SaltStack源码分析之group状态模块

group状态模块用于创建并管理UNIX组账号设置。
/usr/lib/python2.6/site-packages/salt/states/group.py

'''
Management of user groups
=========================

The group module is used to create and manage unix group settings, groups
can be either present or absent:

.. code-block:: yaml

cheese:
group.present:
- gid: 7648
- system: True
- addusers:
- user1
- users2
- delusers:
- foo

cheese:
group.present:
- gid: 7648
- system: True
- members:
- foo
- bar
- user1
- user2
'''

def present(name,
gid=None,
system=False,
addusers=None,
delusers=None,
members=None):
'''
Ensure that a group is present

name
The name of the group to manage

gid
The group id to assign to the named group; if left empty, then the next
available group id will be assigned

system
Whether or not the named group is a system group.  This is essentially
the '-r' option of 'groupadd'.

addusers
List of additional users to be added as a group members.

delusers
Ensure these user are removed from the group membership.

members
Replace existing group members with a list of new members.

Note: Options 'members' and 'addusers/delusers' are mutually exclusive and
can not be used together.
'''
ret = {'name': name,
'changes': {},
'result': True,
'comment': 'Group {0} is present and up to date'.format(name)}

if members and (addusers or delusers):
ret['result'] = None
ret['comment'] = (
'Error: Conflicting options "members" with "addusers" and/or'
' "delusers" can not be used together. ')
return ret

if addusers and delusers:
#-- if trying to add and delete the same user(s) at the same time.
if not set(addusers).isdisjoint(set(delusers)):
ret['result'] = None
ret['comment'] = (
'Error. Same user(s) can not be added and deleted'
' simultaneously')
return ret

changes = _changes(name,
gid,
addusers,
delusers,
members)
if changes:
ret['comment'] = (
'The following group attributes are set to be changed:\n')
for key, val in changes.items():
ret['comment'] += '{0}: {1}\n'.format(key, val)

if __opts__['test']:
ret['result'] = None
return ret

for key, val in changes.items():
if key == 'gid':
__salt__['group.chgid'](name, gid)
continue
if key == 'addusers':
for user in val:
__salt__['group.adduser'](name, user)
continue
if key == 'delusers':
for user in val:
__salt__['group.deluser'](name, user)
continue
if key == 'members':
__salt__['group.members'](name, ','.join(members))
continue
# Clear cached group data
sys.modules[
__salt__['test.ping'].__module__
].__context__.pop('group.getent', None)
changes = _changes(name,
gid,
addusers,
delusers,
members)
if changes:
ret['result'] = False
ret['comment'] += 'Some changes could not be applied'
ret['changes'] = {'Failed': changes}
else:
ret['changes'] = {'Final': 'All Changed applied successfully'}

if changes is False:
# The group is not present, make it!
if __opts__['test']:
ret['result'] = None
ret['comment'] = 'Group {0} set to be added'.format(name)
return ret

grps = __salt__['group.getent']()
# Test if gid is free
if gid is not None:
gid_group = None
for lgrp in grps:
if lgrp['gid'] == gid:
gid_group = lgrp['name']
break

if gid_group is not None:
ret['result'] = False
ret['comment'] = (
'Group {0} is not present but gid {1} is already taken by'
' group {2}'.format(name, gid, gid_group))
return ret

# Group is not present, make it.
if __salt__['group.add'](name,
gid,
system=system):
# if members to be added
grp_members = None
if members:
grp_members = ','.join(members)
if addusers:
grp_members = ','.join(addusers)
if grp_members:
__salt__['group.members'](name, grp_members)
# Clear cached group data
sys.modules[__salt__['test.ping'].__module__].__context__.pop(
'group.getent', None)
ret['comment'] = 'New group {0} created'.format(name)
ret['changes'] = __salt__['group.info'](name)
changes = _changes(name,
gid,
addusers,
delusers,
members)
if changes:
ret['result'] = False
ret['comment'] = (
'Group {0} has been created but, some changes could not'
' be applied')
ret['changes'] = {'Failed': changes}
else:
ret['result'] = False
ret['comment'] = 'Failed to create new group {0}'.format(name)
return ret

本文出自 “Linux SA John” 博客，请务必保留此出处http://john88wang.blog.51cto.com/2165294/1651278