I currently have a custom module that applies our companies' standard server config across all servers using Hiera. This includes a class called company::sshkeys that has various 'user' resource types (the standard puppet type) defined for all of our admins, for example:
class company::sshkeys {
user { "jane.doe":
ensure => present,
gid => "company",
home => "/home/jane.doe",
managehome => true,
shell => "/bin/bash",
require => Group["company"]
}
}
This is a slight simplification as the same class also includes our SSH public keys hence the name.
I now find myself in the situation where I need to deny access to certain admins on a single server. We use Hiera in our set-up as much as possible and I would like to use Hiera to in the case of a single server tell Puppet to not create certain user accounts. I have tried many ways to do this but I am unsure on how to call the base resource types even though they are embedded in a custom class or even if such a thing is possible.
Any thoughts on the cleanest way to exclude certain users from getting an account?