Forge Home

groupmembers

Task allows you to add or remove members to an already existing local windows group

9,498 downloads

2,438 latest version

4.9 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.2.1 (latest)
  • 0.2.0
  • 0.1.1
  • 0.1.0
released Mar 26th 2020
This version is compatible with:
  • Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.7.0 < 6.0.0
Tasks:
  • groupmembers

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'ffalor-groupmembers', '0.2.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add ffalor-groupmembers
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install ffalor-groupmembers --version 0.2.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

ffalor/groupmembers — version 0.2.1 Mar 26th 2020

groupmembers

Build Status Codacy Badge Puppet Forge downloads GitHub issues Puppet Forge feedback score Puppet Forge version Puppet Forge – PDK version

Table of Contents

  1. Description
  2. Requirements
  3. Usage - Configuration options and additional functionality
  4. Development - Guide for contributing to the module

Description

This module includes a puppet task to help manage local groups.

This task can be used to remove or add members to local security groups. Allowing administrators and customers to add and remove multiple users to multiple machines.

This task can be exposed as a service via the puppet task endpoint to allow remote execution and self service access management.

Requirements

PowerShell 5.1 is recommended to ensure full functionality. The task will use net.exe if version 5.1 is not present. See the Limitations section for more information.

This module is compatible with Puppet Enterprise and Puppet Bolt.

  • To run tasks with Puppet Enterprise, PE 2018.1 or later must be installed on the machine from which you are running task commands. Machines receiving task requests must be Puppet agents.
  • To run tasks with Puppet Bolt, Bolt 1.0 or later must be installed on the machine from which you are running task commands. Machines receiving task requests must have SSH or WinRM services enabled.

Usage

Puppet Task and Bolt

To run an groupmembers task, use the task command, specifying the command to be executed.

  • With PE on the command line, run puppet task run groupmembers ensure=<present|absent> group=<groupname> member=<String|Array>.
  • With Bolt on the command line, run bolt task run groupmembers ensure=<present|absent> group=<groupname> member=<String|Array>.

For example, to add a example\jdoe to administrators group, run:

  • With PE, run puppet task run groupmembers ensure=present group=administrators member="example\\jdoe" --nodes saturn.
  • With Bolt, run bolt task run groupmembers ensure=present group=administrators member="example\\jdoe" --nodes saturn.

Puppet Task API

endpoint: https://<puppet>:8143/orchestrator/v1/command/task

method: post

body:

{
  "environment": "production",
  "task": "groupmembers",
  "params": {
    "ensure": "present",
    "group": "Administrators",
    "member": ["example\\jdoe", "example\\dotterman"]
  },
  "description": "Description for task",
  "scope": {
    "nodes": ["saturn.example.com"]
  }
}

You can also run tasks in the PE console. See PE task documentation for complete information.

Limitations

The task will use PowerShell if version 5.1 is present. If not net.exe will be used which has a limitation of not being able to add/remove members with names longer than 20 characters. See this Microsoft Support Doc for more information.

If PowerShell 5.1 is not present, and a member with a name longer than 20 characters is passed the task will skip that member to avoid erroring and to ensure other valid members are added.

Development

Feel free to fork it fix my crappy code and create a PR (: