码迷,mamicode.com
首页 > 其他好文 > 详细

SaltStack源码分析之user状态模块

时间:2015-05-14 20:50:49      阅读:414      评论:0      收藏:0      [点我收藏+]

标签:user

user状态模块用于在sls文件中指定安装包的uid等属性

/usr/lib/python2.6/site-packages/salt/states/user.py

‘‘‘
Management of user accounts
===========================

The user module is used to create and manage user settings, users can be set
as either absent or present

.. code-block:: yaml

    fred:
      user.present:
        - fullname: Fred Jones
        - shell: /bin/zsh
        - home: /home/fred
        - uid: 4000
        - gid: 4000
        - groups:
          - wheel
          - storage
          - games

    testuser:
      user.absent
‘‘‘


def present(name,
            uid=None,
            gid=None,
            gid_from_name=False,
            groups=None,
            optional_groups=None,
            remove_groups=True,
            home=None,
            createhome=True,
            password=None,
            enforce_password=True,
            empty_password=False,
            shell=None,
            unique=True,
            system=False,
            fullname=None,
            roomnumber=None,
            workphone=None,
            homephone=None,
            date=None,
            mindays=None,
            maxdays=None,
            inactdays=None,
            warndays=None,
            expire=None):
    ‘‘‘
    Ensure that the named user is present with the specified properties

    name
        The name of the user to manage

    uid
        The user id to assign, if left empty then the next available user id
        will be assigned

    gid
        The default group id

    gid_from_name
        If True, the default group id will be set to the id of the group with
        the same name as the user.

    groups
        A list of groups to assign the user to, pass a list object. If a group
        specified here does not exist on the minion, the state will fail.
        If set to the empty list, the user will be removed from all groups
        except the default group.

    optional_groups
        A list of groups to assign the user to, pass a list object. If a group
        specified here does not exist on the minion, the state will silently
        ignore it.

    NOTE: If the same group is specified in both "groups" and
    "optional_groups", then it will be assumed to be required and not optional.

    remove_groups
        Remove groups that the user is a member of that weren‘t specified in
        the state, True by default

    home
        The location of the home directory to manage

    createhome
        If True, the home directory will be created if it doesn‘t exist.
        Please note that directories leading up to the home directory
        will NOT be created.

    password
        A password hash to set for the user. This field is only supported on
        Linux, FreeBSD, NetBSD, OpenBSD, and Solaris.

    .. versionchanged:: 0.16.0
       BSD support added.

    enforce_password
        Set to False to keep the password from being changed if it has already
        been set and the password hash differs from what is specified in the
        "password" field. This option will be ignored if "password" is not
        specified.

    empty_password
        Set to True to enable no password-less login for user

    shell
        The login shell, defaults to the system default shell

    unique
        Require a unique UID, True by default

    system
        Choose UID in the range of FIRST_SYSTEM_UID and LAST_SYSTEM_UID.


    User comment field (GECOS) support (currently Linux, FreeBSD, and MacOS
    only):

    The below values should be specified as strings to avoid ambiguities when
    the values are loaded. (Especially the phone and room number fields which
    are likely to contain numeric data)

    fullname
        The user‘s full name

    roomnumber
        The user‘s room number (not supported in MacOS)

    workphone
        The user‘s work phone number (not supported in MacOS)

    homephone
        The user‘s home phone number (not supported in MacOS)


    .. versionchanged:: 2014.7.0
       Shadow attribute support added.

    Shadow attributes support (currently Linux only):

    The below values should be specified as integers.

    date
        Date of last change of password, represented in days since epoch
        (January 1, 1970).

    mindays
        The minimum number of days between password changes.

    maxdays
        The maximum number of days between password changes.

    inactdays
        The number of days after a password expires before an account is
        locked.

    warndays
        Number of days prior to maxdays to warn users.

    expire
        Date that account expires, represented in days since epoch (January 1,
        1970).
    ‘‘‘
    fullname = str(fullname) if fullname is not None else fullname
    roomnumber = str(roomnumber) if roomnumber is not None else roomnumber
    workphone = str(workphone) if workphone is not None else workphone
    homephone = str(homephone) if homephone is not None else homephone

    ret = {‘name‘: name,
           ‘changes‘: {},
           ‘result‘: True,
           ‘comment‘: ‘User {0} is present and up to date‘.format(name)}

    if groups:
        missing_groups = [x for x in groups if not __salt__[‘group.info‘](x)]
        if missing_groups:
            ret[‘comment‘] = ‘The following group(s) are not present: ‘                              ‘{0}‘.format(‘,‘.join(missing_groups))
            ret[‘result‘] = False
            return ret

    if optional_groups:
        present_optgroups = [x for x in optional_groups
                             if __salt__[‘group.info‘](x)]
        for missing_optgroup in [x for x in optional_groups
                                 if x not in present_optgroups]:
            log.debug(‘Optional group "{0}" for user "{1}" is not ‘
                      ‘present‘.format(missing_optgroup, name))
    else:
        present_optgroups = None

