Add flags to create local users and groups

changelog/64256.added.md

@@ -0,0 +1 @@
+Added flags to create local users and groups

salt/modules/groupadd.py

@@ -48,11 +48,11 @@ def _which(cmd):
     """
     _cmd = salt.utils.path.which(cmd)
     if not _cmd:
-        raise CommandExecutionError("Command '{}' cannot be found".format(cmd))
+        raise CommandExecutionError(f"Command '{cmd}' cannot be found")
     return _cmd
 
 
-def add(name, gid=None, system=False, root=None, non_unique=False):
+def add(name, gid=None, system=False, root=None, non_unique=False, local=False):
     """
     .. versionchanged:: 3006.0
 
@@ -75,21 +75,26 @@ def add(name, gid=None, system=False, root=None, non_unique=False):
 
         .. versionadded:: 3006.0
 
+    local
+        Specifically add the group locally rather than through remote providers (e.g. LDAP)
+
+        .. versionadded:: 3007.0
+
     CLI Example:
 
     .. code-block:: bash
 
         salt '*' group.add foo 3456
     """
-    cmd = [_which("groupadd")]
+    cmd = [_which("lgroupadd" if local else "groupadd")]
     if gid:
-        cmd.append("-g {}".format(gid))
-        if non_unique:
+        cmd.append(f"-g {gid}")
+        if non_unique and not local:
             cmd.append("-o")
     if system and __grains__["kernel"] != "OpenBSD":
         cmd.append("-r")
 
-    if root is not None:
+    if root is not None and not local:
         cmd.extend(("-R", root))
 
     cmd.append(name)
@@ -99,7 +104,7 @@ def add(name, gid=None, system=False, root=None, non_unique=False):
     return not ret["retcode"]
 
 
-def delete(name, root=None):
+def delete(name, root=None, local=False):
     """
     Remove the named group
 
@@ -109,15 +114,21 @@ def delete(name, root=None):
     root
         Directory to chroot into
 
+    local (Only on systems with lgroupdel available):
+        Ensure the group account is removed locally ignoring global
+        account management (default is False).
+
+        .. versionadded:: 3007.0
+
     CLI Example:
 
     .. code-block:: bash
 
         salt '*' group.delete foo
     """
-    cmd = [_which("groupdel")]
+    cmd = [_which("lgroupdel" if local else "groupdel")]
 
-    if root is not None:
+    if root is not None and not local:
         cmd.extend(("-R", root))
 
     cmd.append(name)
@@ -349,11 +360,11 @@ def deluser(name, username, root=None):
                 retcode = __salt__["cmd.retcode"](cmd, python_shell=False)
             elif __grains__["kernel"] == "OpenBSD":
                 out = __salt__["cmd.run_stdout"](
-                    "id -Gn {}".format(username), python_shell=False
+                    f"id -Gn {username}", python_shell=False
                 )
                 cmd = [_which("usermod"), "-S"]
                 cmd.append(",".join([g for g in out.split() if g != str(name)]))
-                cmd.append("{}".format(username))
+                cmd.append(f"{username}")
                 retcode = __salt__["cmd.retcode"](cmd, python_shell=False)
             else:
                 log.error("group.deluser is not yet supported on this platform")
@@ -459,7 +470,7 @@ def _getgrnam(name, root=None):
                 comps[2] = int(comps[2])
                 comps[3] = comps[3].split(",") if comps[3] else []
                 return grp.struct_group(comps)
-    raise KeyError("getgrnam(): name not found: {}".format(name))
+    raise KeyError(f"getgrnam(): name not found: {name}")
 
 
 def _getgrall(root=None):

salt/modules/useradd.py

@@ -106,7 +106,7 @@ def _which(cmd):
     """
     _cmd = salt.utils.path.which(cmd)
     if not _cmd:
-        raise CommandExecutionError("Command '{}' cannot be found".format(cmd))
+        raise CommandExecutionError(f"Command '{cmd}' cannot be found")
     return _cmd
 
 
@@ -157,6 +157,7 @@ def add(
     nologinit=False,
     root=None,
     usergroup=None,
+    local=False,
 ):
     """
     Add a user to the minion
@@ -215,13 +216,18 @@ def add(
     usergroup
         Create and add the user to a new primary group of the same name
 
