ExternalMirrors
/
users-formula
зеркало из https://github.com/saltstack-formulas/users-formula
Следить 1
В избранное 0
Форкнуть 1
Код Задачи 0 Релизы 13 Вики Активность
Saltstack Official Users Formula
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
95 коммитов
3 Ветки
Дерево: 7aa32881b7
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из '7aa32881b7'
${ noResults }
users-formula/users/init.sls

init.sls 6.0KB
Исходник Normal View История

Add support FreeBSD using map.jinja (Tested on Freebsd10)
10 лет назад
Only include users.sudo when a user with sudouser is declared.
10 лет назад
Initial commit
11 лет назад
New format of user.absent support introduced. Old format still supported.
10 лет назад
possibility to define alternate user`s prime group
11 лет назад
Initial commit
11 лет назад
SLS no longer fails for multiple groups
11 лет назад
Initial commit
11 лет назад
Clean up logic check to remove redundant check.
10 лет назад
Initial commit
11 лет назад
possibility to define alternate user`s prime group
11 лет назад
added option to specify user home directory mode
10 лет назад
Initial commit
11 лет назад
possibility to define alternate user`s prime group
11 лет назад
If createhome is set to false, don't touch the home directory or its permissions.
10 лет назад
Initial commit
11 лет назад
possibility to define alternate user`s prime group
11 лет назад
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 лет назад
possibility to define alternate user`s prime group
11 лет назад
Initial commit
11 лет назад
Change default shell to /bin/csh on FreeBSD This also made it necessary to introduce an additional entry 'shell' into the users lookup table as the formula previously conflated the shell used for running the visudo command and the default shell to be used for user accounts. Fixes: #48
10 лет назад
Initial commit
11 лет назад
possibility to define alternate user`s prime group
11 лет назад
Add Password capabilities
10 лет назад
Allow '!' prefix in password for locked\disabled accounts. Signed-off-by: Tim Jones <me@prototim.com>
10 лет назад
Add Password capabilities
10 лет назад
possibility to define alternate user`s prime group
11 лет назад
Initial commit
11 лет назад
possibility to define alternate user`s prime group
11 лет назад
Initial commit
11 лет назад
possibility to define alternate user`s prime group
11 лет назад
Add 'createhome' option for 'user.present' state
10 лет назад
Add support for setting user expire
10 лет назад
Sorry for the spam, simplify this remove_groups rule a bit
10 лет назад
Initial commit
11 лет назад
possibility to define alternate user`s prime group
11 лет назад
Initial commit
11 лет назад
possibility to define alternate user`s prime group
11 лет назад
Initial commit
11 лет назад
possibility to define alternate user`s prime group
11 лет назад
Initial commit
11 лет назад
Change .ssh permissions to 700
11 лет назад
Initial commit
11 лет назад
possibility to define alternate user`s prime group
11 лет назад
Initial commit
11 лет назад
possibility to define alternate user`s prime group
11 лет назад
Initial commit
11 лет назад
Modified Private Keys and Sudoers Changed Private keys to have content within pillar rather than the salt file repository. Changes sudoers entry to get values from pillar rather than assuming all sudo users want root.
11 лет назад
Add and support ssh_key_type attribute to allow for dsa ssh key pairs
11 лет назад
Initial commit
11 лет назад
Add and support ssh_key_type attribute to allow for dsa ssh key pairs
11 лет назад
Initial commit
11 лет назад
possibility to define alternate user`s prime group
11 лет назад
Initial commit
11 лет назад
Do not echo Public/Private keys to stdout when running the state
10 лет назад
Changed 'contents' to 'contents_pillar' to correctly parse newlines for private/public SSH keys.
