group node['splunk']['user']['username'] do
gid node['splunk']['user']['uid'].to_i
system true if %w(linux).include?(node['os'])
end
user node['splunk']['user']['username'] do
comment node['splunk']['user']['comment']
shell node['splunk']['user']['shell']
gid node['splunk']['user']['username']
uid node['splunk']['user']['uid']
home node['splunk']['user']['home']
system true if %w(linux).include?(node['os'])
end
Not a direct answer to your question , but it made me think of these Splunk Chef Recipes on Github that may come in handy for you : https://github.com/bestbuycom/splunk_cookbook
How depends very much on how you control authentication and authorisation.
If you use some form of network-based authentication/authorisation (LDAP against a slapd server or Microsoft AD, for instance), then you need to target your updates to those services.
How do you go about adding users/roles presently?
If chef can execute scripts on your behalf, there's always splunk add user
from the CLI. When I worked on a Splunk OEM before, that's what we did.
They are currently added manually. We'd like to avoid the LDAP option as we control access to our servers with chef. It would be great if we could control user-creation with Chef. However if Splunk isn't built for it, I'll back off before wasting too much time.