facts: server.Groups: go through libnss

This will respect the settings in nsswitch.conf but requires that
'getent' is available.

Author: bauen1

pyinfra/facts/server.py

@@ -391,7 +391,14 @@ class Groups(FactBase[List[str]]):
     """
 
     def command(self):
-        return "cat /etc/group"
+        # getent will return the same output as `cat /etc/groups` but will
+        # respect nsswitch.conf settings, e.g. for using LDAP as additional source
+        # Note, that LDAP e.g. using sssd might be configured to not enumerate
+        # all groups / users, in which case only the local groups will be returned
+        return "getent group"
+
+    def requires_command(self) -> str:
+        return "getent"
 
     default = list
 

tests/facts/server.Groups/groups.json

@@ -1,5 +1,6 @@
 {
-    "command": "cat /etc/group",
+    "command": "getent group",
+    "requires_command": "getent",
     "output": [
         "lpadmin:x:114:vagrant",
         "sambashare:x:115:vagrant",