11 лет назад
Initial commit
11 лет назад
SLS no longer fails for multiple groups
11 лет назад
Initial commit
11 лет назад
Add and support ssh_key_type attribute to allow for dsa ssh key pairs
11 лет назад
Initial commit
11 лет назад
change pub key to use user_group if you set an alternate prime_group this would break, replaced {{ name }} with {{ user_group }}
11 лет назад
Initial commit
11 лет назад
Do not echo Public/Private keys to stdout when running the state
10 лет назад
Fix pubkey privkey typo Fixes #22
10 лет назад
Initial commit
11 лет назад
SLS no longer fails for multiple groups
11 лет назад
Initial commit
11 лет назад
New format of user.absent support introduced. Old format still supported.
10 лет назад
Initial commit
11 лет назад
added option to remove ssh public keys from auth (ssh_auth.absent)
10 лет назад
Initial commit
11 лет назад
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 лет назад
Only include users.sudo when a user with sudouser is declared.
10 лет назад
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 лет назад
Remove trailing slash from sudoers_dir
10 лет назад
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 лет назад
Add support FreeBSD using map.jinja (Tested on Freebsd10)
10 лет назад
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 лет назад
Check for sudo_rules before text.append state. Since ebe5198f, if a user's pillar dict didn't contain sudo_rules, a broken file.append state would be rendered (since some text is required). With this patch, the file is still created/managed by the previous state, but will be empty by default if created fresh. This seems a more sensible default than assuming a default sudoer policy. Further, since the first word on each rule line should be the user's name, that is now assumed.
11 лет назад
Validate user sudo rules before applying them
10 лет назад
modified visudo to only report change in salt when there is an error.
10 лет назад
Add support FreeBSD using map.jinja (Tested on Freebsd10)
10 лет назад
Validate user sudo rules before applying them
10 лет назад
Remove trailing slash from sudoers_dir
10 лет назад
Validate user sudo rules before applying them
10 лет назад
Remove trailing slash from sudoers_dir
10 лет назад
Overwrite a sudoer file rather than append to fix #21
10 лет назад
Check for sudo_rules before text.append state. Since ebe5198f, if a user's pillar dict didn't contain sudo_rules, a broken file.append state would be rendered (since some text is required). With this patch, the file is still created/managed by the previous state, but will be empty by default if created fresh. This seems a more sensible default than assuming a default sudoer policy. Further, since the first word on each rule line should be the user's name, that is now assumed.
11 лет назад
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 лет назад
Remove trailing slash from sudoers_dir
10 лет назад
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 лет назад
Remove trailing slash from sudoers_dir
10 лет назад
Initial commit
11 лет назад
New format of user.absent support introduced. Old format still supported.
10 лет назад
Remove trailing slash from sudoers_dir
10 лет назад
New format of user.absent support introduced. Old format still supported.
10 лет назад
Remove trailing slash from sudoers_dir
10 лет назад
New format of user.absent support introduced. Old format still supported.
10 лет назад
Initial commit
11 лет назад
Remove trailing slash from sudoers_dir
10 лет назад
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 лет назад
Remove trailing slash from sudoers_dir
10 лет назад
Initial commit
11 лет назад
Add absent_groups pillar to remove groups.
10 лет назад
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222 
  1. # vim: sts=2 ts=2 sw=2 et ai

