chef 0.7.16 → 0.8.2

data/lib/chef/provider/service/freebsd.rb

@@ -70,7 +70,6 @@ class Chef
             end
 
             status = popen4(@node[:command][:ps]) do |pid, stdin, stdout, stderr|
-              stdin.close rescue nil
               r = Regexp.new(@new_resource.pattern)
               Chef::Log.debug("#{@new_resource}: attempting to match #{@new_resource.pattern} (#{r}) against process table")
               stdout.each_line do |line|

data/lib/chef/provider/service/simple.rb

@@ -50,14 +50,13 @@ class Chef
               nil
             end
           elsif
-            Chef::Log.warn "#{@new_resource}: falling back to process table inspection"
+            Chef::Log.debug "#{@new_resource}: falling back to process table inspection"
             if @node[:command][:ps].nil? or @node[:command][:ps].empty?
               raise Chef::Exceptions::Service, "#{@new_resource}: could not determine how to inspect the process table, please set this nodes 'command.ps' attribute"
             end
             status = popen4(@node[:command][:ps]) do |pid, stdin, stdout, stderr|
-              stdin.close rescue nil
               r = Regexp.new(@new_resource.pattern)
-              Chef::Log.warn "#{@new_resource}: attempting to match '#{@new_resource.pattern}' (#{r}) against process list"
+              Chef::Log.debug "#{@new_resource}: attempting to match '#{@new_resource.pattern}' (#{r}) against process list"
               stdout.each_line do |line|
                 if r.match(line)
                   @current_resource.running true

