ExternalMirrors
/
users-formula
kopia lustrzana https://github.com/saltstack-formulas/users-formula
Obserwuj 1
Polub 0
Forkuj 1
Kod Zgłoszenia 0 Wydania 13 Wiki Aktywność
Saltstack Official Users Formula
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
509 Commity
3 Gałęzie
Gałąź: master
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z 'master'
${ noResults }
users-formula/users/init.sls

607 lines
18KB
Czysty Bezpośredni odnośnik Wina Historia 

  1. # vim: sts=2 ts=2 sw=2 et ai

  2. {% from "users/map.jinja" import users with context %}

  3. {% set used_sudo = [] %}

  4. {% set used_googleauth = [] %}

  5. {% set used_user_files = [] %}

  6. {% set used_polkit = [] %}

  7. 

  8. {% for group, setting in salt['pillar.get']('groups', {}).items() %}

  9. {%   if setting.absent is defined and setting.absent or setting.get('state', "present") == 'absent' %}

  10. users_group_absent_{{ group }}:

  11.   group.absent:

  12.     - name: {{ group }}

  13. {% else %}

  14. users_group_present_{{ group }}:

  15.   group.present:

  16.     - name: {{ group }}

  17.     - gid: {{ setting.get('gid', "null") }}

  18.     - system: {{ setting.get('system',"False") }}

  19.     - members: {{ setting.get('members')|json }}

  20.     - addusers: {{ setting.get('addusers')|json }}

  21.     - delusers: {{ setting.get('delusers')|json }}

  22. {% endif %}

  23. {% endfor %}

  24. 

  25. {%- for name, user in pillar.get('users', {}).items()

  26.         if user.absent is not defined or not user.absent %}

  27. {%- if user == None -%}

  28. {%- set user = {} -%}

  29. {%- endif -%}

  30. {%- if 'sudoonly' in user and user['sudoonly'] %}

  31. {%- set _dummy=user.update({'sudouser': True}) %}

  32. {%- endif %}

  33. {%- if 'sudouser' in user and user['sudouser'] %}

  34. {%- do used_sudo.append(1) %}

  35. {%- endif %}

  36. {%- if 'google_auth' in user %}

  37. {%- do used_googleauth.append(1) %}

  38. {%- endif %}

  39. {%- if salt['pillar.get']('users:' ~ name ~ ':user_files:enabled', False) %}

  40. {%- do used_user_files.append(1) %}

  41. {%- endif %}

  42. {%- if user.get('polkitadmin', False) == True %}

  43. {%- do used_polkit.append(1)  %}

  44. {%- endif %}

  45. {%- endfor %}

  46. 

  47. {%- if used_sudo or used_googleauth or used_user_files or used_polkit %}

  48. include:

  49. {%- if used_sudo %}

  50.   - users.sudo

  51. {%- endif %}

  52. {%- if used_googleauth %}

  53.   - users.googleauth

  54. {%- endif %}

  55. {%- if used_user_files %}

  56.   - users.user_files

  57. {%- endif %}

  58. {%- if used_polkit %}

  59.   - users.polkit

  60. {%- endif %}

  61. {%- endif %}

  62. 

  63. {% for name, user in pillar.get('users', {}).items()

  64.         if user.absent is not defined or not user.absent %}

  65. {%- if user == None -%}

  66. {%- set user = {} -%}

  67. {%- endif -%}

  68. {%- set current = salt.user.info(name) -%}

  69. {%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%}

  70. {%- set createhome = user.get('createhome', users.get('createhome')) -%}

  71. 

  72. {%- if 'prime_group' in user and 'name' in user['prime_group'] %}

  73. {%- set user_group = user.prime_group.name -%}

  74. {%- else -%}

  75. {%- set user_group = name -%}

  76. {%- endif %}

  77. 

  78. {%- if not ( 'sudoonly' in user and user['sudoonly'] ) %}

  79. {% for group in user.get('groups', []) %}

  80. users_{{ name }}_{{ group }}_group:

  81.   group.present:

  82.     - name: {{ group }}

  83.     {% if group == 'sudo' %}

  84.     - system: True

  85.     {% endif %}

  86. {% endfor %}

  87. 

  88. {# in case home subfolder doesn't exist, create it before the user exists #}

  89. {% if createhome -%}

  90. users_{{ name }}_user_prereq:

  91.   file.directory:

  92.     - name: {{ salt['file.dirname'](home) }}

  93.     - makedirs: True

  94.     - prereq:

  95.       - user: users_{{ name }}_user

  96. {%- endif %}

  97. 