  2. {% from "users/map.jinja" import users with context %}

  3. {% set used_sudo = False %}

  4. 

  5. {% for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %}

  6. {%- if user == None -%}

  7. {%- set user = {} -%}

  8. {%- endif -%}

  9. {%- set home = user.get('home', "/home/%s" % name) -%}

  10. 

  11. {%- if 'prime_group' in user and 'name' in user['prime_group'] %}

  12. {%- set user_group = user.prime_group.name -%}

  13. {%- else -%}

  14. {%- set user_group = name -%}

  15. {%- endif %}

  16. 

  17. {% for group in user.get('groups', []) %}

  18. {{ name }}_{{ group }}_group:

  19.   group:

  20.     - name: {{ group }}

  21.     - present

  22. {% endfor %}

  23. 

  24. {{ name }}_user:

  25.   {% if user.get('createhome', True) %}

  26.   file.directory:

  27.     - name: {{ home }}

  28.     - user: {{ name }}

  29.     - group: {{ user_group }}

  30.     - mode: {{ user.get('user_dir_mode', '0750') }}

  31.     - require:

  32.       - user: {{ name }}

  33.       - group: {{ user_group }}

  34.   {%- endif %}

  35.   group.present:

  36.     - name: {{ user_group }}

  37.     {%- if 'prime_group' in user and 'gid' in user['prime_group'] %}

  38.     - gid: {{ user['prime_group']['gid'] }}

  39.     {%- elif 'uid' in user %}

  40.     - gid: {{ user['uid'] }}

  41.     {%- endif %}

  42.   user.present:

  43.     - name: {{ name }}

  44.     - home: {{ home }}

  45.     - shell: {{ user.get('shell', users.get('shell', '/bin/bash')) }}

  46.     {% if 'uid' in user -%}

  47.     - uid: {{ user['uid'] }}

  48.     {% endif -%}

  49.     {% if 'password' in user -%}

  50.     - password: '{{ user['password'] }}'

  51.     {% endif -%}

  52.     {% if 'prime_group' in user and 'gid' in user['prime_group'] -%}

  53.     - gid: {{ user['prime_group']['gid'] }}

  54.     {% else -%}

  55.     - gid_from_name: True

  56.     {% endif -%}

  57.     {% if 'fullname' in user %}

  58.     - fullname: {{ user['fullname'] }}

  59.     {% endif -%}

  60.     {% if not user.get('createhome', True) %}

  61.     - createhome: False

  62.     {% endif %}

  63.     {% if 'expire' in user -%}

  64.     - expire: {{ user['expire'] }}

  65.     {% endif -%}

  66.     - remove_groups: {{ user.get('remove_groups', 'False') }}

  67.     - groups:

  68.       - {{ user_group }}

  69.       {% for group in user.get('groups', []) -%}

  70.       - {{ group }}

  71.       {% endfor %}

  72.     - require:

  73.       - group: {{ user_group }}

  74.       {% for group in user.get('groups', []) -%}

  75.       - group: {{ group }}

  76.       {% endfor %}

  77. 

  78. user_keydir_{{ name }}:

  79.   file.directory:

  80.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh

  81.     - user: {{ name }}

  82.     - group: {{ user_group }}

  83.     - makedirs: True

  84.     - mode: 700

  85.     - require:

  86.       - user: {{ name }}

  87.       - group: {{ user_group }}

  88.       {%- for group in user.get('groups', []) %}

  89.       - group: {{ group }}

  90.       {%- endfor %}

  91. 

  92.   {% if 'ssh_keys' in user %}

  93.   {% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %}

  94. user_{{ name }}_private_key:

  95.   file.managed:

  96.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }}

  97.     - user: {{ name }}

  98.     - group: {{ user_group }}

  99.     - mode: 600

  100.     - show_diff: False

  101.     - contents_pillar: users:{{ name }}:ssh_keys:privkey

  102.     - require:

  103.       - user: {{ name }}_user

  104.       {% for group in user.get('groups', []) %}

  105.       - group: {{ name }}_{{ group }}_group

  106.       {% endfor %}

  107. user_{{ name }}_public_key:

  108.   file.managed:

  109.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }}.pub

  110.     - user: {{ name }}

  111.     - group: {{ user_group }}

  112.     - mode: 644

  113.     - show_diff: False

  114.     - contents_pillar: users:{{ name }}:ssh_keys:pubkey

  115.     - require:

  116.       - user: {{ name }}_user

  117.       {% for group in user.get('groups', []) %}

  118.       - group: {{ name }}_{{ group }}_group

  119.       {% endfor %}

  120.   {% endif %}

  121. 

  122. 