data/lib/chef/provider/service/upstart.rb

@@ -0,0 +1,191 @@
+#
+# Author:: Bryan McLellan <btm@loftninjas.org>
+# Copyright:: Copyright (c) 2010 Bryan McLellan
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/provider/service'
+require 'chef/provider/service/simple'
+require 'chef/mixin/command'
+require 'chef/util/file_edit'
+
+class Chef
+  class Provider
+    class Service
+      class Upstart < Chef::Provider::Service::Simple
+       
+        # Upstart does more than start or stop a service, creating multiple 'states' [1] that a service can be in.
+        # In chef, when we ask a service to start, we expect it to have started before performing the next step
+        # since we have top down dependencies. Which is to say we may follow witha resource next that requires
+        # that service to be running. According to [2] we can trust that sending a 'goal' such as start will not
+        # return until that 'goal' is reached, or some error has occured.
+        #
+        # [1] http://upstart.ubuntu.com/wiki/JobStates
+        # [2] http://www.netsplit.com/2008/04/27/upstart-05-events/
+
+        def initialize(node, new_resource, collection=nil, definitions=nil, cookbook_loader=nil)
+          super(node, new_resource, collection, definitions, cookbook_loader)
+
+          platform, version = Chef::Platform.find_platform_and_version(node)
+          case platform
+          when "ubuntu"
+            case version
+            when /8.04/,/8.10/,/9.04/
+              @upstart_job_dir = "/etc/event.d"
+              @upstart_conf_suffix = ""
+            else
+              @upstart_job_dir = "/etc/init"
+              @upstart_conf_suffix = ".conf"
+            end
+          else
+            @upstart_job_dir = "/etc/init"
+            @upstart_conf_suffix = ".conf"
+          end
+        end
+
+        def load_current_resource
+          @current_resource = Chef::Resource::Service.new(@new_resource.name)
+          @current_resource.service_name(@new_resource.service_name)
+
+          # Get running/stopped state
+          # We do not support searching for a service via ps when using upstart since status is a native
+          # upstart function. We will however support status_command in case someone wants to do something special.
+          if @new_resource.status_command
+            Chef::Log.debug("#{@new_resource} you have specified a status command, running..")
+
+            begin
+              if run_command_with_systems_locale(:command => @new_resource.status_command) == 0
+                @current_resource.running true
+              end
+            rescue Chef::Exceptions::Exec
+              @current_resource.running false
+              nil
+            end
+          else
+            begin
+              if upstart_state == "running"
+                @current_resource.running true
+              else
+                @current_resource.running false
+              end
+            rescue Chef::Exceptions::Exec
+              @current_resource.running false
+              nil
+            end
+          end
+
+          # Get enabled/disabled state by reading job configuration file
+          if ::File.exists?("#{@upstart_job_dir}/#{@new_resource.service_name}#{@upstart_conf_suffix}")
+            Chef::Log.debug("#{@new_resource}: found #{@upstart_job_dir}/#{@new_resource.service_name}#{@upstart_conf_suffix}")
+            ::File.open("#{@upstart_job_dir}/#{@new_resource.service_name}#{@upstart_conf_suffix}",'r') do |file|
+              while line = file.gets
+                case line
+                when /^start on/
+                  Chef::Log.debug("#{@new_resource}: enabled: #{line.chomp}")
+                  @current_resource.enabled true
+                  break
+                when /^#start on/
+                  Chef::Log.debug("#{@new_resource}: disabled: #{line.chomp}")
+                  @current_resource.enabled false
+                  break
+                end
+              end
+            end
+          else
+            Chef::Log.debug("#{@new_resource}: did not find #{@upstart_job_dir}/#{@new_resource.service_name}#{@upstart_conf_suffix}")
+            @current_resource.enabled false
+          end
+
+          @current_resource
+        end
+
+        def start_service
+          # Calling start on a service that is already started will return 1
+          # Our 'goal' when we call start is to ensure the service is started
+          if @current_resource.running
+            Chef::Log.debug("#{@new_resource}: Already running, not starting")
+          else
+            if @new_resource.start_command
+              super
+            else
+              run_command_with_systems_locale(:command => "/sbin/start #{@new_resource.service_name}")
+            end
+          end
+        end
+
+        def stop_service
+          # Calling stop on a service that is already stopped will return 1
+          # Our 'goal' when we call stop is to ensure the service is stopped
+          unless @current_resource.running
+            Chef::Log.debug("#{@new_resource}: Not running, not stopping")
+          else
+            if @new_resource.stop_command
+              super
+            else
+              run_command_with_systems_locale(:command => "/sbin/stop #{@new_resource.service_name}")
+            end
+          end
+        end
+
+        def restart_service
+          if @new_resource.restart_command
+            super
+          else
+            run_command_with_systems_locale(:command => "/sbin/restart #{@new_resource.service_name}")
+          end
+        end
+
+        def reload_service
+          if @new_resource.reload_command
+            super
+          else
+            # upstart >= 0.6.3-4 supports reload (HUP)
+            run_command_with_systems_locale(:command => "/sbin/reload #{@new_resource.service_name}")
+          end
+        end
+
+        # https://bugs.launchpad.net/upstart/+bug/94065
+
+        def enable_service
+          Chef::Log.warn("#{@new_resource}: upstart lacks inherent support for enabling services, editing job config file")
+          conf = Chef::Util::FileEdit.new("#{@upstart_job_dir}/#{@new_resource.service_name}#{@upstart_conf_suffix}")
+          conf.search_file_replace(/^#start on/, "start on")
+          conf.write_file
+        end
+
+        def disable_service
+          Chef::Log.warn("#{@new_resource}: upstart lacks inherent support for disabling services, editing job config file")
+          conf = Chef::Util::FileEdit.new("#{@upstart_job_dir}/#{@new_resource.service_name}#{@upstart_conf_suffix}")
+          conf.search_file_replace(/^start on/, "#start on")
+          conf.write_file
+        end
+
+        def upstart_state
+          command = "/sbin/status #{@new_resource.service_name}"
+          status = popen4(command) do |pid, stdin, stdout, stderr|
+            stdout.each do |line|
+              # rsyslog stop/waiting
+              # service goal/state
+              line =~ /\w+ (\w+)\/(\w+)/
+              data = Regexp.last_match
+              return data[2]
+            end
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/chef/provider/subversion.rb

@@ -45,6 +45,11 @@ class Chef
         @new_resource.updated = true
       end
       
+      def action_force_export
+        run_command(run_options(:command => export_command(:force => true)))
+        @new_resource.updated = true
+      end
+      
       def action_sync
         if !::File.exist?(@new_resource.destination + "/.svn") || ::Dir.entries(@new_resource.destination) == ['.','..']
           action_checkout
@@ -65,10 +70,12 @@ class Chef
             "-r#{revision_int}", @new_resource.repository, @new_resource.destination
       end
       
