Add taskd::user type

This type generates (or is supposed to) users/orgs and certificates.
(The latter is still open for implementation.)

Additional fixes:
* Create `orgs` dir for user creation to work.
* Update documentation.
* Move certificates to data directory instead of using /usr.
* Make `cn` optional for server certificate and use FQDN.

CHANGELOG.md

@@ -2,6 +2,22 @@
 
 All notable changes to this project will be documented in this file.
 
+## Release 0.2.0
+
+**Features**
+* Generate user/group objects
+
+**Bugfixes**
+* Ensure the `orgs` dir exists so taskd won't fail.
+* Copy certificates to data directory instead of default location.
+* Made `cn` optional for certificate (uses FQDN).
+* Some documentation.
+
+**Known Issues**
+* Certificates for users aren't yet generated.
+* No unit tests.
+* Still not king.
+
 ## Release 0.1.0
 
 **Features**

README.md

@@ -22,13 +22,31 @@ It will take of installing the software and generating self-signed server-client
 
 ### Beginning with taskd
 
-Simply include the taskd class on whatever node you want it to be set up:
+First, some basic details for certificate generation need to be set (with hiera):
+
+```
+taskd::pki_vars:
+        organization: 'My Cool Org'
+        country: 'DE'
+        state: 'North Rhine-Westphalia'
+        locality: 'Cologne'
+```
+
+Additional variables have defined defaults:
+
+| Variable        | Default value |
+|-----------------|---------------|
+| cn              | `$fqdn`       |
+| bits            | 4096          |
+| expiration_days | 365           |
+
+Then simply include the taskd class on whatever node you want it to be set up:
 
 ```
 include taskd
 ```
 
-This will install taskd, make it listen on the default port (FIXME) on your node's FQDN, and generate the default self-signed certificates.
+This will install taskd, make it listen on the default port (53589) on your node's FQDN, and generate the default self-signed certificates.
 
 ## Usage
 
@@ -51,8 +69,7 @@ Users need a complete list of your module's classes, types, defined types provid
 
 ## Limitations
 
-FIXME
-This is where you list OS compatibility, version compatibility, etc. If there are Known Issues, you might want to include them under their own heading here.
+This module has only been tested (HAHA CHANGE WHEN IT'S TRUE) with Debian `stretch` (9.0). It should work with `jessie` using backports.
 
 ## Development
 

data/common.yaml

@@ -4,3 +4,4 @@ config_file: '/etc/taskd/config'
 pki_vars:
         bits: 4096
         expiration_days: 365
+        cn: "%{::fqdn}"

data/os/Debian.yaml

@@ -1,17 +1,19 @@
 ---
 package_name: 'taskd'
+taskd_executable: '/usr/bin/taskd'
 pki_base_dir: '/usr/share/taskd/pki'
 pki_vars_file: "%{alias('pki_base_dir')}/vars"
 config:
         pid.file: '/run/taskd.pid'
         root: '/var/lib/taskd'
+        server: "%{::fqdn}:53589"
 certificate:
         client:
-                cert: "%{alias('pki_base_dir')}/client.cert.pem"
-                key: "%{alias('pki_base_dir')}/client.key.pem"
+                cert: "%{alias('config.root')}/client.cert.pem"
+                key: "%{alias('config.root')}/client.key.pem"
         server:
-                cert: "%{alias('pki_base_dir')}/server.cert.pem"
-                key: "%{alias('pki_base_dir')}/server.key.pem"
-                crl: "%{alias('pki_base_dir')}/server.crl.pem"
+                cert: "%{alias('config.root')}/server.cert.pem"
+                key: "%{alias('config.root')}/server.key.pem"
+                crl: "%{alias('config.root')}/server.crl.pem"
         ca:
-                cert: "%{alias('pki_base_dir')}/ca.cert.pem"
+                cert: "%{alias('config.root')}/ca.cert.pem"

manifests/init.pp

@@ -12,15 +12,6 @@
   String $service_name,
   String $config_file,
   Hash $config,
-  Struct[{
-    bits            => Optional[Numeric],
-    expiration_days => Optional[Numeric],
-    organization    => String[1],
-    cn              => String[1],
-    country         => String[1],
-    state           => String[1],
-    locality        => String[1],
-  }] $pki_vars,
   Struct[{
     client => {
       cert => String[1],
@@ -37,6 +28,15 @@
   }] $certificate,
   Optional[String] $pki_base_dir,
   Optional[String] $pki_vars_file,
+  Optional[Struct[{
+    bits            => Optional[Numeric],
+    expiration_days => Optional[Numeric],
+    cn              => Optional[String[1]],
+    organization    => String[1],
+    country         => String[1],
+    state           => String[1],
+    locality        => String[1],
+  }]] $pki_vars,
   Boolean $generate_certificates = true,
 ) {
   package { $package_name:
@@ -64,10 +64,27 @@
       path    => [ '/usr/bin', '/usr/sbin', '/bin', '/sbin' ],
       creates => $certificate['server']['cert'],
     }
+    ~> exec { 'Copy certificates to data directory':
+      command     => "cp ${pki_base_dir}/*.pem ${config['root']}",
+      path        => [ '/usr/bin', '/usr/sbin', '/bin', '/sbin' ],
+      refreshonly => true,
+    }
   }
 
+  # Template out configuration file
   file { $config_file:
     ensure  => present,
     content => template('config'),
   }
+
+  # Ensure the taskd root directory exists
+  file { $config['root']:
+    ensure => directory,
+  }
+
+  # Ensure the organization directory exists
+  file { "${config['root']}/orgs":
+    ensure => directory,
+  }
+
 }

manifests/user.pp

@@ -0,0 +1,26 @@
+# taskd::user
+#
+# Generates a new user (certicate).
+#
+# @summary Generates a new user (certicate).
+#
+# @example
+#   taskd::user { 'namevar': }
+define taskd::user(
+  String $user = $name,
+  String $group = $name,
+) {
+  # TODO is there a better way to do this without falling back to ::params?
+  $config = lookup('taskd::config')
+  $taskd_executable = lookup('taskd::taskd_executable')
+
+  exec { 'Create group if necessary':
+    command => "${taskd_executable} --data ${config['root']} add org ${group}",
+    onlyif  => "/usr/bin/test ! -d ${config['root']}/orgs/${group}",
+  }
+
+  exec { 'Create user if necessary':
+    command => "${taskd_executable} --data ${config['root']} add user ${group} ${user}",
+    onlyif  => "/bin/grep -v '^user=${user}$' -r ${config['root']}/orgs/${group}",
+  }
+}

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "towo-taskd",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "author": "Tobias Wolter",
   "summary": "Installs and configures the taskwarrior taskd",
   "license": "Apache-2.0",
@@ -12,13 +12,17 @@
     {
       "operatingsystem": "Debian",
       "operatingsystemrelease": [
-        "8"
+        "9"
       ]
     },
     {
       "operatingsystem": "Ubuntu",
       "operatingsystemrelease": [
-        "16.04"
+        "16.04",
+        "16.10",
+        "17.04",
+        "17.10",
+        "18.04"
       ]
     }
   ],

spec/defines/user_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+
+describe 'taskd::user' do
+  let(:title) { 'namevar' }
+  let(:params) do
+    {}
+  end
+
+  on_supported_os.each do |os, os_facts|
+    context "on #{os}" do
+      let(:facts) { os_facts }
+
+      it { is_expected.to compile }
+    end
+  end
+end