ExternalMirrors
/
users-formula
zrcadlo https://github.com/saltstack-formulas/users-formula
Sledovat 1
Oblíbit 0
Rozštěpit 1
Zdrojový kód Úkoly 0 Vydání 13 Wiki Aktivita
Saltstack Official Users Formula
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
311 Revize
3 Větve
Strom: 0ad7d0764e
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „0ad7d0764e“
${ noResults }
users-formula/users/init.sls

588 lines
17KB
Surový Blame Historie 

  1. # vim: sts=2 ts=2 sw=2 et ai

  2. {% from "users/map.jinja" import users with context %}

  3. {% set used_sudo = [] %}

  4. {% set used_googleauth = [] %}

  5. {% set used_user_files = [] %}

  6. 

  7. {% for group, setting in salt['pillar.get']('groups', {}).items() %}

  8. users_group_{{ setting.get('state', "present") }}_{{ group }}:

  9.   group.{{ setting.get('state', "present") }}:

  10.     - name: {{ group }}

  11.     {%- if setting.get('gid') %}

  12.     - gid: {{setting.get('gid')  }}

  13.     {%- endif %}

  14.     - system: {{ setting.get('system',"False") }}

  15. {% endfor %}

  16. 

  17. {%- for name, user in pillar.get('users', {}).items()

  18.         if user.absent is not defined or not user.absent %}

  19. {%- if user == None -%}

  20. {%- set user = {} -%}

  21. {%- endif -%}

  22. {%- if 'sudoonly' in user and user['sudoonly'] %}

  23. {%- set _dummy=user.update({'sudouser': True}) %}

  24. {%- endif %}

  25. {%- if 'sudouser' in user and user['sudouser'] %}

  26. {%- do used_sudo.append(1) %}

  27. {%- endif %}

  28. {%- if 'google_auth' in user %}

  29. {%- do used_googleauth.append(1) %}

  30. {%- endif %}

  31. {%- if salt['pillar.get']('users:' ~ name ~ ':user_files:enabled', False) %}

  32. {%- do used_user_files.append(1) %}

  33. {%- endif %}

  34. {%- endfor %}

  35. 

  36. {%- if used_sudo or used_googleauth or used_user_files %}

  37. include:

  38. {%- if used_sudo %}

  39.   - users.sudo

  40. {%- endif %}

  41. {%- if used_googleauth %}

  42.   - users.googleauth

  43. {%- endif %}

  44. {%- if used_user_files %}

  45.   - users.user_files

  46. {%- endif %}

  47. {%- endif %}

  48. 

  49. {% for name, user in pillar.get('users', {}).items()

  50.         if user.absent is not defined or not user.absent %}

  51. {%- if user == None -%}

  52. {%- set user = {} -%}

  53. {%- endif -%}

  54. {%- set current = salt.user.info(name) -%}

  55. {%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%}

  56. 

  57. {%- if 'prime_group' in user and 'name' in user['prime_group'] %}

  58. {%- set user_group = user.prime_group.name -%}

  59. {%- else -%}

  60. {%- set user_group = name -%}

  61. {%- endif %}

  62. 

  63. {%- if not ( 'sudoonly' in user and user['sudoonly'] ) %}

  64. {% for group in user.get('groups', []) %}

  65. users_{{ name }}_{{ group }}_group:

  66.   group.present:

  67.     - name: {{ group }}

  68.     {% if group == 'sudo' %}

  69.     - system: True

  70.     {% endif %}

  71. {% endfor %}

  72. 

  73. {# in case home subfolder doesn't exist, create it before the user exists #}

  74. {% if user.get('createhome', True) %}

  75. users_{{ name }}_user_prereq:

  76.   file.directory:

  77.     - name: {{ salt['file.dirname'](home) }}

  78.     - makedirs: True

  79.     - prereq:

  80.       - user: users_{{ name }}_user

  81. {%- endif %}

  82. 

