributes hash. Passed as the third parameter of the ensure_resources function.
Alias of
Struct[{ Optional[ensure] => Enum['absent','present'],
Optional[allowdupe] => Boolean,
Optional[bash_profile_content] => String,
Optional[bash_profile_source] => Stdlib::Filesource,
Optional[bashrc_content] => String,
Optional[bashrc_source] => Stdlib::Filesource,
Optional[comment] => String,
Optional[create_group] => Boolean,
Optional[expiry] => Accounts::User::Expiry,
Optional[forcelocal] => Boolean,
Optional[forward_content] => String,
Optional[forward_source] => Stdlib::Filesource,
Optional[gid] => Accounts::User::Uid,
Optional[group] => Accounts::User::Name,
Optional[groups] => Array[Accounts::User::Name],
Optional[name] => Accounts::User::Name,
Optional[home] => Stdlib::Unixpath,
Optional[home_mode] => Stdlib::Filemode,
Optional[ignore_password_if_empty] => Boolean,
Optional[iterations] => Accounts::User::Iterations,
Optional[locked] => Boolean,
Optional[managehome] => Boolean,
Optional[managevim] => Boolean,
Optional[membership] => Enum['inclusive','minimum'],
Optional[name] => Accounts::User::Name,
Optional[password] => String,
Optional[password_max_age] => Accounts::User::PasswordMaxAge,
Optional[purge_sshkeys] => Boolean,
Optional[purge_user_home] => Boolean,
Optional[salt] => String,
Optional[shell] => Stdlib::Unixpath,
Optional[sshkey_custom_path] => Stdlib::Unixpath,
Optional[sshkey_owner] => Accounts::User::Name,
Optional[sshkey_group] => Accounts::User::Name,
Optional[sshkeys] => Array[String],
Optional[system] => Boolean,
Optional[uid] => Accounts::User::Uid,
}]
Accounts::User::Uid
Numeric user ID. On most Unix systems, the highest uid is 2^32 - 1, or 4294967295.
Alias of
Variant[Integer[0,4294967295], Pattern[/\A0\z/,
/\A[1-3]\d{0,9}\z/,
/\A[4-9]\d{0,8}\z/,
/\A4[0-1]\d{8}\z/,
/\A42[0-8]\d{7}\z/,
/\A429[0-3]\d{6}\z/,
/\A4294[0-8]\d{5}\z/,
/\A42949[0-5]\d{4}\z/,
/\A429496[0-6]\d{3}\z/,
/\A4294967[0-1]\d{2}\z/,
/\A42949672[0-8]\d\z/,
/\A429496729[0-5]\z/,
]]
Change log
All notable changes to this project will be documented in this file. The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
v7.1.1 (2021-08-25)
Fixed
- (IAC-1741) Allow stdlib v8.0.0 #392 (david22swan)
v7.1.0 (2021-08-16)
Added
- pdksync - (IAC-1709) - Add Support for Debian 11 #391 (david22swan)
- MODULES-11100 - Add sk-ecdsa public key support, and implement tests for sk-ecdsa and ecdsa keys #388 (vollmerk)
v7.0.2 (2021-03-29)
Fixed
- (IAC-1497) - Removal of unsupported
translate
dependency #373 (david22swan) - (MODULES-10892) Update name.pp #353 (LooOOooM)
v7.0.1 (2021-03-15)
Fixed
v7.0.0 (2021-03-01)
Changed
- Update metadata.json - remove ubuntu 14.04 #368 (daianamezdrea)
- pdksync - Remove Puppet 5 from testing and bump minimal version to 6.0.0 #359 (carabasdaniel)
Fixed
- (MODULES-10867) Ensure ssh key name is unique based on type, content and description #340 (mdklapwijk)
v6.4.0 (2020-12-14)
Added
- pdksync - (maint) - Add support for Puppet 7 #350 (pmcmaw)
- MODULES-10862 add support for authorized_keys file mode #338 (simondeziel)
v6.3.0 (2020-09-22)
Added
- Allow for Sensitive type passwords in accounts::user #333 (jarretlavallee)
Fixed
- (MODULES-10798) Ensure group is created for user only if undefined #334 (michaeltlombardi)