  98. users_{{ name }}_user:

  99.   {% if createhome -%}

  100.   file.directory:

  101.     - name: {{ home }}

  102.     - user: {{ user.get('homedir_owner', name) }}

  103.     - group: {{ user.get('homedir_group', user_group) }}

  104.     - mode: {{ user.get('user_dir_mode', '0750') }}

  105.     - makedirs: True

  106.     - require:

  107.       - user: users_{{ name }}_user

  108.       - group: {{ user_group }}

  109.   {%- endif %}

  110.   group.present:

  111.     - name: {{ user_group }}

  112.     {%- if 'prime_group' in user and 'gid' in user['prime_group'] %}

  113.     - gid: {{ user['prime_group']['gid'] }}

  114.     {%- elif 'uid' in user %}

  115.     - gid: {{ user['uid'] }}

  116.     {%- endif %}

  117.     {% if 'system' in user and user['system'] %}

  118.     - system: True

  119.     {% endif %}

  120.   user.present:

  121.     - name: {{ name }}

  122.     - home: {{ home }}

  123.     - shell: {{ user.get('shell', current.get('shell', users.get('shell', '/bin/bash'))) }}

  124.     {% if 'uid' in user -%}

  125.     - uid: {{ user['uid'] }}

  126.     {% endif -%}

  127.     {% if 'password' in user -%}

  128.     - password: '{{ user['password'] }}'

  129.     {% endif -%}

  130.     {% if user.get('empty_password') -%}

  131.     - empty_password: {{ user.get('empty_password') }}

  132.     {% endif -%}

  133.     {% if 'enforce_password' in user -%}

  134.     - enforce_password: {{ user['enforce_password'] }}

  135.     {% endif -%}

  136.     {% if 'hash_password' in user -%}

  137.     - hash_password: {{ user['hash_password'] }}

  138.     {% endif -%}

  139.     {% if user.get('system', False) -%}

  140.     - system: True

  141.     {% endif -%}

  142.     {% if 'prime_group' in user and 'gid' in user['prime_group'] -%}

  143.     - gid: {{ user['prime_group']['gid'] }}

  144.     {% elif 'prime_group' in user and 'name' in user['prime_group'] %}

  145.     - gid: {{ user['prime_group']['name'] }}

  146.     {% elif grains.os != 'MacOS' -%}

  147.     - gid: {{ name }}

  148.     {% endif -%}

  149.     {% if 'fullname' in user %}

  150.     - fullname: {{ user['fullname'] }}

  151.     {% endif -%}

  152.     {% if 'roomnumber' in user %}

  153.     - roomnumber: {{ user['roomnumber'] }}

  154.     {% endif %}

  155.     {% if 'workphone' in user %}

  156.     - workphone: {{ user['workphone'] }}

  157.     {% endif %}

  158.     {% if 'homephone' in user %}

  159.     - homephone: {{ user['homephone'] }}

  160.     {% endif %}

  161.     - createhome: {{ createhome }}

  162.     {% if not user.get('unique', True) %}

  163.     - unique: False

  164.     {% endif %}

  165.     {%- if grains['saltversioninfo'] >= [2018, 3, 1] %}

  166.     - allow_gid_change: {{ users.allow_gid_change if 'allow_gid_change' not in user else user['allow_gid_change'] }}

  167.     {%- endif %}

  168.     {% if 'expire' in user -%}

  169.         {% if grains['kernel'].endswith('BSD') and

  170.             user['expire'] < 157766400 %}

  171.         {# 157762800s since epoch equals 01 Jan 1975 00:00:00 UTC #}

  172.     - expire: {{ user['expire'] * 86400 }}

  173.         {% elif grains['kernel'] == 'Linux' and

  174.             user['expire'] > 84006 %}

  175.         {# 2932896 days since epoch equals 9999-12-31 #}

  176.     - expire: {{ (user['expire'] / 86400) | int }}

  177.         {% else %}

  178.     - expire: {{ user['expire'] }}

  179.         {% endif %}

  180.     {% endif -%}

  181.     {% if 'mindays' in user %}

  182.     - mindays: {{ user.get('mindays', None) }}

  183.     {% endif %}

  184.     {% if 'maxdays' in user %}

  185.     - maxdays: {{ user.get('maxdays', None) }}

  186.     {% endif %}

  187.     {% if 'inactdays' in user %}

  188.     - inactdays: {{ user.get('inactdays', None) }}

  189.     {% endif %}

  190.     {% if 'warndays' in user %}

  191.     - warndays: {{ user.get('warndays', None) }}

  192.     {% endif %}

  193.     - remove_groups: {{ user.get('remove_groups', 'False') }}

  194.     - groups:

  195.       - {{ user_group }}

  196.       {% for group in user.get('groups', []) -%}

  197.       - {{ group }}

  198.       {% endfor %}

  199.     {% if 'optional_groups' in user %}

  200.     - optional_groups:

  201.       {% for optional_group in user['optional_groups'] -%}

  202.       - {{ optional_group }}

  203.       {% endfor %}

  204.     {% endif %}

  205.     - require:

  206.       - group: {{ user_group }}

  207.       {% for group in user.get('groups', []) -%}

  208.       - group: {{ group }}

  209.       {% endfor %}

  210. 

  211. 

  212.   {% if 'ssh_keys' in user or

  213.       'ssh_auth' in user or

  214.       'ssh_auth_file' in user or

  215.       'ssh_auth_pillar' in user or

  216.       'ssh_auth.absent' in user or

  217.       'ssh_config' in user %}

  218. user_keydir_{{ name }}:

  219.   file.directory:

  220.     - name: {{ home }}/.ssh

  221.     - user: {{ name }}

  222.     - group: {{ user_group }}

  223.     - makedirs: True

  224.     - mode: '0700'

  225.     - dir_mode: '0700'

  226.     - require:

  227.       - user: {{ name }}

  228.       - group: {{ user_group }}

  229.       {%- for group in user.get('groups', []) %}

  230.       - group: {{ group }}

  231.       {%- endfor %}

  232.   {% endif %}

  233. 

  234.   {% if 'ssh_keys' in user %}

  235.     {% for _key in user.ssh_keys.keys() %}

  236.       {% if _key == 'privkey' %}

  237.         {% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') %}

  238.       {% elif _key ==  'pubkey' %}

  239.         {% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') + '.pub' %}

  240.       {% else %}

  241.         {% set key_name = _key %}

  242.       {% endif %}

  243. users_{{ name }}_{{ key_name }}_key:

  244.   file.managed:

  245.     - name: {{ home }}/.ssh/{{ key_name }}

  246.     - user: {{ name }}

  247.     - group: {{ user_group }}

  248.       {% if key_name.endswith(".pub") %}

  249.     - mode: '0644'

  250.       {% else %}

  251.     - mode: '0600'

  252.       {% endif %}

  253.     - show_diff: False

  254.     {%- set key_value = salt['pillar.get']('users:'+name+':ssh_keys:'+_key) %}

  255.     {%- if 'salt://' in key_value[:7] %}

  256.     - source: {{ key_value }}

  257.     {%- else %}

  258.     - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }}

  259.     {%- endif %}

  260.     - require:

  261.       - user: users_{{ name }}_user

  262.       {% for group in user.get('groups', []) %}

  263.       - group: users_{{ name }}_{{ group }}_group

  264.       {% endfor %}

  265.     {% endfor %}

  266.   {% endif %}

  267. 

  268. 

  269. {% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %}

  270. users_authorized_keys_{{ name }}:

  271.   file.managed:

  272.     - name: {{ home }}/.ssh/authorized_keys

  273.     - user: {{ name }}

  274.     - group: {{ user_group }}

  275.     - mode: '0600'

  276. {% if 'ssh_auth_file' in user %}

  277.     - contents: |

  278.         {% for auth in user.ssh_auth_file -%}

  279.         {{ auth }}

  280.         {% endfor -%}

  281. {% else %}

  282.     - contents: |

  283.         {%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %}

  284.         {{ salt['pillar.get'](pillar_name + ':' + key_name + ':pubkey', '') }}

  285.         {%- endfor %}

  286. {% endif %}

  287. {% endif %}

  288. 

  289. {% if 'ssh_auth' in user %}

  290. {% for auth in user['ssh_auth'] %}

  291. users_ssh_auth_{{ name }}_{{ loop.index0 }}:

  292.   ssh_auth.present:

  293.     - user: {{ name }}

  294.     - name: {{ auth }}

  295.     - require:

  296.         - file: user_keydir_{{ name }}

  297.         - user: users_{{ name }}_user

  298. {% endfor %}

  299. {% endif %}

  300. 

