Question

 I am not sure of how to effectively manage the codebase when it comes to removing them. Say I have a user resource:

user 'jane' do
  action :create
end

This will create Jane's user, but what if Jane leaves the company? If I understand how the resource works, I can't just remove these lines from the recipe - I'd have to change the block to:

user 'jane' do
  action :remove
end

 It seems like I'd have to remember to go in and change this block, then go in and remove this code once the recipe has been used on all relevant nodes, since once the user is gone the code isn't doing anything.

What's more, if I have a loop like this:

node['users'].each do |name|
  user name do 
    action :create
  end
end

I would have to split individual users' names out of the attribute and add their own block to the recipe to remove them, then remember to remove that block once all nodes have converged.

Is there any other way which is better to manage user resources?

Can anyone help me with this query?

Thanks

Answer 1

No, I don't think this will prove to be sustainable eventually. Any place big enough to worry about user turnover should already have switched to LDAP for centralized user management. LDAP is the best option we have still now. Usually this also goes hand-in-hand with an Active Directory server for other things and gets used on the side for Unix user management.

I hope the above explanation will help you resolve your query.

Thanks.