disable removing home by default (#84)

deric · Oct 30, 2019 · 28f013e · 28f013e
1 parent 63fcea0
commit 28f013e
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 1 deletion.
diff --git a/manifests/user.pp b/manifests/user.pp
@@ -19,6 +19,7 @@
 #
 #  * [allowdupe] - Whether to allow duplicate UIDs. Defaults to false.
 #  * [comment] - A description of the user. Generally the user's full name.
+#  * [destroy_home_on_remove] rm -rf on `$home` directory will be executed upon removal (default: `false`)
 #  * [uid] - Force User ID (in Linux)
 #  * [gid] - Force Group ID
 #  * [manage_group] - Whether primary group with the same name as
@@ -62,6 +63,7 @@
   Boolean                            $recurse_permissions = false,
   Optional[Stdlib::Absolutepath]     $authorized_keys_file = undef,
   Boolean                            $force_removal = true,
+  Boolean                            $destroy_home_on_remove = false,
   Boolean                            $populate_home = false,
   String                             $home_directory_contents = 'puppet:///modules/accounts',
   Optional[Integer]                  $password_max_age = undef,
@@ -138,7 +140,7 @@
 
   case $ensure {
     'absent': {
-      if $managehome == true {
+      if $managehome == true and $destroy_home_on_remove == true {
         exec { "rm -rf ${home_dir}":
           path   => [ '/bin', '/usr/bin' ],
           onlyif => "test -d ${home_dir}",

diff --git a/spec/defines/user_spec.rb b/spec/defines/user_spec.rb
@@ -178,6 +178,7 @@
       )
     }
 
+    it { is_expected.not_to contain_exec('rm -rf /home/mickey')}
     it { is_expected.to contain_exec('killproc mickey')}
     it { is_expected.to contain_anchor('accounts::user::remove_mickey')}
 
@@ -188,6 +189,36 @@
     }
   end
 
+
+  context 'destroy home dir with user\'s account' do
+    let(:title) { 'trudy' }
+
+    let(:params) do
+      {
+        managehome: true,
+        manage_group: true,
+        ensure: 'absent',
+        destroy_home_on_remove: true,
+      }
+    end
+
+    it {
+      is_expected.to contain_user('trudy').with(
+        'ensure' => 'absent'
+      )
+    }
+
+    it { is_expected.to contain_exec('rm -rf /home/trudy')}
+    it { is_expected.to contain_exec('killproc trudy')}
+    it { is_expected.to contain_anchor('accounts::user::remove_trudy')}
+
+    it {
+      is_expected.to contain_group('trudy').with(
+        'ensure' => 'absent'
+      )
+    }
+  end
+
   context 'remove group with user\'s account without killing his processes' do
     let(:title) { 'mickey' }