SaltStack源码分析之group状态模块

group状态模块用于创建并管理UNIX组账号设置。

/usr/lib/python2.6/site-packages/salt/states/group.py

‘‘‘
Management of user groups
=========================

The group module is used to create and manage unix group settings, groups
can be either present or absent:

.. code-block:: yaml

    cheese:
      group.present:
        - gid: 7648
        - system: True
        - addusers:
          - user1
          - users2
        - delusers:
          - foo

    cheese:
      group.present:
        - gid: 7648
        - system: True
        - members:
          - foo
          - bar
          - user1
          - user2
‘‘‘

def present(name,
            gid=None,
            system=False,
            addusers=None,
            delusers=None,
            members=None):
    ‘‘‘
    Ensure that a group is present

    name
        The name of the group to manage

    gid
        The group id to assign to the named group; if left empty, then the next
        available group id will be assigned

    system
        Whether or not the named group is a system group.  This is essentially
        the ‘-r‘ option of ‘groupadd‘.

    addusers
        List of additional users to be added as a group members.

    delusers
        Ensure these user are removed from the group membership.

    members
        Replace existing group members with a list of new members.

    Note: Options ‘members‘ and ‘addusers/delusers‘ are mutually exclusive and
          can not be used together.
    ‘‘‘
    ret = {‘name‘: name,
           ‘changes‘: {},
           ‘result‘: True,
           ‘comment‘: ‘Group {0} is present and up to date‘.format(name)}

    if members and (addusers or delusers):
        ret[‘result‘] = None
        ret[‘comment‘] = (
            ‘Error: Conflicting options "members" with "addusers" and/or‘
            ‘ "delusers" can not be used together. ‘)
        return ret

    if addusers and delusers:
        #-- if trying to add and delete the same user(s) at the same time.
        if not set(addusers).isdisjoint(set(delusers)):
            ret[‘result‘] = None
            ret[‘comment‘] = (
                ‘Error. Same user(s) can not be added and deleted‘
                ‘ simultaneously‘)
            return ret

    changes = _changes(name,
                       gid,
                       addusers,
                       delusers,
                       members)
    if changes:
        ret[‘comment‘] = (
            ‘The following group attributes are set to be changed:\n‘)
        for key, val in changes.items():
            ret[‘comment‘] += ‘{0}: {1}\n‘.format(key, val)

        if __opts__[‘test‘]:
            ret[‘result‘] = None
            return ret

        for key, val in changes.items():
            if key == ‘gid‘:
                __salt__[‘group.chgid‘](name, gid)
                continue
            if key == ‘addusers‘:
                for user in val:
                    __salt__[‘group.adduser‘](name, user)
                continue
            if key == ‘delusers‘:
                for user in val:
                    __salt__[‘group.deluser‘](name, user)
                continue
            if key == ‘members‘:
                __salt__[‘group.members‘](name, ‘,‘.join(members))
                continue
        # Clear cached group data
        sys.modules[
            __salt__[‘test.ping‘].__module__
            ].__context__.pop(‘group.getent‘, None)
        changes = _changes(name,
                           gid,
                           addusers,
                           delusers,
                           members)
        if changes:
            ret[‘result‘] = False
            ret[‘comment‘] += ‘Some changes could not be applied‘
            ret[‘changes‘] = {‘Failed‘: changes}
        else:
            ret[‘changes‘] = {‘Final‘: ‘All Changed applied successfully‘}

    if changes is False:
        # The group is not present, make it!
        if __opts__[‘test‘]:
            ret[‘result‘] = None
            ret[‘comment‘] = ‘Group {0} set to be added‘.format(name)
            return ret

        grps = __salt__[‘group.getent‘]()
        # Test if gid is free
        if gid is not None:
            gid_group = None
            for lgrp in grps:
                if lgrp[‘gid‘] == gid:
                    gid_group = lgrp[‘name‘]
                    break

            if gid_group is not None:
                ret[‘result‘] = False
                ret[‘comment‘] = (
                    ‘Group {0} is not present but gid {1} is already taken by‘
                    ‘ group {2}‘.format(name, gid, gid_group))
                return ret

        # Group is not present, make it.
        if __salt__[‘group.add‘](name,
                                 gid,
                                 system=system):
            # if members to be added
            grp_members = None
            if members:
                grp_members = ‘,‘.join(members)
            if addusers:
                grp_members = ‘,‘.join(addusers)
            if grp_members:
                __salt__[‘group.members‘](name, grp_members)
            # Clear cached group data
            sys.modules[__salt__[‘test.ping‘].__module__].__context__.pop(
                ‘group.getent‘, None)
            ret[‘comment‘] = ‘New group {0} created‘.format(name)
            ret[‘changes‘] = __salt__[‘group.info‘](name)
            changes = _changes(name,
                               gid,
                               addusers,
                               delusers,
                               members)
            if changes:
                ret[‘result‘] = False
                ret[‘comment‘] = (
                    ‘Group {0} has been created but, some changes could not‘
                    ‘ be applied‘)
                ret[‘changes‘] = {‘Failed‘: changes}
        else:
            ret[‘result‘] = False
            ret[‘comment‘] = ‘Failed to create new group {0}‘.format(name)
    return ret