Cfengine 3 example unit_insert_users.html
#  Copyright (C) Cfengine AS

#  This file is part of Cfengine 3 - written and maintained by Cfengine AS.

#  This program is free software; you can redistribute it and/or modify it
#  under the terms of the GNU General Public License as published by the
#  Free Software Foundation; version 3.

#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA

# To the extent this program is licensed as part of the Enterprise
# versions of Cfengine, the applicable Commerical Open Source License
# (COSL) may apply to this file if you as a licensee so wish it. See
# included file COSL.txt.

########################################################
#
# Insert users into the passwd file of a system by
# extracting named users from a master file - repeat
# for /etc/shadow
#
########################################################

body common control

{
bundlesequence  => { "updateusers" };
}

########################################################

bundle agent updateusers

{
vars:

  # Set $(testing) to "" for production

  "testing"  string => "/home/mark/tmp";
  "tmp"      string => "$(testing)/etc/passwd_tmp";

  "extract_users" slist => { "mark", "root", "at", "www-run" };

files:

  #
  # Take the passwed entries from source and add them to real_passwd
  #

  "$(tmp)"

       create    => "true",
       edit_line => SelectUsers("$(testing)/masterfiles/passwd","@(this.extract_users)");

  #
  # Intermediate file - should be secure - not in /tmp
  #

  "$(testing)/etc/passwd"

       edit_line => ReplaceUsers("$(tmp)","@(this.extract_users)");

  #

  "$(testing)/home/$(extract_users)/."

       create => "true",
       perms => userdir("$(extract_users)");
}






########################################################
# Library stuff
########################################################

body perms userdir(u)
{
mode => "755";
owners => { "$(u)" };
groups => { "users" };
}

########################################################

bundle edit_line SelectUsers(f,l)
  {
  insert_lines:

     "$(f)" 

       insert_type => "file",
       insert_select => keep("@(l)");
  }

########################################################

bundle edit_line ReplaceUsers(f,l)
  {
  delete_lines:

     "$(f)" 
       delete_select => discard("@(l)");

  insert_lines:

     "$(f)" 

       insert_type => "file";
  }

########################################################

body insert_select keep(s)
{
insert_if_startwith_from_list => { @(s) };
}

########################################################

body delete_select discard(s)
{
delete_if_not_startwith_from_list => { @(s) };
}