-      def export_command
+      def export_command(opts={})
         Chef::Log.info "exporting #{@new_resource.repository} at revision #{@new_resource.revision} to #{@new_resource.destination}"
-        scm :export, @new_resource.svn_arguments, verbose, authentication,
-            "-r#{revision_int}", @new_resource.repository, @new_resource.destination
+        args = opts[:force] ? ["--force"] : []
+        args << @new_resource.svn_arguments << verbose << authentication <<
+            "-r#{revision_int}" << @new_resource.repository << @new_resource.destination
+        scm :export, *args
       end
       
       # If the specified revision isn't an integer ("HEAD" for example), look
@@ -102,6 +109,7 @@ class Chef
       
       def run_options(run_opts={})
         run_opts[:user] = @new_resource.user if @new_resource.user
+        run_opts[:group] = @new_resource.group if @new_resource.group
         run_opts
       end
       
@@ -122,7 +130,7 @@ class Chef
           # YAML doesn't appreciate input like "svn: '/tmp/deploydir' is not a working copy\n"
           return nil
         end
-        raise "tried to run `#{command}' and got unexpected result #{result.inspect}" unless repo_attrs.kind_of?(Hash)
+        raise "Could not parse `svn info` data: #{svn_info}" unless repo_attrs.kind_of?(Hash)
         rev = (repo_attrs['Last Changed Rev'] || repo_attrs['Revision']).to_s
         Chef::Log.debug "Resolved revision #{@new_resource.revision} to #{rev}"
         rev

data/lib/chef/provider/template.rb

@@ -27,6 +27,7 @@ require 'tempfile'
 
 class Chef
   class Provider
+    
     class Template < Chef::Provider::File
       
       include Chef::Mixin::Checksum
@@ -34,74 +35,25 @@ class Chef
       include Chef::Mixin::FindPreferredFile
       
       def action_create
-        Chef::Log.debug(@node.run_state.inspect)
         raw_template_file = nil
         
-        cookbook_name = @new_resource.cookbook || @new_resource.cookbook_name
-        
         Chef::Log.debug("looking for template #{@new_resource.source} in cookbook #{cookbook_name.inspect}")
         
         cache_file_name = "cookbooks/#{cookbook_name}/templates/default/#{@new_resource.source}"
         template_cache_name = "#{cookbook_name}_#{@new_resource.source}"
         
         if Chef::Config[:solo]
-          filename = find_preferred_file(
-            cookbook_name,
-            :template,
-            @new_resource.source,
-            @node[:fqdn],
-            @node[:platform],
-            @node[:platform_version]
-          )
-          Chef::Log.debug("Using local file for template:#{filename}")
-          cache_file_name = Pathname.new(filename).relative_path_from(Pathname.new(Chef::Config[:file_cache_path])).to_s
-        elsif @node.run_state[:template_cache].has_key?(template_cache_name)
-          Chef::Log.debug("I have already fetched the template for #{@new_resource} once this run, not checking again.")
-          template_updated = false
+          cache_file_name = solo_cache_file_name
         else
-          r = Chef::REST.new(Chef::Config[:template_url])
-          
-          current_checksum = nil
-          
-          if Chef::FileCache.has_key?(cache_file_name)
-            current_checksum = self.checksum(Chef::FileCache.load(cache_file_name, false))
-          else
-            Chef::Log.debug("Template #{@new_resource} is not in the template cache")
-          end
-          
-          template_url = generate_url(
-            @new_resource.source, 
-            "templates",
-            {
-              :checksum => current_checksum
-            }
-          )
-          
-          template_updated = true
-          begin
-            raw_template_file = r.get_rest(template_url, true)
-          rescue Net::HTTPRetriableError => e
-            if e.response.kind_of?(Net::HTTPNotModified)
-              template_updated = false
-              Chef::Log.debug("Cached template for #{@new_resource} is unchanged")
-            else
-              raise e
-            end
-          end
-          
-          # We have checked the cache for this template this run
-          @node.run_state[:template_cache][template_cache_name] = true
+          raw_template_file = fetch_template_via_rest(cache_file_name, template_cache_name)
         end  
         
-        if template_updated
+        if template_updated?
           Chef::Log.debug("Updating template for #{@new_resource} in the cache")
           Chef::FileCache.move_to(raw_template_file.path, cache_file_name)
         end
 
