From ba678311b1531fea33e9d588a0174ab28d69693b Mon Sep 17 00:00:00 2001
From: Thomas Bellman <bellman@nsc.liu.se>
Date: Mon, 18 Mar 2024 14:03:05 +0100
Subject: [PATCH] useraccount: Handle "-*" in groups parameter.

Allow specifying "-*" as an element in the groups parameter of the
usermgmt::useraccount definition, to remove the user from all groups
listed in $usermgmt::config::default_groups.
---
 manifests/useraccount.pp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/manifests/useraccount.pp b/manifests/useraccount.pp
index bca6086..4b7fa9b 100644
--- a/manifests/useraccount.pp
+++ b/manifests/useraccount.pp
@@ -1,4 +1,4 @@
-# Copyright (C) 2009-2020  Thomas Bellman, NSC, Linköping University.
+# Copyright (C) 2009-2024  Thomas Bellman, NSC, Linköping University.
 # Licensed under the GNU LGPL v3+; see the README file for more information.
 
 
@@ -53,6 +53,7 @@
  *		groups in $usermgmt::config::default_groups.  An entry on
  *		the form "-group" will however cancel the effect of that
  *		group being listed in $usermgmt::config::default_groups.
+ *		"-*" cancels all groups listed in default_groups.
  *
  *		A group can also be a "virtual group", on the format "#name".
  *		Such pseudo-groups will only be used for determining if the
@@ -122,7 +123,10 @@ define usermgmt::useraccount(
 	    '<%= defaultgroups = scope.lookupvar("usermgmt::config::default_groups")
 	     rej = []; ok = []
 	     @groups.each {|g|
-		 if g =~ /^-(.*)/ then rej << $1; else ok << g; end
+		 if g == "-*" then rej += defaultgroups;
+		 elsif g =~ /^-(.*)/ then rej << $1;
+		 else ok << g;
+		 end
 	     }
 	     ((defaultgroups - rej) + ok).uniq.join(":") -%>'),
 	':')
-- 
GitLab