  301. {% if 'ssh_keys_pillar' in user %}

  302. {% for key_name, pillar_name in user['ssh_keys_pillar'].items() %}

  303. user_ssh_keys_files_{{ name }}_{{ key_name }}_private_key:

  304.   file.managed:

  305.     - name: {{ home }}/.ssh/{{ key_name }}

  306.     - user: {{ name }}

  307.     - group: {{ user_group }}

  308.     - mode: '0600'

  309.     - show_diff: False

  310.     - contents_pillar: {{ pillar_name }}:{{ key_name }}:privkey

  311.     - require:

  312.       - user: users_{{ name }}_user

  313.       {% for group in user.get('groups', []) %}

  314.       - group: users_{{ name }}_{{ group }}_group

  315.       {% endfor %}

  316. user_ssh_keys_files_{{ name }}_{{ key_name }}_public_key:

  317.   file.managed:

  318.     - name: {{ home }}/.ssh/{{ key_name }}.pub

  319.     - user: {{ name }}

  320.     - group: {{ user_group }}

  321.     - mode: '0644'

  322.     - show_diff: False

  323.     - contents_pillar: {{ pillar_name }}:{{ key_name }}:pubkey

  324.     - require:

  325.       - user: users_{{ name }}_user

  326.       {% for group in user.get('groups', []) %}

  327.       - group: users_{{ name }}_{{ group }}_group

  328.       {% endfor %}

  329. {% endfor %}

  330. {% endif %}

  331. 

  332. {% if 'ssh_auth_sources' in user %}

  333. {% for pubkey_file in user['ssh_auth_sources'] %}

  334. users_ssh_auth_source_{{ name }}_{{ loop.index0 }}:

  335.   ssh_auth.present:

  336.     - user: {{ name }}

  337.     - source: {{ pubkey_file }}

  338.     - require:

  339.         {% if createhome -%}

  340.         - file: users_{{ name }}_user

  341.         {% endif -%}

  342.         - user: users_{{ name }}_user

  343. {% endfor %}

  344. {% endif %}

  345. 

  346. {% if 'ssh_auth_sources.absent' in user %}

  347. {% for pubkey_file in user['ssh_auth_sources.absent'] %}

  348. users_ssh_auth_source_delete_{{ name }}_{{ loop.index0 }}:

  349.   ssh_auth.absent:

  350.     - user: {{ name }}

  351.     - source: {{ pubkey_file }}

  352.     - require:

  353.         {% if createhome -%}

  354.         - file: users_{{ name }}_user

  355.         {% endif -%}

  356.         - user: users_{{ name }}_user

  357. {% endfor %}

  358. {% endif %}

  359. 

  360. {% if 'ssh_auth.absent' in user %}

  361. {% for auth in user['ssh_auth.absent'] %}

  362. users_ssh_auth_delete_{{ name }}_{{ loop.index0 }}:

  363.   ssh_auth.absent:

  364.     - user: {{ name }}

  365.     - name: {{ auth }}

  366.     - require:

  367.         {% if createhome -%}

  368.         - file: users_{{ name }}_user

  369.         {% endif -%}

  370.         - user: users_{{ name }}_user

  371. {% endfor %}

  372. {% endif %}

  373. 

  374. {% if 'ssh_config' in user %}

  375. users_ssh_config_{{ name }}:

  376.   file.managed:

  377.     - name: {{ home }}/.ssh/config

  378.     - user: {{ name }}

  379.     - group: {{ user_group }}

  380.     - mode: '0640'

  381.     - contents: |

  382.         # Managed by Saltstack

  383.         # Do Not Edit

  384.         {% for label, setting in user.ssh_config.items() %}

  385.         # {{ label }}

  386.         Host {{ setting.get('hostname') }}

  387.           {%- for opts in setting.get('options') %}

  388.           {{ opts }}

  389.           {%- endfor %}

  390.         {% endfor -%}

  391. {% endif %}

  392. 