-        context = {}
-        context.merge!(@new_resource.variables)
-        context[:node] = @node
-        template_file = render_template(Chef::FileCache.load(cache_file_name), context)
+        template_file = render_with_context(cache_file_name)
 
         update = false
       
@@ -138,6 +90,86 @@ class Chef
         end
       end
       
+      private
+      
+      def template_updated
+        @template_updated = true
+      end
+      
+      def template_not_updated
+        @template_updated = false
+      end
+      
+      def template_updated?
+        @template_updated
+      end
+      
+      def cookbook_name
+        @cookbook_name = (@new_resource.cookbook || @new_resource.cookbook_name)
+      end
+      
+      def render_with_context(cache_file_name)
+        context = {}
+        context.merge!(@new_resource.variables)
+        context[:node] = @node
+        render_template(Chef::FileCache.load(cache_file_name), context)
+      end
+      
+      def solo_cache_file_name
+        filename = find_preferred_file(
+          cookbook_name,
+          :template,
+          @new_resource.source,
+          @node[:fqdn],
+          @node[:platform],
+          @node[:platform_version]
+        )
+        Chef::Log.debug("Using local file for template:#{filename}")
+        Pathname.new(filename).relative_path_from(Pathname.new(Chef::Config[:file_cache_path])).to_s
+      end
+      
+      def fetch_template_via_rest(cache_file_name, template_cache_name)
+        if @node.run_state[:template_cache].has_key?(template_cache_name)
+          Chef::Log.debug("I have already fetched the template for #{@new_resource} once this run, not checking again.")
+          template_not_updated
+          return false
+        end
+          
+        r = Chef::REST.new(Chef::Config[:template_url])
+        
+        current_checksum = nil
+        
+        if Chef::FileCache.has_key?(cache_file_name)
+          current_checksum = self.checksum(Chef::FileCache.load(cache_file_name, false))
+        else
+          Chef::Log.debug("Template #{@new_resource} is not in the template cache")
+        end
+        
+        template_url = generate_url(
+          @new_resource.source, 
+          "templates",
+          {
+            :checksum => current_checksum
+          }
+        )
+        
+        begin
+          raw_template_file = r.get_rest(template_url, true)
+          template_updated
+        rescue Net::HTTPRetriableError => e
+          if e.response.kind_of?(Net::HTTPNotModified)
+            Chef::Log.debug("Cached template for #{@new_resource} is unchanged")
+          else
+            raise e
+          end
+        end
+        
+        # We have checked the cache for this template this run
+        @node.run_state[:template_cache][template_cache_name] = true
+        
+        raw_template_file
+      end
+      
     end
   end
 end

data/lib/chef/provider/user.rb

@@ -37,7 +37,7 @@ class Chef
   
       def convert_group_name
         if @new_resource.gid.is_a? String
-          @new_resource.gid Etc.getgrnam(@new_resource.gid).gid
+          @new_resource.gid(Etc.getgrnam(@new_resource.gid).gid)
         end
       rescue ArgumentError => e
         raise Chef::Exceptions::User, "Couldn't lookup integer GID for group name #{@new_resource.gid}"