  123. {% if 'ssh_auth' in user %}

  124. {% for auth in user['ssh_auth'] %}

  125. ssh_auth_{{ name }}_{{ loop.index0 }}:

  126.   ssh_auth.present:

  127.     - user: {{ name }}

  128.     - name: {{ auth }}

  129.     - require:

  130.         - file: {{ name }}_user

  131.         - user: {{ name }}_user

  132. {% endfor %}

  133. {% endif %}

  134. 

  135. {% if 'ssh_auth.absent' in user %}

  136. {% for auth in user['ssh_auth.absent'] %}

  137. ssh_auth_delete_{{ name }}_{{ loop.index0 }}:

  138.   ssh_auth.absent:

  139.     - user: {{ name }}

  140.     - name: {{ auth }}

  141.     - require:

  142.         - file: {{ name }}_user

  143.         - user: {{ name }}_user

  144. {% endfor %}

  145. {% endif %}

  146. 

  147. {% if 'sudouser' in user and user['sudouser'] %}

  148. {% if not used_sudo %}

  149. {% set used_sudo = True %}

  150. include:

  151.   - users.sudo

  152. {% endif %}

  153. 

  154. sudoer-{{ name }}:

  155.   file.managed:

  156.     - name: {{ users.sudoers_dir }}/{{ name }}

  157.     - user: root

  158.     - group: {{ users.root_group }} 

  159.     - mode: '0440'

  160. {% if 'sudo_rules' in user %}

  161. {% for rule in user['sudo_rules'] %}

  162. "validate {{ name }} sudo rule {{ loop.index0 }} {{ name }} {{ rule }}":

  163.   cmd.run:

  164.     - name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }'

  165.     - stateful: True

  166.     - shell: {{ users.visudo_shell }} 

  167.     - env:

  168.       # Specify the rule via an env var to avoid shell quoting issues.

  169.       - rule: "{{ name }} {{ rule }}"

  170.     - require_in:

  171.       - file: {{ users.sudoers_dir }}/{{ name }}

  172. {% endfor %}

  173. 

  174. {{ users.sudoers_dir }}/{{ name }}:

  175.   file.managed:

  176.     - contents: |

  177.       {%- for rule in user['sudo_rules'] %}

  178.         {{ name }} {{ rule }}

  179.       {%- endfor %}

  180.     - require:

  181.       - file: sudoer-defaults

  182.       - file: sudoer-{{ name }}

  183. {% endif %}

  184. {% else %}

  185. {{ users.sudoers_dir }}/{{ name }}:

  186.   file.absent:

  187.     - name: {{ users.sudoers_dir }}/{{ name }}

  188. {% endif %}

  189. 

  190. {% endfor %}

  191. 

  192. {% for name, user in pillar.get('users', {}).items() if user.absent is defined and user.absent %}

  193. {{ name }}:

  194. {% if 'purge' in user or 'force' in user %}

  195.   user.absent:

  196.     {% if 'purge' in user %}

  197.     - purge: {{ user['purge'] }}

  198.     {% endif %}

  199.     {% if 'force' in user %}

  200.     - force: {{ user['force'] }}

  201.     {% endif %}

  202. {% else %}

  203.   user.absent

  204. {% endif -%}

  205. {{ users.sudoers_dir }}/{{ name }}:

  206.   file.absent:

  207.     - name: {{ users.sudoers_dir }}/{{ name }}

  208. {% endfor %}

  209. 

  210. {% for user in pillar.get('absent_users', []) %}

  211. {{ user }}:

  212.   user.absent

  213. {{ users.sudoers_dir }}/{{ user }}:

  214.   file.absent:

  215.     - name: {{ users.sudoers_dir }}/{{ user }}

  216. {% endfor %}

  217. 

  218. {% for group in pillar.get('absent_groups', []) %}

  219. {{ group }}:

  220.   group.absent

  221. {% endfor %}

  222.