From 137221f537ab6640fab0299232c9d5e781d0f914 Mon Sep 17 00:00:00 2001 From: Rurik Yla-Onnenvuori Date: Fri, 10 Nov 2017 14:54:07 +0100 Subject: [PATCH 1/3] New instance parameter 'groups' User can define supplementary groups for instance and fenced users. Multiple groups can be defined as an array. --- README.md | 1 + manifests/instance.pp | 3 +++ spec/defines/instance_spec.rb | 5 ++++- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 973bf8d..3223f33 100644 --- a/README.md +++ b/README.md @@ -124,6 +124,7 @@ db2::install { '11.1': * `instance_user_uid`: UID of the instance user * `instance_user_gid`: GID of the instance user * `instance_user_home`: Home directory of the instance user +* `groups`: An array of supplementary groups for instance and fence users (optional, default: undef) * `type`: Type of product this instance is for (default: ese) * `auth`: Type of auth for this instance (default: server) * `users_forcelocal`: Force the creation of instance and fence users to be local, true or false. (default: undef) diff --git a/manifests/instance.pp b/manifests/instance.pp index 2588a24..be709a7 100644 --- a/manifests/instance.pp +++ b/manifests/instance.pp @@ -14,6 +14,7 @@ $instance_user_uid = undef, $instance_user_gid = undef, $instance_user_home = undef, + $groups = undef, $users_forcelocal = undef, $port = undef, $type = 'ese', @@ -32,6 +33,7 @@ home => $fence_user_home, forcelocal => $users_forcelocal, managehome => true, + groups => $groups, } } } @@ -43,6 +45,7 @@ home => $instance_user_home, forcelocal => $users_forcelocal, managehome => true, + groups => $groups, } } diff --git a/spec/defines/instance_spec.rb b/spec/defines/instance_spec.rb index a5b510e..cc4bb74 100644 --- a/spec/defines/instance_spec.rb +++ b/spec/defines/instance_spec.rb @@ -69,12 +69,14 @@ :fence_user_uid => '1002', :fence_user_gid => 'db2fencg', :fence_user_home => '/db2/fence', + :groups => 'db2group', }} it do is_expected.to contain_user('db2inst').with( :uid => '1001', :gid => 'db2instg', - :home => '/db2/inst' + :home => '/db2/inst', + :groups => 'db2group', ) end it do @@ -82,6 +84,7 @@ :uid => '1002', :gid => 'db2fencg', :home => '/db2/fence', + :groups => 'db2group', ) end end From 3e273c877934f0d5e2bb2de8ff5ec35c660b238c Mon Sep 17 00:00:00 2001 From: Andreas Zuber Date: Wed, 15 Aug 2018 16:38:57 +0200 Subject: [PATCH 2/3] add user to group resources as members to avoid resource flipping if they are defined as authoritative --- manifests/instance.pp | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/manifests/instance.pp b/manifests/instance.pp index be709a7..d29143e 100644 --- a/manifests/instance.pp +++ b/manifests/instance.pp @@ -36,6 +36,13 @@ groups => $groups, } } + if $groups { + $groups.each |$group| { + Group <| title == $group |> { + members +> $fence_user, + } + } + } } if $manage_instance_user { user { $instance_user: @@ -47,6 +54,13 @@ managehome => true, groups => $groups, } + if $groups { + $groups.each |$group| { + Group <| title == $group |> { + members +> $instance_user, + } + } + } } db2_instance { $instance_user: From 708e83e3bfcfa3223f0c04163bd2498766ba4607 Mon Sep 17 00:00:00 2001 From: Andreas Zuber Date: Thu, 16 Aug 2018 10:17:02 +0200 Subject: [PATCH 3/3] add tests for adding memebers to existing groups --- spec/defines/instance_spec.rb | 48 +++++++++++++++++++++++++++-------- 1 file changed, 37 insertions(+), 11 deletions(-) diff --git a/spec/defines/instance_spec.rb b/spec/defines/instance_spec.rb index cc4bb74..31b923a 100644 --- a/spec/defines/instance_spec.rb +++ b/spec/defines/instance_spec.rb @@ -41,7 +41,7 @@ end end context "when declared with fence user" do - let(:params) {{ + let(:params) {{ :installation_root => '/opt/ibm/db2/V11.1', :fence_user => 'db2fence' }} @@ -60,7 +60,7 @@ end end context "when declaring user attributes" do - let(:params) {{ + let(:params) {{ :installation_root => '/opt/ibm/db2/V11.1', :fence_user => 'db2fence', :instance_user_uid => '1001', @@ -90,7 +90,7 @@ end context "when declaring with manage_instance_user falsified" do - let(:params) {{ + let(:params) {{ :installation_root => '/opt/ibm/db2/V11.1', :fence_user => 'db2fence', :manage_instance_user => false, @@ -111,7 +111,7 @@ end context "when declaring with manage_fence_user falsified" do - let(:params) {{ + let(:params) {{ :installation_root => '/opt/ibm/db2/V11.1', :fence_user => 'db2fence', :manage_fence_user => false, @@ -132,7 +132,7 @@ end context "when setting the installation type and auth options" do - let(:params) {{ + let(:params) {{ :installation_root => '/opt/ibm/db2/V11.1', :fence_user => 'db2fence', :type => 'standalone', @@ -148,7 +148,7 @@ end context "when setting the port option" do - let(:params) {{ + let(:params) {{ :installation_root => '/opt/ibm/db2/V11.1', :fence_user => 'db2fence', :type => 'standalone', @@ -165,11 +165,37 @@ end end - - + context "when the group is not defined" do + let(:params) {{ + :installation_root => '/opt/ibm/db2/V11.1', + :fence_user => 'db2fence', + :manage_fence_user => true, + :instance_user => 'db2inst', + :manage_instance_user => true, + :groups => ['db2group'], + }} + it do + is_expected.to_not contain_group('db2group').with( + :members => ['bob', 'db2fence', 'db2inst'], + ) + end + end + context "when the group is already defined" do + let(:pre_condition) {"group {'db2group': members => ['bob']}"} + let(:params) {{ + :installation_root => '/opt/ibm/db2/V11.1', + :fence_user => 'db2fence', + :manage_fence_user => true, + :instance_user => 'db2inst', + :manage_instance_user => true, + :groups => ['db2group'], + }} + it do + is_expected.to contain_group('db2group').with( + :members => ['bob', 'db2fence', 'db2inst'], + ) + end + end end - - -