groupmembers

Table of Contents

1. Description
2. Requirements
3. Usage - Configuration options and additional functionality
   • Puppet Tasks and Bolt
   • Puppet Task API
4. Development - Guide for contributing to the module

Description

This module includes a puppet task to help manage local groups.

This task can be used to remove or add members to local security groups. Allowing administrators and customers to add and remove multiple users to multiple machines.

This task can be exposed as a service via the puppet task endpoint to allow remote execution and self service access management.

Requirements

PowerShell 5.1 is recommended to ensure full functionality. The task will use net.exe if version 5.1 is not present. See the Limitations section for more information.

This module is compatible with Puppet Enterprise and Puppet Bolt.

• To run tasks with Puppet Enterprise, PE 2018.1 or later must be installed on the machine from which you are running task commands. Machines receiving task requests must be Puppet agents.
• To run tasks with Puppet Bolt, Bolt 1.0 or later must be installed on the machine from which you are running task commands. Machines receiving task requests must have SSH or WinRM services enabled.

Usage

Puppet Task and Bolt

To run an groupmembers task, use the task command, specifying the command to be executed.

• With PE on the command line, run puppet task run groupmembers ensure=<present|absent> group=<groupname> member=<String|Array>.
• With Bolt on the command line, run bolt task run groupmembers ensure=<present|absent> group=<groupname> member=<String|Array>.

For example, to add a example\jdoe to administrators group, run:

• With PE, run puppet task run groupmembers ensure=present group=administrators member="example\\jdoe" --nodes saturn.
• With Bolt, run bolt task run groupmembers ensure=present group=administrators member="example\\jdoe" --nodes saturn.

Puppet Task API

endpoint: https://<puppet>:8143/orchestrator/v1/command/task

method: post

body:

{
  "environment": "production",
  "task": "groupmembers",
  "params": {
    "ensure": "present",
    "group": "Administrators",
    "member": ["example\\jdoe", "example\\dotterman"]
  },
  "description": "Description for task",
  "scope": {
    "nodes": ["saturn.example.com"]
  }
}

You can also run tasks in the PE console. See PE task documentation for complete information.

Limitations

The task will use PowerShell if version 5.1 is present. If not net.exe will be used which has a limitation of not being able to add/remove members with names longer than 20 characters. See this Microsoft Support Doc for more information.

If PowerShell 5.1 is not present, and a member with a name longer than 20 characters is passed the task will skip that member to avoid erroring and to ensure other valid members are added.

Development

Feel free to fork it fix my crappy code and create a PR (:

Changelog

All notable changes to this project will be documented in this file.

Unreleased

Release 0.2.1 - 2020-3-26

Changed

• Fixed exception check to prevent failures
• Fixed CHANGELOG typos.
• Updated readme to be more clear.
• Updated tags to increase Puppet quality score.
• Changed Write-Host to Write-Output becasue of a codacy policy

Release 0.2.0 - 2019-4-9

Added

• Member names longer than 20 characters can now be added if PowerShell 5.1 is present.
• If a member is passed with a name longer than 20 characters and PowerShell 5.1 is not present they will be skipped instead of erroring out.
• Members that are skipped will show up in a new JSON value.

Changed

• Updated success output to show as correct JSON.
• Updated readme to reflect new requirements.
• Updated readme to reflect new limitations.
• Changed CHANGELOG to a new format.

Release 0.1.1 - 2019-4-5

Changed

• Removed references to unused variables.

Release 0.1.0 - 2019-4-5

Added

• Groupmembers task initial release.