    # Log a warning for all groups specified in both "groups" and
    # "optional_groups" lists.
    if groups and optional_groups:
        for isected in set(groups).intersection(optional_groups):
            log.warning(‘Group "{0}" specified in both groups and ‘
                        ‘optional_groups for user {1}‘.format(isected, name))

    if gid_from_name:
        gid = __salt__[‘file.group_to_gid‘](name)

    if empty_password:
        __salt__[‘shadow.del_password‘](name)

    changes = _changes(name,
                       uid,
                       gid,
                       groups,
                       present_optgroups,
                       remove_groups,
                       home,
                       createhome,
                       password,
                       enforce_password,
                       empty_password,
                       shell,
                       fullname,
                       roomnumber,
                       workphone,
                       homephone,
                       date,
                       mindays,
                       maxdays,
                       inactdays,
                       warndays,
                       expire)

    if changes:
        if __opts__[‘test‘]:
            ret[‘result‘] = None
            ret[‘comment‘] = (‘The following user attributes are set to be ‘
                              ‘changed:\n‘)
            for key, val in changes.items():
                ret[‘comment‘] += ‘{0}: {1}\n‘.format(key, val)
            return ret
        # The user is present
        if ‘shadow.info‘ in __salt__:
            lshad = __salt__[‘shadow.info‘](name)
        pre = __salt__[‘user.info‘](name)
        for key, val in changes.items():
            if key == ‘passwd‘ and not empty_password:
                __salt__[‘shadow.set_password‘](name, password)
                continue
            if key == ‘date‘:
                __salt__[‘shadow.set_date‘](name, date)
                continue
            if key == ‘home‘ or key == ‘homeDoesNotExist‘:
                if createhome:
                    __salt__[‘user.chhome‘](name, val, True)
                else:
                    __salt__[‘user.chhome‘](name, val, False)
                continue
            if key == ‘mindays‘:
                __salt__[‘shadow.set_mindays‘](name, mindays)
                continue
            if key == ‘maxdays‘:
                __salt__[‘shadow.set_maxdays‘](name, maxdays)
                continue
            if key == ‘inactdays‘:
                __salt__[‘shadow.set_inactdays‘](name, inactdays)
                continue
            if key == ‘warndays‘:
                __salt__[‘shadow.set_warndays‘](name, warndays)
                continue
            if key == ‘expire‘:
                __salt__[‘shadow.set_expire‘](name, expire)
                continue
            if key == ‘groups‘:
                __salt__[‘user.ch{0}‘.format(key)](
                    name, val, not remove_groups
                )
            else:
                __salt__[‘user.ch{0}‘.format(key)](name, val)

        post = __salt__[‘user.info‘](name)
        spost = {}
        if ‘shadow.info‘ in __salt__:
            if lshad[‘passwd‘] != password:
                spost = __salt__[‘shadow.info‘](name)
        # See if anything changed
        for key in post:
            if post[key] != pre[key]:
                ret[‘changes‘][key] = post[key]
        if ‘shadow.info‘ in __salt__:
            for key in spost:
                if lshad[key] != spost[key]:
                    ret[‘changes‘][key] = spost[key]
        if ret[‘changes‘]:
            ret[‘comment‘] = ‘Updated user {0}‘.format(name)
        changes = _changes(name,
                           uid,
                           gid,
                           groups,
                           present_optgroups,
                           remove_groups,
                           home,
                           createhome,
                           password,
                           enforce_password,
                           empty_password,
                           shell,
                           fullname,
                           roomnumber,
                           workphone,
                           homephone,
                           date,
                           mindays,
                           maxdays,
                           inactdays,
                           warndays,
                           expire)

        if changes:
            ret[‘comment‘] = ‘These values could not be changed: {0}‘.format(
                changes
            )
            ret[‘result‘] = False
        return ret