v6.2.0 (2020-08-20)
Added
- pdksync - (IAC-973) - Update travis/appveyor to run on new default branch main #318 (david22swan)
- (IAC-746) - Add ubuntu 20.04 support #312 (david22swan)
Fixed
v6.1.1 (2020-04-30)
Fixed
v6.1.0 (2020-02-03)
Added
- Employ more lenient username checks (allow capitals) #286 (mvandegarde)
- (MODULES-10242) Re-add Ubuntu 14 to supported OS list #281 (sheenaajay)
v6.0.0 (2019-11-11)
Changed
Added
- (FM-8671) - Support added for CentOS 8 #278 (david22swan)
Fixed
- fix small typo on the root_home key at Debian.yaml #260 (wandenberg)
- Use user group instead of user name for sshkey owner group #258 (florindragos)
v5.0.0 (2019-09-10)
Changed
- (MODULES-9712) Move data into hiera. #241 (pillarsdotnet)
Added
- (FM-8392) Add debian 10 to provision.yaml #251 (ThoughtCrhyme)
Fixed
- (MODULES-9849) wrong order when removing user with custom sshkey file #250 (tuxmea)
- fix problematic parsing of keyspec #246 (EECOLOR)
- (MODULES-9697) fix for correct management of sshkey_custom_path #242 (tuxmea)
v4.2.0 (2019-08-02)
Added
Fixed
- MODULES-9447 -- Narrow dependency between removed user and group. #232 (pillarsdotnet)
v4.1.0 (2019-05-29)
Added
- (FM-8023) Add RedHat 8 support #227 (eimlav)
- (MODULES-7469) Add password_max_age parameter #221 (eimlav)
Fixed
- (MODULES-8968) Test account removal. #226 (pillarsdotnet)
v4.0.0 (2019-05-10)
Changed
- pdksync - (MODULES-8444) - Raise lower Puppet bound #218 (david22swan)
- (MODULES-8909) Add type-aliases and auto-loading. #214 (pillarsdotnet)
Fixed
- (MODULES-8909) Allow periods in usernames. #220 (pillarsdotnet)
- Remove user when custom sshkey file is set #213 (tuxmea)
3.2.0 (2019-01-18)
Added
- (MODULES-8302) - Add allowdupe parameter #199 (eimlav)
- (MODULES-8149) - Addition of support for SLES 15 #197 (david22swan)
Fixed
- (MODULES-8216) - Fix fail when custom_sshkey_path and managehome=false #194 (eimlav)
- Fixing the limitations section of the README #191 (HelenCampbell)
3.1.0 (2018-09-27)
Added
- pdksync - (FM-7392) puppet 6 testing changes #187 (tphoney)
- pdksync - (MODULES-6805) metadata.json shows support for puppet 6 #185 (tphoney)
- (LOC-173) Delivering translation for readmes/README_ja_JP.markdown #177 (ehom)
Fixed
- (maint) corrected filename extension for both en and ja #182 (ehom)
- Only take care of ssh-keys if ensure is set to 'present' #174 (opteamax)
- Rename README.markdown to README.MD #173 (clairecadman)
3.0.0 (2018-09-07)
Changed
- Adding ability to specify custom ssh_key location #149 (ggeldenhuis)
Added
- (MODULES-7687) - Added Darwin compatibility #167 (eimlav)
- (FM-7287) - i18n Process Implemented. #159 (david22swan)
- (MODULES-5222) - managevim option added to manifests. #156 (david22swan)
- (FM-7289) - Added Puppet 4 data types to parameters #155 (eimlav)
- (MODULES-7671) - Support spaces in ssh key options #153 (dleske)
- (FM-7254) - Addition of support for Ubuntu 18.04 #150 (david22swan)
Fixed
- pdksync - (MODULES-7658) use beaker4 in puppet-module-gems #170 (tphoney)
- Fix error when deploying key into directory not owned by user #152 (tuxmea)
2.0.0
Summary
This release drops support for Debian 7, adds support for Debian 9 and includes several small features and bug fixes.