  83. users_{{ name }}_user:

  84.   {% if user.get('createhome', True) %}

  85.   file.directory:

  86.     - name: {{ home }}

  87.     - user: {{ user.get('homedir_owner', name) }}

  88.     - group: {{ user.get('homedir_group', user_group) }}

  89.     - mode: {{ user.get('user_dir_mode', '0750') }}

  90.     - makedirs: True

  91.     - require:

  92.       - user: users_{{ name }}_user

  93.       - group: {{ user_group }}

  94.   {%- endif %}

  95.   group.present:

  96.     - name: {{ user_group }}

  97.     {%- if 'prime_group' in user and 'gid' in user['prime_group'] %}

  98.     - gid: {{ user['prime_group']['gid'] }}

  99.     {%- elif 'uid' in user %}

  100.     - gid: {{ user['uid'] }}

  101.     {%- endif %}

  102.     {% if 'system' in user and user['system'] %}

  103.     - system: True

  104.     {% endif %}

  105.   user.present:

  106.     - name: {{ name }}

  107.     {% if user.get('createhome', True) -%}

  108.     - home: {{ home }}

  109.     {% endif -%}

  110.     - shell: {{ user.get('shell', current.get('shell', users.get('shell', '/bin/bash'))) }}

  111.     {% if 'uid' in user -%}

  112.     - uid: {{ user['uid'] }}

  113.     {% endif -%}

  114.     {% if 'password' in user -%}

  115.     - password: '{{ user['password'] }}'

  116.     {% endif -%}

  117.     {% if user.get('empty_password') -%}

  118.     - empty_password: {{ user.get('empty_password') }}

  119.     {% endif -%}

  120.     {% if 'enforce_password' in user -%}

  121.     - enforce_password: {{ user['enforce_password'] }}

  122.     {% endif -%}

  123.     {% if 'hash_password' in user -%}

  124.     - hash_password: {{ user['hash_password'] }}

  125.     {% endif -%}

  126.     {% if user.get('system', False) -%}

  127.     - system: True

  128.     {% endif -%}

  129.     {% if 'prime_group' in user and 'gid' in user['prime_group'] -%}

  130.     - gid: {{ user['prime_group']['gid'] }}

  131.     {% elif 'prime_group' in user and 'name' in user['prime_group'] %}

  132.     - gid: {{ user['prime_group']['name'] }}

  133.     {% else -%}

  134.     - gid_from_name: True

  135.     {% endif -%}

  136.     {% if 'fullname' in user %}

  137.     - fullname: {{ user['fullname'] }}

  138.     {% endif -%}

  139.     {% if 'roomnumber' in user %}

  140.     - roomnumber: {{ user['roomnumber'] }}

  141.     {% endif %}

  142.     {% if 'workphone' in user %}

  143.     - workphone: {{ user['workphone'] }}

  144.     {% endif %}

  145.     {% if 'homephone' in user %}

  146.     - homephone: {{ user['homephone'] }}

  147.     {% endif %}

  148.     {% if not user.get('createhome', True) %}

  149.     - createhome: False

  150.     {% endif %}

  151.     {% if not user.get('unique', True) %}

  152.     - unique: False

  153.     {% endif %}

  154.     {%- if grains['saltversioninfo'] >= [2018, 3, 1] %}

  155.     - allow_gid_change: {{ users.allow_gid_change if 'allow_gid_change' not in user else user['allow_gid_change'] }}

  156.     {%- endif %}

  157.     {% if 'expire' in user -%}

  158.         {% if grains['kernel'].endswith('BSD') and

  159.             user['expire'] < 157766400 %}

  160.         {# 157762800s since epoch equals 01 Jan 1975 00:00:00 UTC #}

  161.     - expire: {{ user['expire'] * 86400 }}

  162.         {% elif grains['kernel'] == 'Linux' and

  163.             user['expire'] > 84006 %}

  164.         {# 2932896 days since epoch equals 9999-12-31 #}

  165.     - expire: {{ (user['expire'] / 86400) | int}}

  166.         {% else %}

  167.     - expire: {{ user['expire'] }}

  168.         {% endif %}

  169.     {% endif -%}

  170.     {% if 'mindays' in user %}

  171.     - mindays: {{ user.get('mindays', None) }}

  172.     {% endif %}

  173.     {% if 'maxdays' in user %}

  174.     - maxdays: {{ user.get('maxdays', None) }}

  175.     {% endif %}

  176.     {% if 'inactdays' in user %}

  177.     - inactdays: {{ user.get('inactdays', None) }}

  178.     {% endif %}

  179.     {% if 'warndays' in user %}

  180.     - warndays: {{ user.get('warndays', None) }}

  181.     {% endif %}

  182.     - remove_groups: {{ user.get('remove_groups', 'False') }}

  183.     - groups:

