From 82489c3fe0b894ac1511430dda0f297c0d986d1a Mon Sep 17 00:00:00 2001
From: James Shubin <james@shubin.ca>
Date: Fri, 7 Feb 2025 18:08:25 -0500
Subject: [PATCH] engine: resources: Add shell field to user resource

---
 engine/resources/user.go | 24 ++++++++++++++++++++++++
 examples/lang/user0.mcl  |  3 +++
 2 files changed, 27 insertions(+)
 create mode 100644 examples/lang/user0.mcl

diff --git a/engine/resources/user.go b/engine/resources/user.go
index 2eb11185..4bcb47e5 100644
--- a/engine/resources/user.go
+++ b/engine/resources/user.go
@@ -77,6 +77,11 @@ type UserRes struct {
 	// HomeDir is the path to the user's home directory.
 	HomeDir *string `lang:"homedir" yaml:"homedir"`
 
+	// Shell is the users login shell. Many options may exist in the
+	// `/etc/shells` file. If you set this, you most likely want to pick
+	// `/bin/bash` or `/usr/sbin/nologin`.
+	Shell *string `lang:"shell" yaml:"shell"`
+
 	// AllowDuplicateUID is needed for a UID to be non-unique. This is rare
 	// but happens if you want more than one username to access the
 	// resources of the same UID. See the --non-unique flag in `useradd`.
@@ -206,6 +211,10 @@ func (obj *UserRes) CheckApply(ctx context.Context, apply bool) (bool, error) {
 	}
 
 	if usercheck := true; exists && obj.State == "exists" {
+		shell, err := util.UserShell(ctx, obj.Name())
+		if err != nil {
+			return false, err
+		}
 		intUID, err := strconv.Atoi(usr.Uid)
 		if err != nil {
 			return false, errwrap.Wrapf(err, "error casting UID to int")
@@ -223,6 +232,9 @@ func (obj *UserRes) CheckApply(ctx context.Context, apply bool) (bool, error) {
 		if obj.HomeDir != nil && *obj.HomeDir != usr.HomeDir {
 			usercheck = false
 		}
+		if obj.Shell != nil && *obj.Shell != shell {
+			usercheck = false
+		}
 		if usercheck {
 			return true, nil
 		}
@@ -260,6 +272,9 @@ func (obj *UserRes) CheckApply(ctx context.Context, apply bool) (bool, error) {
 		if obj.HomeDir != nil {
 			args = append(args, "--home", *obj.HomeDir)
 		}
+		if obj.Shell != nil {
+			args = append(args, "--shell", *obj.Shell)
+		}
 	}
 	if obj.State == "absent" {
 		cmdName = "userdel"
@@ -350,6 +365,15 @@ func (obj *UserRes) Cmp(r engine.Res) error {
 			return fmt.Errorf("the HomeDir differs")
 		}
 	}
+	if (obj.Shell == nil) != (res.Shell == nil) {
+		return fmt.Errorf("the Shell differs")
+	}
+	if obj.Shell != nil && res.Shell != nil {
+		if *obj.Shell != *res.Shell {
+			return fmt.Errorf("the Shell differs")
+		}
+	}
+
 	if obj.AllowDuplicateUID != res.AllowDuplicateUID {
 		return fmt.Errorf("the AllowDuplicateUID differs")
 	}
diff --git a/examples/lang/user0.mcl b/examples/lang/user0.mcl
new file mode 100644
index 00000000..2028f921
--- /dev/null
+++ b/examples/lang/user0.mcl
@@ -0,0 +1,3 @@
+user "mgmttest" {
+	state => "exists",
+}