+    local (Only on systems with luseradd available)
+        Specifically add the user locally rather than possibly through remote providers (e.g. LDAP)
+
+        .. versionadded:: 3007.0
+
     CLI Example:
 
     .. code-block:: bash
 
         salt '*' user.add name <uid> <gid> <groups> <home> <shell>
     """
-    cmd = [_which("useradd")]
+    cmd = [_which("luseradd" if local else "useradd")]
 
     if shell:
         cmd.extend(["-s", shell])
@@ -230,9 +236,10 @@ def add(
     if gid not in (None, ""):
         cmd.extend(["-g", gid])
     elif usergroup:
-        cmd.append("-U")
-        if __grains__["kernel"] != "Linux":
-            log.warning("'usergroup' is only supported on GNU/Linux hosts.")
+        if not local:
+            cmd.append("-U")
+            if __grains__["kernel"] != "Linux":
+                log.warning("'usergroup' is only supported on GNU/Linux hosts.")
     elif groups is not None and name in groups:
         defs_file = "/etc/login.defs"
         if __grains__["kernel"] != "OpenBSD":
@@ -269,14 +276,15 @@ def add(
                 # /etc/usermgmt.conf not present: defaults will be used
                 pass
 
-    # Setting usergroup to False adds the -N command argument. If
+    # Setting usergroup to False adds a command argument. If
     # usergroup is None, no arguments are added to allow useradd to go
     # with the defaults defined for the OS.
     if usergroup is False:
-        cmd.append("-N")
+        cmd.append("-n" if local else "-N")
 
     if createhome:
-        cmd.append("-m")
+        if not local:
+            cmd.append("-m")
     elif __grains__["kernel"] != "NetBSD" and __grains__["kernel"] != "OpenBSD":
         cmd.append("-M")
 
@@ -302,7 +310,7 @@ def add(
 
     cmd.append(name)
 
-    if root is not None and __grains__["kernel"] != "AIX":
+    if root is not None and not local and __grains__["kernel"] != "AIX":
         cmd.extend(("-R", root))
 
     ret = __salt__["cmd.run_all"](cmd, python_shell=False)
@@ -333,7 +341,7 @@ def add(
     return True
 
 
-def delete(name, remove=False, force=False, root=None):
+def delete(name, remove=False, force=False, root=None, local=False):
     """
     Remove a user from the minion
 
@@ -349,23 +357,34 @@ def delete(name, remove=False, force=False, root=None):
     root
         Directory to chroot into
 
+    local (Only on systems with luserdel available):
+        Ensure the user account is removed locally ignoring global
+        account management (default is False).
+
+        .. versionadded:: 3007.0
+
     CLI Example:
 
     .. code-block:: bash
 
         salt '*' user.delete name remove=True force=True
     """
-    cmd = [_which("userdel")]
+    cmd = [_which("luserdel" if local else "userdel")]
 
     if remove:
         cmd.append("-r")
 
-    if force and __grains__["kernel"] != "OpenBSD" and __grains__["kernel"] != "AIX":
+    if (
+        force
+        and __grains__["kernel"] != "OpenBSD"
+        and __grains__["kernel"] != "AIX"
+        and not local
+    ):
         cmd.append("-f")
 
     cmd.append(name)
 
-    if root is not None and __grains__["kernel"] != "AIX":
+    if root is not None and __grains__["kernel"] != "AIX" and not local:
         cmd.extend(("-R", root))
 
     ret = __salt__["cmd.run_all"](cmd, python_shell=False)
@@ -429,7 +448,7 @@ def _chattrib(name, key, value, param, persist=False, root=None):
     """
     pre_info = info(name, root=root)
     if not pre_info:
-        raise CommandExecutionError("User '{}' does not exist".format(name))
+        raise CommandExecutionError(f"User '{name}' does not exist")
 
     if value == pre_info[key]:
         return True
@@ -911,7 +930,7 @@ def rename(name, new_name, root=None):
         salt '*' user.rename name new_name
     """
     if info(new_name, root=root):
-        raise CommandExecutionError("User '{}' already exists".format(new_name))
+        raise CommandExecutionError(f"User '{new_name}' already exists")
 
     return _chattrib(name, "name", new_name, "-l", root=root)