  184.       - {{ user_group }}

  185.       {% for group in user.get('groups', []) -%}

  186.       - {{ group }}

  187.       {% endfor %}

  188.     {% if 'optional_groups' in user %}

  189.     - optional_groups:

  190.       {% for optional_group in user['optional_groups'] -%}

  191.       - {{optional_group}}

  192.       {% endfor %}

  193.     {% endif %}

  194.     - require:

  195.       - group: {{ user_group }}

  196.       {% for group in user.get('groups', []) -%}

  197.       - group: {{ group }}

  198.       {% endfor %}

  199. 

  200. 

  201.   {% if 'ssh_keys' in user or

  202.       'ssh_auth' in user or

  203.       'ssh_auth_file' in user or

  204.       'ssh_auth_pillar' in user or

  205.       'ssh_auth.absent' in user or

  206.       'ssh_config' in user %}

  207. user_keydir_{{ name }}:

  208.   file.directory:

  209.     - name: {{ home }}/.ssh

  210.     - user: {{ name }}

  211.     - group: {{ user_group }}

  212.     - makedirs: True

  213.     - mode: 700

  214.     - dir_mode: 700

  215.     - require:

  216.       - user: {{ name }}

  217.       - group: {{ user_group }}

  218.       {%- for group in user.get('groups', []) %}

  219.       - group: {{ group }}

  220.       {%- endfor %}

  221.   {% endif %}

  222. 

  223.   {% if 'ssh_keys' in user %}

  224.     {% for _key in user.ssh_keys.keys() %}

  225.       {% if _key == 'privkey' %}

  226.         {% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') %}

  227.       {% elif _key ==  'pubkey' %}

  228.         {% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') + '.pub' %}

  229.       {% else %}

  230.         {% set key_name = _key %}

  231.       {% endif %}

  232. users_{{ name }}_{{ key_name }}_key:

  233.   file.managed:

  234.     - name: {{ home }}/.ssh/{{ key_name }}

  235.     - user: {{ name }}

  236.     - group: {{ user_group }}

  237.       {% if key_name.endswith(".pub") %}

  238.     - mode: 644

  239.       {% else %}

  240.     - mode: 600

  241.       {% endif %}

  242.     - show_diff: False

  243.     {%- set key_value = salt['pillar.get']('users:'+name+':ssh_keys:'+_key) %}

  244.     {%- if 'salt://' in key_value[:7] %}

  245.     - source: {{ key_value }}

  246.     {%- else %}

  247.     - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }}

  248.     {%- endif %}

  249.     - require:

  250.       - user: users_{{ name }}_user

  251.       {% for group in user.get('groups', []) %}

  252.       - group: users_{{ name }}_{{ group }}_group

  253.       {% endfor %}

  254.     {% endfor %}

  255.   {% endif %}

  256. 

  257. 

  258. {% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %}

  259. users_authorized_keys_{{ name }}:

  260.   file.managed:

  261.     - name: {{ home }}/.ssh/authorized_keys

  262.     - user: {{ name }}

  263.     - group: {{ user_group }}

  264.     - mode: 600

  265. {% if 'ssh_auth_file' in user %}

  266.     - contents: |

  267.         {% for auth in user.ssh_auth_file -%}

  268.         {{ auth }}

  269.         {% endfor -%}

  270. {% else %}

  271.     - contents: |

  272.         {%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %}

  273.         {{ salt['pillar.get'](pillar_name + ':' + key_name + ':pubkey', '') }}

  274.         {%- endfor %}

  275. {% endif %}

  276. {% endif %}

  277. 

  278. {% if 'ssh_auth' in user %}

  279. {% for auth in user['ssh_auth'] %}

  280. users_ssh_auth_{{ name }}_{{ loop.index0 }}:

  281.   ssh_auth.present:

  282.     - user: {{ name }}

  283.     - name: {{ auth }}

  284.     - require:

  285.         - file: user_keydir_{{ name }}

  286.         - user: users_{{ name }}_user

  287. {% endfor %}

  288. {% endif %}

  289. 

