Managing users with virtual resources
Users are a great example of a resource which may need to be realized by multiple classes. Consider the following situation. To simplify administration of a large number of machines, you have defined classes for two kinds of users: developers and sysadmins. All machines need to include sysadmins, but only some machines need developer access.
node 'server' {
include user::sysadmins
}
node 'webserver' inherits 'server' {
include user::developers
}But some users may be members of both groups. If each group simply declares its members as regular user resources, this will lead to a conflict when a node includes both developers and sysadmins, as in the webserver example.
To avoid this conflict, a common pattern is to make all users virtual resources, defined in a single class user::virtual that every machine includes, and then realizing the users where they are needed. This way, there will be no conflict if a user is a member of multiple groups.
