Overview

This resource allows you to manage user in an WebLogic Security Realm.

Here is an example on how you should use this:

wls_user { 'OracleSystemUser':
  ensure                 => 'present',
  authenticationprovider => 'DefaultAuthenticator',
  description            => 'Oracle application software system user.',
  realm                  => 'myrealm',
}

In this example you are managing a user in the default domain. When you want to manage a user in a specific domain, you can use:

# this will use default as wls_setting identifier
wls_user { 'my_domain/testuser1':
  ensure                 => 'present',
  authenticationprovider => 'DefaultAuthenticator',
  description            => 'testuser1',
  realm                  => 'myrealm',
}

Attributes

Attribute Name Short Description
authenticationprovider The security authentication providers of the domain.
description The user description
   
disable_autorequire Puppet supports automatic ordering of resources by autorequire.
disable_corrective_change Disable the modification of a resource when Puppet decides it is a corrective change.
disable_corrective_ensure Disable the creation or removal of a resource when Puppet decides is a corrective change.
domain With this parameter, you identify the domain, where your objects is in.
ensure The basic property that the resource should be in.
name The name.
password The weblogic artifacts password.
password_reset reset the password for the WebLogic user.
provider resource.
realm The security realm of the domain
   
timeout Timeout for applying a resource.
user_name The user name.

authenticationprovider

The security authentication providers of the domain.

Back to overview of wls_user

description

The user description

Back to overview of wls_user

disable_autorequire

Puppet supports automatic ordering of resources by autorequire. Sometimes, however, this causes issues. Setting this parameter to true, disables autorequiring for this specific resource.

USE WITH CAUTION!!

Here is an example on hopw to use this:

...{'domain_name/...':
  disableautorequire => true,
  ...
}

Back to overview of wls_user

disable_corrective_change

Disable the modification of a resource when Puppet decides it is a corrective change.

(requires easy_type V2.11.0 or higher)

When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.

Using the disable_corrective_change parameter, you can disable corrective changes on the current resource.

Here is an example of this:

crucial_resource {'be_carefull':
  ...
  disable_corrective_change => true,
  ...
}

When a corrective ensure does happen on the resource Puppet will not modify the resource and signal an error:

    Error: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change
    Error: /Stage[main]/Main/Crucial_resource[be_carefull]/parameter: change from '10' to '20' failed: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change. (corrective)

Back to overview of wls_user

disable_corrective_ensure

Disable the creation or removal of a resource when Puppet decides is a corrective change.

(requires easy_type V2.11.0 or higher)

When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.

Using the disable_corrective_ensure parameter, you can disable corrective ensure present or ensure absent actions on the current resource.

Here is an example of this:

crucial_resource {'be_carefull':
  ensure                    => 'present',
  ...
  disable_corrective_ensure => true,
  ...
}

When a corrective ensure does happen on the resource Puppet will not create or remove the resource and signal an error:

    Error: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure.
    Error: /Stage[main]/Main/Crucial_resource[be_carefull]/ensure: change from 'absent' to 'present' failed: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure. (corrective)

Back to overview of wls_user

domain

With this parameter, you identify the domain, where your objects is in.

The domain name is part of the full qualified name of any WebLogic object on a system. Let’s say we want to describe a WebLogic server. The full qualified name is:

wls_server{'domain_name/server_name':
  ensure => present,
  ...
}

When you don’t specify a domain name, Puppet will use default as domain name. For every domain you want to manage, you’ll have to put a wls_settings in your manifest.

Back to overview of wls_user

ensure

The basic property that the resource should be in.

Valid values are present, absent.

Back to overview of wls_user

name

The name.

Back to overview of wls_user

password

The weblogic artifacts password.

Back to overview of wls_user

password_reset

reset the password for the WebLogic user.

Requires wls_config v3.5.2 or higher

In normal cases, the password is used just as a parameter. This means that even when the password in your puppet code is different, Puppet will not manage it. This is because WebLogic does not expose the (encrypted) password, so Puppet cannot manage it.

For some use cases, however, it is required that puppet sets (or reset’s) the password to a specified value. For these use cases, you can use the property password_reset.

There are three ways to use this:

1) Set the value of password_reset to the boolean value true

In this case, the value set as the password will be used to reset the current password.

An example on how to use this:

  wls_user{test_user:
    ensure         => 'present',
    password       => 'verysecret1!',
    password_reset => true,
  }

2) Set the value of password_reset to a string representing the requested new password

In this case, the value of password_reset will be used to reset the current password.

An example on how to use this:

  wls_user{test_user:
    ensure         => 'present',
    password_reset => 'verysecret1!',
  }

3) Set the environment variable WLS_USER_PASSWORD_RESET to true

In this case the value set as password will be used to reset the current password. No need to add the property password_reset to your manifest

An example on how to use this:

  $ export WLS_USER_PASSWORD_RESET=true


  wls_user{test_user:
    ensure         => 'present',
    password       => 'verysecret1!',
  }

The environment variable must be set on the agent (or location where you use$ puppet apply). This use case helps when you want to reset ALL passwords currently set in the puppet manifests, But without changing any of the manifest code.

Back to overview of wls_user

provider

The specific backend to use for this wls_user resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.Available providers are:

simple
Manage users of a WebLogic Security REALM

Back to overview of wls_user

realm

The security realm of the domain

Back to overview of wls_user

timeout

Timeout for applying a resource.

To be sure no Puppet operation, hangs a Puppet daemon, all operations have a timeout. When this timeout expires, Puppet will abort the current operation and signal an error in the Puppet run.

With this parameter, you can specify the length of the timeout. The value is specified in seconds. In this example, the timeout is set to 600 seconds.

wls_server{'my_server':
  ...
  timeout => 600,
}

The default value for timeout is 120 seconds.

Back to overview of wls_user

user_name

The user name.

Back to overview of wls_user