Users are a great example of a resource that may need to be realized by multiple classes. Consider the following situation. To simplify the administration of a large number of machines, you defined classes for two kinds of user: developers
and sysadmins
. All machines need to include sysadmins
, but only some machines need access to developers:
node 'server' { include user::sysadmins } node 'webserver' { include user::sysadmins include user::developers }
However, some users may be members of both groups. If each group simply declares its members as regular user resources, this will lead to a conflict when a node includes both developers and sysadmins
, as in the webserver example.
To avoid this conflict, a common pattern is to make all users virtual resources, defined in a single user::virtual
class that every machine includes, and then realize the users where they are needed. This way, there will be no conflict if a user is a member of multiple groups...