  290. {% if 'ssh_keys_pillar' in user %}

  291. {% for key_name, pillar_name in user['ssh_keys_pillar'].items() %}

  292. user_ssh_keys_files_{{ name }}_{{ key_name }}_private_key:

  293.   file.managed:

  294.     - name: {{ home }}/.ssh/{{ key_name }}

  295.     - user: {{ name }}

  296.     - group: {{ user_group }}

  297.     - mode: 600

  298.     - show_diff: False

  299.     - contents_pillar: {{ pillar_name }}:{{ key_name }}:privkey

  300.     - require:

  301.       - user: users_{{ name }}_user

  302.       {% for group in user.get('groups', []) %}

  303.       - group: users_{{ name }}_{{ group }}_group

  304.       {% endfor %}

  305. user_ssh_keys_files_{{ name }}_{{ key_name }}_public_key:

  306.   file.managed:

  307.     - name: {{ home }}/.ssh/{{ key_name }}.pub

  308.     - user: {{ name }}

  309.     - group: {{ user_group }}

  310.     - mode: 644

  311.     - show_diff: False

  312.     - contents_pillar: {{ pillar_name }}:{{ key_name }}:pubkey

  313.     - require:

  314.       - user: users_{{ name }}_user

  315.       {% for group in user.get('groups', []) %}

  316.       - group: users_{{ name }}_{{ group }}_group

  317.       {% endfor %}

  318. {% endfor %}

  319. {% endif %}

  320. 

  321. {% if 'ssh_auth_sources' in user %}

  322. {% for pubkey_file in user['ssh_auth_sources'] %}

  323. users_ssh_auth_source_{{ name }}_{{ loop.index0 }}:

  324.   ssh_auth.present:

  325.     - user: {{ name }}

  326.     - source: {{ pubkey_file }}

  327.     - require:

  328.         - file: users_{{ name }}_user

  329.         - user: users_{{ name }}_user

  330. {% endfor %}

  331. {% endif %}

  332. 

  333. {% if 'ssh_auth_sources.absent' in user %}

  334. {% for pubkey_file in user['ssh_auth_sources.absent'] %}

  335. users_ssh_auth_source_delete_{{ name }}_{{ loop.index0 }}:

  336.   ssh_auth.absent:

  337.     - user: {{ name }}

  338.     - source: {{ pubkey_file }}

  339.     - require:

  340.         - file: users_{{ name }}_user

  341.         - user: users_{{ name }}_user

  342. {% endfor %}

  343. {% endif %}

  344. 

  345. {% if 'ssh_auth.absent' in user %}

  346. {% for auth in user['ssh_auth.absent'] %}

  347. users_ssh_auth_delete_{{ name }}_{{ loop.index0 }}:

  348.   ssh_auth.absent:

  349.     - user: {{ name }}

  350.     - name: {{ auth }}

  351.     - require:

  352.         - file: users_{{ name }}_user

  353.         - user: users_{{ name }}_user

  354. {% endfor %}

  355. {% endif %}

  356. 

  357. {% if 'ssh_config' in user %}

  358. users_ssh_config_{{ name }}:

  359.   file.managed:

  360.     - name: {{ home }}/.ssh/config

  361.     - user: {{ name }}

  362.     - group: {{ user_group }}

  363.     - mode: 640

  364.     - contents: |

  365.         # Managed by Saltstack

  366.         # Do Not Edit

  367.         {% for label, setting in user.ssh_config.items() %}

  368.         # {{ label }}

  369.         Host {{ setting.get('hostname') }}

  370.           {%- for opts in setting.get('options') %}

  371.           {{ opts }}

  372.           {%- endfor %}

  373.         {% endfor -%}

  374. {% endif %}

  375. 