  393. {% if 'ssh_known_hosts' in user %}

  394. {% for hostname, host in user['ssh_known_hosts'].items() %}

  395. users_ssh_known_hosts_{{ name }}_{{ loop.index0 }}:

  396.   ssh_known_hosts.present:

  397.     - user: {{ name }}

  398.     - name: {{ hostname }}

  399.     {% if 'port' in host %}

  400.     - port: {{ host['port'] }}

  401.     {% endif -%}

  402.     {% if 'fingerprint' in host %}

  403.     - fingerprint: {{ host['fingerprint'] }}

  404.     {% endif -%}

  405.     {% if 'key' in host %}

  406.     - key: {{ host['key'] }}

  407.     {% endif -%}

  408.     {% if 'enc' in host %}

  409.     - enc: {{ host['enc'] }}

  410.     {% endif -%}

  411.     {% if 'hash_known_hosts' in host %}

  412.     - hash_known_hosts: {{ host['hash_known_hosts'] }}

  413.     {% endif -%}

  414.     {% if 'timeout' in host %}

  415.     - timeout: {{ host['timeout'] }}

  416.     {% endif -%}

  417.     {% if 'fingerprint_hash_type' in host %}

  418.     - fingerprint_hash_type: {{ host['fingerprint_hash_type'] }}

  419.     {% endif -%}

  420. {% endfor %}

  421. {% endif %}

  422. 

  423. {% if 'ssh_known_hosts.absent' in user %}

  424. {% for host in user['ssh_known_hosts.absent'] %}

  425. users_ssh_known_hosts_delete_{{ name }}_{{ loop.index0 }}:

  426.   ssh_known_hosts.absent:

  427.     - user: {{ name }}

  428.     - name: {{ host }}

  429. {% endfor %}

  430. {% endif %}

  431. {% endif %}

  432. 

  433. {% set sudoers_d_filename = name|replace('.','_') %}

  434. {% if 'sudouser' in user and user['sudouser'] %}

  435. 

  436. users_sudoer-{{ name }}:

  437.   file.managed:

  438.     - replace: False

  439.     - name: {{ users.sudoers_dir }}/{{ sudoers_d_filename }}

  440.     - user: root

  441.     - group: {{ users.root_group }}

  442.     - mode: '0440'

  443. {% if 'sudo_rules' in user or 'sudo_defaults' in user %}

  444. #{#%

  445. {% if 'sudo_rules' in user %}

  446. {% for rule in user['sudo_rules'] %}

  447. "validate {{ name }} sudo rule {{ loop.index0 }} {{ name }} {{ rule }}":

  448.   cmd.run:

  449.     - name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }'

  450.     - stateful: True

  451.     - shell: {{ users.visudo_shell }}

  452.     - env:

  453.       # Specify the rule via an env var to avoid shell quoting issues.

  454.       - rule: "{{ name }} {{ rule }}"

  455.     - require_in:

  456.       - file: users_{{ users.sudoers_dir }}/{{ name }}

  457. {% endfor %}

  458. {% endif %}

  459. {% if 'sudo_defaults' in user %}

  460. {% for entry in user['sudo_defaults'] %}

  461. "validate {{ name }} sudo Defaults {{ loop.index0 }} {{ name }} {{ entry }}":

  462.   cmd.run:

  463.     - name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }'

  464.     - stateful: True

  465.     - shell: {{ users.visudo_shell }}

  466.     - env:

  467.       # Specify the rule via an env var to avoid shell quoting issues.

  468.       - rule: "Defaults:{{ name }} {{ entry }}"

  469.     - require_in:

  470.       - file: users_{{ users.sudoers_dir }}/{{ name }}

  471. {% endfor %}

  472. {% endif %}

  473. #%#}

  474. 

  475. users_{{ users.sudoers_dir }}/{{ name }}:

  476.   file.managed:

  477.     - replace: True

  478.     - name: {{ users.sudoers_dir }}/{{ sudoers_d_filename }}

  479.     - contents: |

  480.       {%- if 'sudo_defaults' in user %}

  481.       {%- for entry in user['sudo_defaults'] %}

  482.         Defaults:{{ name }} {{ entry }}

  483.       {%- endfor %}

  484.       {%- endif %}

  485.       {%- if 'sudo_rules' in user %}

  486.         ########################################################################

  487.         # File managed by Salt (users-formula).

  488.         # Your changes will be overwritten.