    if changes is False:
        # The user is not present, make it!
        if __opts__[‘test‘]:
            ret[‘result‘] = None
            ret[‘comment‘] = ‘User {0} set to be added‘.format(name)
            return ret
        if groups and present_optgroups:
            groups.extend(present_optgroups)
        elif present_optgroups:
            groups = present_optgroups[:]
        if __salt__[‘user.add‘](name,
                                uid=uid,
                                gid=gid,
                                groups=groups,
                                home=home,
                                shell=shell,
                                unique=unique,
                                system=system,
                                fullname=fullname,
                                roomnumber=roomnumber,
                                workphone=workphone,
                                homephone=homephone,
                                createhome=createhome):
            ret[‘comment‘] = ‘New user {0} created‘.format(name)
            ret[‘changes‘] = __salt__[‘user.info‘](name)
            if ‘shadow.info‘ in __salt__ and not salt.utils.is_windows():
                if password and not empty_password:
                    __salt__[‘shadow.set_password‘](name, password)
                    spost = __salt__[‘shadow.info‘](name)
                    if spost[‘passwd‘] != password:
                        ret[‘comment‘] = ‘User {0} created but failed to set‘                                          ‘ password to‘                                          ‘ {1}‘.format(name, password)
                        ret[‘result‘] = False
                    ret[‘changes‘][‘password‘] = password
                if date:
                    __salt__[‘shadow.set_date‘](name, date)
                    spost = __salt__[‘shadow.info‘](name)
                    if spost[‘lstchg‘] != date:
                        ret[‘comment‘] = ‘User {0} created but failed to set‘                                          ‘ last change date to‘                                          ‘ {1}‘.format(name, date)
                        ret[‘result‘] = False
                    ret[‘changes‘][‘date‘] = date
                if mindays:
                    __salt__[‘shadow.set_mindays‘](name, mindays)
                    spost = __salt__[‘shadow.info‘](name)
                    if spost[‘min‘] != mindays:
                        ret[‘comment‘] = ‘User {0} created but failed to set‘                                          ‘ minimum days to‘                                          ‘ {1}‘.format(name, mindays)
                        ret[‘result‘] = False
                    ret[‘changes‘][‘mindays‘] = mindays
                if maxdays:
                    __salt__[‘shadow.set_maxdays‘](name, mindays)
                    spost = __salt__[‘shadow.info‘](name)
                    if spost[‘max‘] != maxdays:
                        ret[‘comment‘] = ‘User {0} created but failed to set‘                                          ‘ maximum days to‘                                          ‘ {1}‘.format(name, maxdays)
                        ret[‘result‘] = False
                    ret[‘changes‘][‘maxdays‘] = maxdays
                if inactdays:
                    __salt__[‘shadow.set_inactdays‘](name, inactdays)
                    spost = __salt__[‘shadow.info‘](name)
                    if spost[‘inact‘] != inactdays:
                        ret[‘comment‘] = ‘User {0} created but failed to set‘                                          ‘ inactive days to‘                                          ‘ {1}‘.format(name, inactdays)
                        ret[‘result‘] = False
                    ret[‘changes‘][‘inactdays‘] = inactdays
                if warndays:
                    __salt__[‘shadow.set_warndays‘](name, warndays)
                    spost = __salt__[‘shadow.info‘](name)
                    if spost[‘warn‘] != warndays:
                        ret[‘comment‘] = ‘User {0} created but failed to set‘                                          ‘ warn days to‘                                          ‘ {1}‘.format(name, mindays)
                        ret[‘result‘] = False
                    ret[‘changes‘][‘warndays‘] = warndays
                if expire:
                    __salt__[‘shadow.set_expire‘](name, expire)
                    spost = __salt__[‘shadow.info‘](name)
                    if spost[‘expire‘] != expire:
                        ret[‘comment‘] = ‘User {0} created but failed to set‘                                          ‘ expire days to‘                                          ‘ {1}‘.format(name, expire)
                        ret[‘result‘] = False
                    ret[‘changes‘][‘expire‘] = expire
        else:
            ret[‘comment‘] = ‘Failed to create new user {0}‘.format(name)
            ret[‘result‘] = False

    return ret


本文出自 “Linux SA John” 博客,请务必保留此出处http://john88wang.blog.51cto.com/2165294/1651263

SaltStack源码分析之user状态模块

标签:user

原文地址:http://john88wang.blog.51cto.com/2165294/1651263

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!