Added
- [FM-7052] Addition of Debian 9 support to accounts
- (MODULES-3989) Allow management of local accounts despite an NSS
- Allow mode for homedir to be undef
- Add expiry property to user resource.
Fixed
- (MODULES-6607) - Update docs to reflect correct default value for ignore_password_if_empty.
- Update tests and README
- Removed Debian 7 support
Bugfixes
- Allow sshkeys to be reused for multiple accounts
- Set
home_mode
explicitly in tests - Fix test for ssh key to allow new comment format
Supported Release 1.3.0
Summary
This release uses the PDK convert functionality which in return makes the module PDK compliant. It also includes a roll up of maintenance changes.
Added
- PDK Convert accounts (MODULES-6328).
Fixed
- Don't create accounts::home_dir resources.
- Multiple maintenance changes.
Supported Release 1.2.1
Summary
This release is to update the formatting of the module, Rubocop having been run for all ruby files and been set to run automatically on all future commits.
Changed
- Rubocop has been implemented.
Supported Release 1.2.0
Summary
This release is a rollup of changes. Several attributes have been added as requested and submitted from our community.
Added
- Attribute ignore_password_if_empty is added which, if set to true, shall ignore password changes if the password is empty.
- Removal of dependency on group resource if create_group is set to false.
- Add attribute to allow custom group names.
- Add attribute to set system user or group.
- Add attribute to set the user or group to be the system account.
- Add attribute to create a group (or not) with the username.
- Add support for .forward.
- Add support for ssh options in authorization_keys.
- Add ECDSA support.
- Add support for ssh authorized key options.
- Allow the use of the `source` param for bash files
- Removal of end-of-life Ubuntu 12.04 support from metadata.
- Update Puppet version compatibility.
- Modulesync and Gemfile updates.
Fixed
- Multiple fixes to tests.
Supported Release 1.1.0
Summary
A feature rich release, with the addition of Debian 8 support. Also several generic fixes to tests.
Features
- Now allows SSH keys to be purged from user.
- Multiple updates and fixes to the README.
- RSpec-puppet has now been unpinned.
- Addition of Debian 8 compatibility to metadata.
- Addition of OSfamily fact to tests.
- Several modulesync updates.
Bugfixes
- Multiple fixes to tests.
Supported Release 1.0.0
Summary:
This is the initial release of the rewrite of puppetlabs-pe_accounts for a more general usage.
Differences from the pe_accounts module is that the data model is gone, and thus the base class that accepts hashes (ie, from hiera). Instead, the module is designed around the use of the accounts::user
defined resource.
To regain the old hiera behavior, use the create_resources()
function in combination with accounts::user
; eg: create_resources('accounts::user', hiera_hash('accounts::users'))
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppetlabs/stdlib (>= 5.0.0 < 9.0.0)
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Quality checks
We run a couple of automated scans to help you assess a module’s quality. Each module is given a score based on how well the author has formatted their code and documentation and select modules are also checked for malware using VirusTotal.
Please note, the information below is for guidance only and neither of these methods should be considered an endorsement by Puppet.
Malware scan results
The malware detection service on Puppet Forge is an automated process that identifies known malware in module releases before they’re published. It is not intended to replace your own virus scanning solution.
Learn more about malware scans- Module name:
- puppetlabs-accounts
- Module version:
- 7.1.1
- Scan initiated:
- August 26th 2021, 1:54:25
- Detections:
- 0 / 57
- Scan stats:
- 57 undetected
- 0 harmless
- 0 failures
- 0 timeouts
- 0 malicious
- 0 suspicious
- 16 unsupported
- Scan report:
- View the detailed scan report