  489.         ########################################################################

  490.         #

  491.       {%- for rule in user['sudo_rules'] %}

  492.         {{ name }} {{ rule }}

  493.       {%- endfor %}

  494.       {%- endif %}

  495.     - require:

  496.       - file: users_sudoer-defaults

  497.       - file: users_sudoer-{{ name }}

  498.   cmd.run:

  499.     - name: visudo -cf {{ users.sudoers_dir }}/{{ sudoers_d_filename }} || ( rm -rvf {{ users.sudoers_dir }}/{{ sudoers_d_filename }}; exit 1 )

  500.     - onchanges:

  501.       - file: {{ users.sudoers_dir }}/{{ sudoers_d_filename }}

  502. {% endif %}

  503. {% else %}

  504. users_{{ users.sudoers_dir }}/{{ sudoers_d_filename }}:

  505.   file.absent:

  506.     - name: {{ users.sudoers_dir }}/{{ sudoers_d_filename }}

  507. {% endif %}

  508. 

  509. {%- if not grains['os_family'] in ['RedHat', 'Suse'] %}

  510. {%-   if 'google_auth' in user %}

  511. {%-     for svc in user['google_auth'] %}

  512. users_googleauth-{{ svc }}-{{ name }}:

  513.   file.managed:

  514.     - replace: false

  515.     - name: {{ users.googleauth_dir }}/{{ name }}_{{ svc }}

  516.     - contents_pillar: 'users:{{ name }}:google_auth:{{ svc }}'

  517.     - user: root

  518.     - group: {{ users.root_group }}

  519.     - mode: '0400'

  520.     - require:

  521.       - pkg: users_googleauth-package

  522. {%-     endfor %}

  523. {%-   endif %}

  524. {%- endif %}

  525. 

  526. # this doesn't work (Salt bug), therefore need to run state.apply twice

  527. #include:

  528. #  - users

  529. #

  530. #git:

  531. #  pkg.installed:

  532. #    - require_in:

  533. #      - sls: users

  534. #

  535. {% if salt['cmd.has_exec']('git') %}

  536. 

  537. {% if 'gitconfig' in user %}

  538. {% for key, value in user['gitconfig'].items() %}

  539. users_{{ name }}_user_gitconfig_{{ loop.index0 }}:

  540.   {% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %}

  541.   git.config_set:

  542.   {% else %}

  543.   git.config:

  544.   {% endif %}

  545.     - name: {{ key }}

  546.     - value: "{{ value }}"

  547.     - user: {{ name }}

  548.     {% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %}

  549.     - global: True

  550.     {% else %}

  551.     - is_global: True

  552.     {% endif %}

  553. {% endfor %}

  554. {% endif %}

  555. 

  556. {% if 'gitconfig.absent' in user and grains['saltversioninfo'] >= [2015, 8, 0, 0] %}

  557. {% for key in user.get('gitconfig.absent') %}

  558. users_{{ name }}_user_gitconfig_absent_{{ key }}:

  559.   git.config_unset:

  560.     - name: '{{ key }}'

  561.     - user: {{ name }}

  562.     - global: True

  563.     - all: True

  564. {% endfor %}

  565. {% endif %}

  566. 

  567. {% endif %}

  568. 

  569. {% endfor %}

  570. 

  571. 

  572. {% for name, user in pillar.get('users', {}).items()

  573.         if user.absent is defined and user.absent %}

  574. users_absent_user_{{ name }}:

  575. {% if 'purge' in user or 'force' in user %}

  576.   user.absent:

  577.     - name: {{ name }}

  578.     {% if 'purge' in user %}

  579.     - purge: {{ user['purge'] }}

  580.     {% endif %}

  581.     {% if 'force' in user %}

  582.     - force: {{ user['force'] }}

  583.     {% endif %}

  584. {% else %}

  585.   user.absent:

  586.     - name: {{ name }}

  587. {% endif -%}

  588. users_{{ users.sudoers_dir }}/{{ name }}:

  589.   file.absent:

  590.     - name: {{ users.sudoers_dir }}/{{ name }}

  591. {% endfor %}

  592. 

  593. {% for user in pillar.get('absent_users', []) %}

  594. users_absent_user_2_{{ user }}:

  595.   user.absent:

  596.     - name: {{ user }}

  597. users_2_{{ users.sudoers_dir }}/{{ user }}:

  598.   file.absent:

  599.     - name: {{ users.sudoers_dir }}/{{ user }}

  600. {% endfor %}

  601. 

  602. {% for group in pillar.get('absent_groups', []) %}

  603. users_absent_group_{{ group }}:

  604.   group.absent:

  605.     - name: {{ group }}

  606. {% endfor %}