Browse Source

Merge branch 'master' of https://github.com/saltstack-formulas/users-formula into macos

tags/v0.45.0
N 5 years ago
parent
commit
69c65174f1
No account linked to committer's email address
4 changed files with 47 additions and 3 deletions
  1. +2
    -0
      pillar.example
  2. +8
    -1
      users/init.sls
  3. +6
    -2
      users/map.jinja
  4. +31
    -0
      users/polkit.sls

+ 2
- 0
pillar.example View File

- ALL=(otheruser) /usr/bin/script.sh - ALL=(otheruser) /usr/bin/script.sh
sudo_defaults: sudo_defaults:
- '!requiretty' - '!requiretty'
# enable polkitadmin to make user an AdminIdentity for polkit
polkitadmin: True
shell: /bin/bash shell: /bin/bash
remove_groups: False remove_groups: False
prime_group: prime_group:

+ 8
- 1
users/init.sls View File

{% set used_sudo = [] %} {% set used_sudo = [] %}
{% set used_googleauth = [] %} {% set used_googleauth = [] %}
{% set used_user_files = [] %} {% set used_user_files = [] %}
{% set used_polkit = [] %}


{% for group, setting in salt['pillar.get']('groups', {}).items() %} {% for group, setting in salt['pillar.get']('groups', {}).items() %}
{% if setting.absent is defined and setting.absent or setting.get('state', "present") == 'absent' %} {% if setting.absent is defined and setting.absent or setting.get('state', "present") == 'absent' %}
{%- if salt['pillar.get']('users:' ~ name ~ ':user_files:enabled', False) %} {%- if salt['pillar.get']('users:' ~ name ~ ':user_files:enabled', False) %}
{%- do used_user_files.append(1) %} {%- do used_user_files.append(1) %}
{%- endif %} {%- endif %}
{%- if user.get('polkitadmin', False) == True %}
{%- do used_polkit.append(1) %}
{%- endif %}
{%- endfor %} {%- endfor %}


{%- if used_sudo or used_googleauth or used_user_files %}
{%- if used_sudo or used_googleauth or used_user_files or used_polkit %}
include: include:
{%- if used_sudo %} {%- if used_sudo %}
- users.sudo - users.sudo
{%- if used_user_files %} {%- if used_user_files %}
- users.user_files - users.user_files
{%- endif %} {%- endif %}
{%- if used_polkit %}
- users.polkit
{%- endif %}
{%- endif %} {%- endif %}


{% for name, user in pillar.get('users', {}).items() {% for name, user in pillar.get('users', {}).items()

+ 6
- 2
users/map.jinja View File

'bash_package': 'bash', 'bash_package': 'bash',
'sudo_package': 'sudo', 'sudo_package': 'sudo',
'googleauth_package': 'libpam-google-authenticator', 'googleauth_package': 'libpam-google-authenticator',
},
'polkit_dir': '/etc/polkit-1/localauthority.conf.d',
'polkit_defaults': 'unix-group:sudo;'
},
'Gentoo': { 'Gentoo': {
'sudoers_dir': '/etc/sudoers.d', 'sudoers_dir': '/etc/sudoers.d',
'sudoers_file': '/etc/sudoers', 'sudoers_file': '/etc/sudoers',
'bash_package': 'bash', 'bash_package': 'bash',
'sudo_package': 'sudo', 'sudo_package': 'sudo',
'googleauth_package': 'libpam-google-authenticator', 'googleauth_package': 'libpam-google-authenticator',
'polkit_dir': '/etc/polkit-1/localauthority.conf.d',
'polkit_defaults': 'unix-group:sudo;'
}, },
}, merge=salt['pillar.get']('users-formula:lookup')), }, merge=salt['pillar.get']('users-formula:lookup')),
base='users', base='users',
{% set group = salt['cmd.run']("stat -f '%Sg' /dev/console") %} {% set group = salt['cmd.run']("stat -f '%Sg' /dev/console") %}
{% do users.update({'root_group': group, {% do users.update({'root_group': group,
'prime_group': group}) %} 'prime_group': group}) %}
{% endif %}
{%- endif %}

+ 31
- 0
users/polkit.sls View File

{% from "users/map.jinja" import users with context %}
{% set polkitusers = {} %}
{% set polkitusers = {'value': ''} %}

{% for name, user in pillar.get('users', {}).items() %}
{% if user.absent is not defined or not user.absent %}
{% if 'polkitadmin' in user and user['polkitadmin'] %}
{% do polkitusers.update({'value': polkitusers.value + 'unix-user:' + name + ';'}) %}
{% endif %}
{% endif %}
{% endfor %}

{% if polkitusers.value != '' %}
users_{{ users.polkit_dir }}/99salt-users-formula.conf:
file.managed:
- replace: True
- onlyif: 'test -d {{ users.polkit_dir }}'
- name: {{ users.polkit_dir }}/99salt-users-formula.conf
- contents: |
########################################################################
# File managed by Salt (users-formula).
# Your changes will be overwritten.
########################################################################
#
[Configuration]
AdminIdentities={{ users.polkit_defaults }}{{ polkitusers.value }}
{% else %}
users_{{ users.polkit_dir }}/99salt-users-formula.conf_delete:
file.absent:
- name: {{ users.polkit_dir }}/99salt-users-formula.conf
{% endif %}

Loading…
Cancel
Save