From 24b25b3f46201f1d1704b91f08005d5f896c20bf Mon Sep 17 00:00:00 2001
From: Dieter Maes <dmaes@inuits.eu>
Date: Thu, 13 Mar 2025 14:46:10 +0100
Subject: [PATCH 1/2] Add $manage_user and $manage_group options

---
 manifests/config.pp | 28 ++++++++++++++++------------
 manifests/init.pp   |  6 ++++++
 2 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/manifests/config.pp b/manifests/config.pp
index 68b414202..4a4889012 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -38,18 +38,22 @@
     $puppet_groups = []
   }
 
-  user { $foreman_proxy::user:
-    ensure  => 'present',
-    shell   => $foreman_proxy::shell,
-    comment => 'Foreman Proxy daemon user',
-    gid     => $foreman_proxy::group,
-    groups  => $foreman_proxy::groups + $dns_groups + $puppet_groups,
-    home    => $foreman_proxy::dir,
-    system  => true,
-  }
-
-  group { $foreman_proxy::group:
-    system => true,
+  if $foreman_proxy::manage_user {
+    user { $foreman_proxy::user:
+      ensure  => 'present',
+      shell   => $foreman_proxy::shell,
+      comment => 'Foreman Proxy daemon user',
+      gid     => $foreman_proxy::group,
+      groups  => $foreman_proxy::groups + $dns_groups + $puppet_groups,
+      home    => $foreman_proxy::dir,
+      system  => true,
+    }
+  }
+
+  if $foreman_proxy::manage_group {
+    group { $foreman_proxy::group:
+      system => true,
+    }
   }
 
   # Provided by packaging, defined here to allow autorequire for files
diff --git a/manifests/init.pp b/manifests/init.pp
index 3d0fb244b..babe6a9bc 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -17,6 +17,10 @@
 #
 # $ssl_port::                   HTTPS port to listen on (if ssl is enabled)
 #
+# $manage_user::                Manage to foreman-proxy user
+#
+# $manage_group::               Manage to foreman-proxy group
+#
 # $groups::                     Array of additional groups for the foreman proxy user
 #
 # $log::                        Foreman proxy log file, 'STDOUT', 'SYSLOG' or 'JOURNAL'
@@ -289,6 +293,8 @@
   Variant[Array[String], String] $bind_host = ['*'],
   Stdlib::Port $http_port = 8000,
   Stdlib::Port $ssl_port = 8443,
+  Boolean $manage_user = true,
+  Boolean $manage_group = true,
   Array[String] $groups = [],
   Variant[Enum['STDOUT', 'SYSLOG', 'JOURNAL'], Stdlib::Absolutepath] $log = '/var/log/foreman-proxy/proxy.log',
   Enum['WARN', 'DEBUG', 'ERROR', 'FATAL', 'INFO', 'UNKNOWN'] $log_level = 'INFO',

From 4f9330956ed9aa7af9c13f773e881f7651e0fcd9 Mon Sep 17 00:00:00 2001
From: Dieter Maes <dmaes@inuits.eu>
Date: Thu, 13 Mar 2025 14:53:06 +0100
Subject: [PATCH 2/2] add tests

---
 spec/classes/foreman_proxy__spec.rb | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/spec/classes/foreman_proxy__spec.rb b/spec/classes/foreman_proxy__spec.rb
index 628242ba9..fbf72ad8b 100644
--- a/spec/classes/foreman_proxy__spec.rb
+++ b/spec/classes/foreman_proxy__spec.rb
@@ -1047,6 +1047,18 @@ class { 'foreman_proxy::globals':
 
         it { should contain_user("#{proxy_user_name}").with_shell('/dne/foo') }
       end
+
+      context 'with manage_user and manage_group disabled' do
+        let(:params) do
+          super().merge(
+            manage_user: false,
+            manage_group: false
+          )
+        end
+
+        it { should_not contain_user("#{proxy_user_name}") }
+        it { should_not contain_group("#{proxy_user_name}") }
+      end
     end
   end
 end