data/lib/chef/provider/user/dscl.rb

@@ -0,0 +1,277 @@
+#
+# Author:: Dreamcat4 (<dreamcat4@gmail.com>)
+# Copyright:: Copyright (c) 2009 OpsCode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/provider/user'
+require 'openssl'
+
+class Chef
+  class Provider
+    class User
+      class Dscl < Chef::Provider::User
+        
+        def dscl(*args)
+          host = "."
+          stdout_result = ""; stderr_result = ""; cmd = "dscl #{host} -#{args.join(' ')}"
+          status = popen4(cmd) do |pid, stdin, stdout, stderr|
+            stdout.each { |line| stdout_result << line }
+            stderr.each { |line| stderr_result << line }
+          end
+          return [cmd, status, stdout_result, stderr_result]
+        end
+
+        def safe_dscl(*args)
+          result = dscl(*args)
+          return "" if ( args.first =~ /^delete/ ) && ( result[1].exitstatus != 0 )
+          raise(Chef::Exceptions::User,"dscl error: #{result.inspect}") unless result[1].exitstatus == 0
+          raise(Chef::Exceptions::User,"dscl error: #{result.inspect}") if result[2] =~ /No such key: /
+          return result[2]
+        end
+
+        # This is handled in providers/group.rb by Etc.getgrnam()
+        # def user_exists?(user)
+        #   users = safe_dscl("list /Users")
+        #   !! ( users =~ Regexp.new("\n#{user}\n") )
+        # end
+
+        # get a free UID greater than 200
+        def get_free_uid(search_limit=1000)
+          uid = nil; next_uid_guess = 200
+          users_uids = safe_dscl("list /Users uid")
+          while(next_uid_guess < search_limit + 200)
+            if users_uids =~ Regexp.new("#{next_uid_guess}\n")
+              next_uid_guess += 1
+            else
+              uid = next_uid_guess
+              break
+            end
+          end
+          return uid || raise("uid not found. Exhausted. Searched #{search_limit} times")
+        end
+
+        def uid_used?(uid)
+          return false unless uid
+          users_uids = safe_dscl("list /Users uid")
+          !! ( users_uids =~ Regexp.new("#{uid}\n") )
+        end
+
+        def set_uid
+          @new_resource.uid(get_free_uid) if [nil,""].include? @new_resource.uid
+          raise(Chef::Exceptions::User,"uid is already in use") if uid_used?(@new_resource.uid)
+          safe_dscl("create /Users/#{@new_resource.username} UniqueID #{@new_resource.uid}")
+        end
+
+        def modify_home
+          return safe_dscl("delete /Users/#{@new_resource.username} NFSHomeDirectory") if (@new_resource.home.nil? || @new_resource.home.empty?)
+          if @new_resource.supports[:manage_home]
+            unless @new_resource.home =~ /^\//
+              raise(Chef::Exceptions::User,"invalid path spec for User: '#{@new_resource.username}', home directory: '#{@new_resource.home}'") 
+            end
+
+            ch_eq_nh = ( @current_resource.home ==  @new_resource.home )
+            cur_home_exists = ::File.exists?("#{@current_resource.home}")
+            new_home_exists = ::File.exists?("#{@new_resource.home}")
+            ditto = false
+            move = false
+            
+            if ch_eq_nh
+              if !new_home_exists
+                ditto = true
+              end
+            else
+              if !cur_home_exists
+                if !new_home_exists
+                  ditto = true
+                end
+              elsif cur_home_exists
+                move = true
+              end
+            end
+
+            if ditto
+              skel = "/System/Library/User Template/English.lproj"
+              raise(Chef::Exceptions::User,"can't find skel at: #{skel}") unless ::File.exists?(skel)
+              run_command(:command => "ditto '#{skel}' '#{@new_resource.home}'")
+              ::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
+            end
+
+            if move
+              src = @current_resource.home
+              FileUtils.mkdir_p(@new_resource.home)
+              files = ::Dir.glob("#{src}/*", ::File::FNM_DOTMATCH) - ["#{src}/.","#{src}/.."]
+              ::FileUtils.mv(files,@new_resource.home, :force => true)
+              ::FileUtils.rmdir(src)
+              ::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
+            end
+          end
+          safe_dscl("create /Users/#{@new_resource.username} NFSHomeDirectory '#{@new_resource.home}'")
+      end
+
+        def osx_shadow_hash?(string)
+          return !! ( string =~ /^[[:xdigit:]]{1240}$/ )
+        end
+
+        def osx_salted_sha1?(string)
+          return !! ( string =~ /^[[:xdigit:]]{48}$/ )
+        end
+
+        def guid
+          safe_dscl("read /Users/#{@new_resource.username} GeneratedUID").gsub(/GeneratedUID: /,"").gsub!(/\n/,"")
+        end
+
+        def shadow_hash_set?
+          if safe_dscl("read /Users/#{@new_resource.username}") =~ /AuthenticationAuthority: /
+            auth_auth = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
+            return !! ( auth_auth =~ /ShadowHash/ )
+          end
+          return false
+        end
+
