I have the user in hiera like this:
everydayhero:
colinb:
ensure: 'present'
comment: 'colinb'
uid: '2021'
gid: 'ssh'
groups: ['ssh', 'www-data', 'edh']
env: ['staging','edhci']
ssh_name: 'colinb@everydayhero.com.au'
ssh_key: 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDwYYsASNg4ktc64wxQrSpPSLIuL1g1lgw5+D1GvJpdaJZ6UTDJLwUcCNrCyYJ2rgY6/nN0FhyFkFKQTPM9Grml3YJ1Avg8wkikRBllbDQTRv/YU5Uv+tWSgwZ45GE9sR601fwFPqYmChsAoAqRTHlfQX2hEsZgCKNVoRGjv+I0hpd2hE5+QbLOfQDuieqMk9eBb5AMpBch+9LZHt/QOkgGDHCFRRYyGxTWdZfHGYg8S7UIjL8p4rnoPJYdBOgrGwgEqL2e77Fyg6id9va1lKXW3HgbgMardXB8dfPePfyWxatF5kwS85ioImvGx1oq0YK37/ECQiK+agOl5kPmlB13'We use the following to create the virtual resources:
$edh_staff = hiera('everydayhero')
create_resources('@users::identity', $edh_staff)This is the users::identity defined resource:
define users::identity (
$uid,
$gid,
$groups,
$comment,
$env,
$ensure = present,
$ssh_key = '',
$ssh_name = $name,
) {
user { $name:
ensure => $ensure,
uid => $uid,
gid => $gid,
groups => $groups,
shell => '/bin/bash',
home => "/home/${name}",
comment => $comment,
membership => 'minimum',
managehome => true,
}
if !empty($ssh_key) {
ssh_authorized_key { $name:
ensure => $ensure,
type => 'ssh-rsa',
key => $ssh_key,
user => $name,
require => User[$name],
name => $ssh_name,
}
}
}This is how I realise users per "env":
case $environment {
'production': { Users::Identity <| env == 'prod' |> }
'staging' : { Users::Identity <| env == 'staging' |> }
'staging2' : { Users::Identity <| env == 'staging' |> }
'sandbox' : { Users::Identity <| env == 'sandbox' |> }
'wordpress' : {
Users::Identity <| env == 'wordpress' |>
realize(
Group['wpadmin'],
)
}
'edhfin' : { Users::Identity <| env == 'edhfin' |> }
'edhci' : { Users::Identity <| env == 'edhci' |> }
default : { fail('** No environment specified **') }
}What I need is to be able to specify a set of groups for a user dependant on the "env" variable.
So for example, in staging colinb (above) needs this:
groups => ['ssh', 'www-data', 'edh'],BUT in production I need this:
groups => ['ssh']Thoughts?