Browse Source

Support publisher_acl minion-level commands

tags/v0.57.0
Alexandre Anriot 6 years ago
parent
commit
3e6e6028ae
1 changed files with 31 additions and 11 deletions
  1. +31
    -11
      salt/files/master.d/f_defaults.conf

+ 31
- 11
salt/files/master.d/f_defaults.conf View File

# This setting should be treated with care since it opens up execution # This setting should be treated with care since it opens up execution
# capabilities to non root users. By default this capability is completely # capabilities to non root users. By default this capability is completely
# disabled. # disabled.
#publisher_acl:
# larry:
# - test.ping
# - network.*
# - '*':
# - pkg.*
#
{% if 'publisher_acl' in cfg_master -%} {% if 'publisher_acl' in cfg_master -%}
{%- do default_keys.append('publisher_acl') %} {%- do default_keys.append('publisher_acl') %}
publisher_acl: publisher_acl:
{%- for name, user in cfg_master['publisher_acl']|dictsort %}
{{ name}}:
{%- for command in user %}
{%- for user, commands in cfg_master['publisher_acl']|dictsort %}
{{ user }}:
{%- for command in commands %}
{%- if command is mapping %}
{%- for target, targetcommands in command.items() %}
- {% raw %}'{% endraw %}{{ target }}{% raw %}'{% endraw %}:
{%- for targetcommand in targetcommands %}
- {% raw %}'{% endraw %}{{ targetcommand }}{% raw %}'{% endraw %}
{%- endfor -%}
{%- endfor -%}
{%- else %}
- {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %} - {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %}
{%- endif %}
{%- endfor -%} {%- endfor -%}
{%- endfor -%} {%- endfor -%}
{% elif 'publisher_acl' in cfg_salt -%} {% elif 'publisher_acl' in cfg_salt -%}
publisher_acl: publisher_acl:
{%- for name, user in cfg_salt['publisher_acl']|dictsort %}
{{ name }}:
{%- for command in user %}
{%- for user, commands in cfg_salt['publisher_acl']|dictsort %}
{{ user }}:
{%- for command in commands %}
{%- if command is mapping %}
{%- for target, targetcommands in command.items() %}
- {% raw %}'{% endraw %}{{ target }}{% raw %}'{% endraw %}:
{%- for targetcommand in targetcommands %}
- {% raw %}'{% endraw %}{{ targetcommand }}{% raw %}'{% endraw %}
{%- endfor -%}
{%- endfor -%}
{%- else %}
- {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %} - {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %}
{%- endif %}
{%- endfor -%} {%- endfor -%}
{%- endfor -%} {%- endfor -%}
{% elif 'client_acl' in cfg_master -%} {% elif 'client_acl' in cfg_master -%}
{%- endfor -%} {%- endfor -%}
{%- endfor -%} {%- endfor -%}
{% else -%} {% else -%}
#publisher_acl:
# larry:
# - test.ping
# - network.*
#
{%- endif %} {%- endif %}


# Blacklist any of the following users or modules # Blacklist any of the following users or modules

Loading…
Cancel
Save