  376. {% if 'ssh_known_hosts' in user %}

  377. {% for hostname, host in user['ssh_known_hosts'].items() %}

  378. users_ssh_known_hosts_{{ name }}_{{ loop.index0 }}:

  379.   ssh_known_hosts.present:

  380.     - user: {{ name }}

  381.     - name: {{ hostname }}

  382.     {% if 'port' in host %}

  383.     - port: {{ host['port'] }}

  384.     {% endif -%}

  385.     {% if 'fingerprint' in host %}

  386.     - fingerprint: {{ host['fingerprint'] }}

  387.     {% endif -%}

  388.     {% if 'key' in host %}

  389.     - key: {{ host['key'] }}

  390.     {% endif -%}

  391.     {% if 'enc' in host %}

  392.     - enc: {{ host['enc'] }}

  393.     {% endif -%}

  394.     {% if 'hash_known_hosts' in host %}

  395.     - hash_known_hosts: {{ host['hash_known_hosts'] }}

  396.     {% endif -%}

  397.     {% if 'timeout' in host %}

  398.     - timeout: {{ host['timeout'] }}

  399.     {% endif -%}

  400.     {% if 'fingerprint_hash_type' in host %}

  401.     - fingerprint_hash_type: {{ host['fingerprint_hash_type'] }}

  402.     {% endif -%}

  403. {% endfor %}

  404. {% endif %}

  405. 

  406. {% if 'ssh_known_hosts.absent' in user %}

  407. {% for host in user['ssh_known_hosts.absent'] %}

  408. users_ssh_known_hosts_delete_{{ name }}_{{ loop.index0 }}:

  409.   ssh_known_hosts.absent:

  410.     - user: {{ name }}

  411.     - name: {{ host }}

  412. {% endfor %}

  413. {% endif %}

  414. {% endif %}

  415. 

  416. {% set sudoers_d_filename = name|replace('.','_') %}

  417. {% if 'sudouser' in user and user['sudouser'] %}

  418. 

  419. users_sudoer-{{ name }}:

  420.   file.managed:

  421.     - replace: False

  422.     - name: {{ users.sudoers_dir }}/{{ sudoers_d_filename }}

  423.     - user: root

  424.     - group: {{ users.root_group }}

  425.     - mode: '0440'

  426. {% if 'sudo_rules' in user or 'sudo_defaults' in user %}

  427. #{#%

  428. {% if 'sudo_rules' in user %}

  429. {% for rule in user['sudo_rules'] %}

  430. "validate {{ name }} sudo rule {{ loop.index0 }} {{ name }} {{ rule }}":

  431.   cmd.run:

  432.     - name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }'

  433.     - stateful: True

  434.     - shell: {{ users.visudo_shell }}

  435.     - env:

  436.       # Specify the rule via an env var to avoid shell quoting issues.

  437.       - rule: "{{ name }} {{ rule }}"

  438.     - require_in:

  439.       - file: users_{{ users.sudoers_dir }}/{{ name }}

  440. {% endfor %}

  441. {% endif %}

  442. {% if 'sudo_defaults' in user %}

  443. {% for entry in user['sudo_defaults'] %}

  444. "validate {{ name }} sudo Defaults {{ loop.index0 }} {{ name }} {{ entry }}":

  445.   cmd.run:

  446.     - name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }'

  447.     - stateful: True

  448.     - shell: {{ users.visudo_shell }}

  449.     - env:

  450.       # Specify the rule via an env var to avoid shell quoting issues.

  451.       - rule: "Defaults:{{ name }} {{ entry }}"

  452.     - require_in:

  453.       - file: users_{{ users.sudoers_dir }}/{{ name }}

  454. {% endfor %}

  455. {% endif %}

  456. #%#}

  457. 

  458. users_{{ users.sudoers_dir }}/{{ name }}:

  459.   file.managed:

  460.     - replace: True

  461.     - name: {{ users.sudoers_dir }}/{{ sudoers_d_filename }}

  462.     - contents: |

  463.       {%- if 'sudo_defaults' in user %}

  464.       {%- for entry in user['sudo_defaults'] %}

  465.         Defaults:{{ name }} {{ entry }}

  466.       {%- endfor %}

  467.       {%- endif %}

  468.       {%- if 'sudo_rules' in user %}

  469.         ########################################################################

  470.         # File managed by Salt (users-formula).

  471.         # Your changes will be overwritten.

