About | FAQ | Help
Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Anything is possible with code... If you have custom facts generating a list of present users, you could have your list of expected/intended users defined on the puppet side (in hiera, etc..). You could either use some of the array manipulations that are provided by puppet to filter the list of expected users from the list of actual users and you are left with the list of unexpected users... OR write a custom function and do all of the filtering in ruby, and return that array.

The above could get passed into a user{ $unintended_users_array: ensure => 'absent' } resource. The same could be done for groups.

Also be sure to account for any users/groups that your modules are creating for their software... either disable the module's management of the user and move it into your own custom management, or have an additional list of users to ignore from the above filtering (apache / tomcat users, etc...)