From d8534561ba76db25b6fc0044eb1bfda63686e859 Mon Sep 17 00:00:00 2001
From: Ryan Harper <ryan.harper@canonical.com>
Date: Thu, 1 Sep 2016 15:49:20 -0500
Subject: Add support for snap create-user on Ubuntu Core images.

Ubuntu Core images use the `snap create-user` to add users to an
Ubuntu Core system. Add support for creating snap users by adding
a key to the users dictionary.
  users:
    - name: bob
      snapuser: bob@bobcom.io

Or via the 'snappy' dictionary:
  snappy:
    email: bob@bobcom.io

Users may also create a snap user without contacting the SSO by
providing a 'system-user' assertion by importing them into snapd.

Additionally, Ubuntu Core systems have a read-only /etc/passwd such that
the normal useradd/groupadd commands do not function without an additional
flag, '--extrausers', which redirects the pwd to /var/lib/extrausers.

Move the system_is_snappy() check from cc_snappy module to util for
re-use and then update the Distro class to append '--extrausers' if
the system is Ubuntu Core.
---
 cloudinit/distros/__init__.py | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

(limited to 'cloudinit/distros')

diff --git a/cloudinit/distros/__init__.py b/cloudinit/distros/__init__.py
index 78adf5f9..4a726430 100755
--- a/cloudinit/distros/__init__.py
+++ b/cloudinit/distros/__init__.py
@@ -367,6 +367,9 @@ class Distro(object):
 
         adduser_cmd = ['useradd', name]
         log_adduser_cmd = ['useradd', name]
+        if util.system_is_snappy():
+            adduser_cmd.append('--extrausers')
+            log_adduser_cmd.append('--extrausers')
 
         # Since we are creating users, we want to carefully validate the
         # inputs. If something goes wrong, we can end up with a system
@@ -445,6 +448,32 @@ class Distro(object):
             util.logexc(LOG, "Failed to create user %s", name)
             raise e
 
+    def add_snap_user(self, name, **kwargs):
+        """
+        Add a snappy user to the system using snappy tools
+        """
+
+        snapuser = kwargs.get('snapuser')
+        known = kwargs.get('known', False)
+        adduser_cmd = ["snap", "create-user", "--sudoer", "--json"]
+        if known:
+            adduser_cmd.append("--known")
+        adduser_cmd.append(snapuser)
+
+        # Run the command
+        LOG.debug("Adding snap user %s", name)
+        try:
+            (out, err) = util.subp(adduser_cmd, logstring=adduser_cmd,
+                                   capture=True)
+            LOG.debug("snap create-user returned: %s:%s", out, err)
+            jobj = util.load_json(out)
+            username = jobj.get('username', None)
+        except Exception as e:
+            util.logexc(LOG, "Failed to create snap user %s", name)
+            raise e
+
+        return username
+
     def create_user(self, name, **kwargs):
         """
         Creates users for the system using the GNU passwd tools. This
@@ -452,6 +481,10 @@ class Distro(object):
         distros where useradd is not desirable or not available.
         """
 
+        # Add a snap user, if requested
+        if 'snapuser' in kwargs:
+            return self.add_snap_user(name, **kwargs)
+
         # Add the user
         self.add_user(name, **kwargs)
 
@@ -602,6 +635,8 @@ class Distro(object):
 
     def create_group(self, name, members=None):
         group_add_cmd = ['groupadd', name]
+        if util.system_is_snappy():
+            group_add_cmd.append('--extrausers')
         if not members:
             members = []
 
-- 
cgit v1.2.3