  472.         ########################################################################

  473.         #

  474.       {%- for rule in user['sudo_rules'] %}

  475.         {{ name }} {{ rule }}

  476.       {%- endfor %}

  477.       {%- endif %}

  478.     - require:

  479.       - file: users_sudoer-defaults

  480.       - file: users_sudoer-{{ name }}

  481.   cmd.wait:

  482.     - name: visudo -cf {{ users.sudoers_dir }}/{{ sudoers_d_filename }} || ( rm -rvf {{ users.sudoers_dir }}/{{ sudoers_d_filename }}; exit 1 )

  483.     - watch:

  484.       - file: {{ users.sudoers_dir }}/{{ sudoers_d_filename }}

  485. {% endif %}

  486. {% else %}

  487. users_{{ users.sudoers_dir }}/{{ sudoers_d_filename }}:

  488.   file.absent:

  489.     - name: {{ users.sudoers_dir }}/{{ sudoers_d_filename }}

  490. {% endif %}

  491. 

  492. {%- if 'google_auth' in user %}

  493. {%- for svc in user['google_auth'] %}

  494. users_googleauth-{{ svc }}-{{ name }}:

  495.   file.managed:

  496.     - replace: false

  497.     - name: {{ users.googleauth_dir }}/{{ name }}_{{ svc }}

  498.     - contents_pillar: 'users:{{ name }}:google_auth:{{ svc }}'

  499.     - user: root

  500.     - group: {{ users.root_group }}

  501.     - mode: 400

  502.     - require:

  503.       - pkg: users_googleauth-package

  504. {%- endfor %}

  505. {%- endif %}

  506. 

  507. # this doesn't work (Salt bug), therefore need to run state.apply twice

  508. #include:

  509. #  - users

  510. #

  511. #git:

  512. #  pkg.installed:

  513. #    - require_in:

  514. #      - sls: users

  515. #

  516. {% if salt['cmd.has_exec']('git') %}

  517. 

  518. {% if 'gitconfig' in user %}

  519. {% for key, value in user['gitconfig'].items() %}

  520. users_{{ name }}_user_gitconfig_{{ loop.index0 }}:

  521.   {% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %}

  522.   git.config_set:

  523.   {% else %}

  524.   git.config:

  525.   {% endif %}

  526.     - name: {{ key }}

  527.     - value: "{{ value }}"

  528.     - user: {{ name }}

  529.     {% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %}

  530.     - global: True

  531.     {% else %}

  532.     - is_global: True

  533.     {% endif %}

  534. {% endfor %}

  535. {% endif %}

  536. 

  537. {% if 'gitconfig.absent' in user and grains['saltversioninfo'] >= [2015, 8, 0, 0] %}

  538. {% for key in user.get('gitconfig.absent') %}

  539. users_{{ name }}_user_gitconfig_absent_{{ key }}:

  540.   git.config_unset:

  541.     - name: '{{ key }}'

  542.     - user: {{ name }}

  543.     - global: True

  544.     - all: True

  545. {% endfor %}

  546. {% endif %}

  547. 

  548. {% endif %}

  549. 

  550. {% endfor %}

  551. 

  552. 

  553. {% for name, user in pillar.get('users', {}).items()

  554.         if user.absent is defined and user.absent %}

  555. users_absent_user_{{ name }}:

  556. {% if 'purge' in user or 'force' in user %}

  557.   user.absent:

  558.     - name: {{ name }}

  559.     {% if 'purge' in user %}

  560.     - purge: {{ user['purge'] }}

  561.     {% endif %}

  562.     {% if 'force' in user %}

  563.     - force: {{ user['force'] }}

  564.     {% endif %}

  565. {% else %}

  566.   user.absent:

  567.     - name: {{ name }}

  568. {% endif -%}

  569. users_{{ users.sudoers_dir }}/{{ name }}:

  570.   file.absent:

  571.     - name: {{ users.sudoers_dir }}/{{ name }}

  572. {% endfor %}

  573. 

  574. {% for user in pillar.get('absent_users', []) %}

  575. users_absent_user_2_{{ user }}:

  576.   user.absent:

  577.     - name: {{ user }}

  578. users_2_{{ users.sudoers_dir }}/{{ user }}:

  579.   file.absent:

  580.     - name: {{ users.sudoers_dir }}/{{ user }}

  581. {% endfor %}

  582. 

  583. {% for group in pillar.get('absent_groups', []) %}

  584. users_absent_group_{{ group }}:

  585.   group.absent:

  586.     - name: {{ group }}

  587. {% endfor %}