Browse Source
User publisher_acl setting in salt master config even if used client_acl in
pillar (backwards compatibility)tags/v0.57.0
Vitali Quiering
7 years ago
1 changed files with 6 additions and 6 deletions
+ 6
- 6
salt/files/master.d/f_defaults.conf
View File
| {%- endfor -%} | {%- endfor -%} | ||||
| {% elif 'client_acl' in cfg_master -%} | {% elif 'client_acl' in cfg_master -%} | ||||
| {%- do default_keys.append('client_acl') %} | {%- do default_keys.append('client_acl') %} | ||||
| client_acl: | |||||
| publisher_acl: | |||||
| {%- for name, user in cfg_master['client_acl']|dictsort %} | {%- for name, user in cfg_master['client_acl']|dictsort %} | ||||
| {{ name}}: | {{ name}}: | ||||
| {%- for command in user %} | {%- for command in user %} | ||||
| {%- endfor -%} | {%- endfor -%} | ||||
| {%- endfor -%} | {%- endfor -%} | ||||
| {% elif 'client_acl' in cfg_salt -%} | {% elif 'client_acl' in cfg_salt -%} | ||||
| client_acl: | |||||
| publisher_acl: | |||||
| {%- for name, user in cfg_salt['client_acl']|dictsort %} | {%- for name, user in cfg_salt['client_acl']|dictsort %} | ||||
| {{ name }}: | {{ name }}: | ||||
| {%- for command in user %} | {%- for command in user %} | ||||
| {% endfor %} | {% endfor %} | ||||
| {% elif 'client_acl_blacklist' in cfg_master %} | {% elif 'client_acl_blacklist' in cfg_master %} | ||||
| {%- do default_keys.append('client_acl_blacklist') %} | {%- do default_keys.append('client_acl_blacklist') %} | ||||
| client_acl_blacklist: | |||||
| publisher_acl_blacklist: | |||||
| users: | users: | ||||
| {% for user in cfg_master['client_acl_blacklist'].get('users', []) %} | {% for user in cfg_master['client_acl_blacklist'].get('users', []) %} | ||||
| - {{ user }} | - {{ user }} | ||||
| - {{ mod }} | - {{ mod }} | ||||
| {% endfor %} | {% endfor %} | ||||
| {% elif 'client_acl_blacklist' in cfg_salt %} | {% elif 'client_acl_blacklist' in cfg_salt %} | ||||
| client_acl_blacklist: | |||||
| publisher_acl_blacklist: | |||||
| users: | users: | ||||
| {% for user in cfg_salt['client_acl_blacklist'].get('users', []) %} | {% for user in cfg_salt['client_acl_blacklist'].get('users', []) %} | ||||
| - {{ user }} | - {{ user }} | ||||
| - {{ mod }} | - {{ mod }} | ||||
| {% endfor %} | {% endfor %} | ||||
| {% else %} | {% else %} | ||||
| #client_acl_blacklist: | |||||
| #publisher_acl_blacklist: | |||||
| # users: | # users: | ||||
| # - root | # - root | ||||
| # - '^(?!sudo_).*$' # all non sudo users | # - '^(?!sudo_).*$' # all non sudo users | ||||
| # - cmd | # - cmd | ||||
| {% endif %} | {% endif %} | ||||
| # Enforce client_acl & client_acl_blacklist when users have sudo | |||||
| # Enforce publisher_acl & publisher_acl_blacklist when users have sudo | |||||
| # access to the salt command. | # access to the salt command. | ||||
| {{ get_config('sudo_acl', 'False') }} | {{ get_config('sudo_acl', 'False') }} | ||||
Loading…