+        def modify_password
+          if @new_resource.password
+            shadow_hash = nil
+            
+            Chef::Log.debug("#{new_resource}: updating password")
+            if osx_shadow_hash?(@new_resource.password)
+              shadow_hash = @new_resource.password.upcase
+            else
+              salted_sha1 = nil
+              if osx_salted_sha1?(@new_resource.password)
+                salted_sha1 = @new_resource.password.upcase
+              else
+                hex_salt = ""; chars = ("0".."9").to_a + ("a".."f").to_a
+                1.upto(8) { |i| hex_salt << chars[::Kernel.rand(chars.size-1)] }
+                salt = [hex_salt].pack("H*")
+                sha1 = ::OpenSSL::Digest::SHA1.hexdigest(salt+@new_resource.password)
+                salted_sha1 = (hex_salt+sha1).upcase
+              end
+              shadow_hash = String.new("00000000"*155)
+              shadow_hash[168] = salted_sha1
+            end
+            
+            ::File.open("/var/db/shadow/hash/#{guid}",'w',0600) do |output|
+              output.puts shadow_hash
+            end
+            
+            unless shadow_hash_set?
+              safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';ShadowHash;'")
+            end
+          end
+        end
+
+        def load_current_resource
+          super
+          raise Chef::Exceptions::User, "Could not find binary /usr/bin/dscl for #{@new_resource}" unless ::File.exists?("/usr/bin/dscl")
+        end
+
+        def create_user
+          manage_user(false)
+        end
+        
+        def manage_user(manage = true)
+          fields = []
+          if manage
+            [:username,:comment,:uid,:gid,:home,:shell,:password].each do |field|
+              if @current_resource.send(field) != @new_resource.send(field)
+                fields << field if @new_resource.send(field)
+              end
+            end
+            if @new_resource.send(:supports)[:manage_home]
+              fields << :home if @new_resource.send(:home)
+            end
+            fields << :shell if fields.include?(:password)
+          else
+            # create
+            fields = [:username,:comment,:uid,:gid,:home,:shell,:password]
+          end
+          fields.uniq!
+          fields.each do |field|
+            case field
+            when :username
+              safe_dscl("create /Users/#{@new_resource.username}")              
+              
+            when :comment
+              safe_dscl("create /Users/#{@new_resource.username} RealName '#{@new_resource.comment}'")
+
+            when :uid
+              set_uid
+              
+            when :gid
+              safe_dscl("create /Users/#{@new_resource.username} PrimaryGroupID '#{@new_resource.gid}'")
+
+            when :home
+              modify_home
+
+            when :shell
+              if @new_resource.password || ::File.exists?("#{@new_resource.shell}")
+                safe_dscl("create /Users/#{@new_resource.username} UserShell '#{@new_resource.shell}'")
+              else
+                safe_dscl("create /Users/#{@new_resource.username} UserShell '/usr/bin/false'")
+              end
+
+            when :password
+              modify_password
+            end
+          end
+        end
+        
+        def remove_user
+          if @new_resource.supports[:manage_home]
+            # remove home directory
+            if safe_dscl("read /Users/#{@new_resource.username}") =~ /NFSHomeDirectory/
+              nfs_home = safe_dscl("read /Users/#{@new_resource.username} NFSHomeDirectory")
+              nfs_home.gsub!(/NFSHomeDirectory: /,"").gsub!(/\n$/,"")
+              FileUtils.rm_rf(nfs_home)
+            end
+          end
+          # remove the user from its groups
+          groups = []
+          Etc.group do |group|
+            groups << group.name if group.mem.include?(@new_resource.username)
+          end
+          groups.each do |group_name|
+            safe_dscl("delete /Groups/#{group_name} GroupMembership '#{@new_resource.username}'")
+          end
+          # remove user account
+          safe_dscl("delete /Users/#{@new_resource.username}")
+        end
+
+        def locked?
+          if safe_dscl("read /Users/#{@new_resource.username}") =~ /AuthenticationAuthority: /
+            auth_auth = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
+            return !! ( auth_auth =~ /DisabledUser/ )
+          end
+          return false
+        end
+        
+        def check_lock
+          return @locked = locked?
+        end
+
+        def lock_user
+          safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';DisabledUser;'")
+        end
+        
+        def unlock_user
+          auth_auth = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
+          auth_auth.gsub!(/AuthenticationAuthority: /,"").gsub!(/DisabledUser/,"").gsub!(/[; ]*$/,"")
+          safe_dscl("create /Users/#{@new_resource.username} AuthenticationAuthority '#{auth_auth}'")
+        end
+      end
+    end
+  end
+end