ExternalMirrors
/
users-formula
mirror of https://github.com/saltstack-formulas/users-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 13 Wiki Activity
Saltstack Official Users Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
320 Commits
3 Branches
Tree: ba61e9b7f1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ba61e9b7f1'
${ noResults }
users-formula/users/init.sls

591 lines
17KB
Raw Blame History 

  1. # vim: sts=2 ts=2 sw=2 et ai

  2. {% from "users/map.jinja" import users with context %}

  3. {% set used_sudo = [] %}

  4. {% set used_googleauth = [] %}

  5. {% set used_user_files = [] %}

  6. 

  7. {% for group, setting in salt['pillar.get']('groups', {}).items() %}

  8. users_group_{{ setting.get('state', "present") }}_{{ group }}:

  9.   group.{{ setting.get('state', "present") }}:

  10.     - name: {{ group }}

  11.     {%- if setting.get('gid') %}

  12.     - gid: {{setting.get('gid')  }}

  13.     {%- endif %}

  14.     - system: {{ setting.get('system',"False") }}

  15. {% endfor %}

  16. 

  17. {%- for name, user in pillar.get('users', {}).items()

  18.         if user.absent is not defined or not user.absent %}

  19. {%- if user == None -%}

  20. {%- set user = {} -%}

  21. {%- endif -%}

  22. {%- if 'sudoonly' in user and user['sudoonly'] %}

  23. {%- set _dummy=user.update({'sudouser': True}) %}

  24. {%- endif %}

  25. {%- if 'sudouser' in user and user['sudouser'] %}

  26. {%- do used_sudo.append(1) %}

  27. {%- endif %}

  28. {%- if 'google_auth' in user %}

  29. {%- do used_googleauth.append(1) %}

  30. {%- endif %}

  31. {%- if salt['pillar.get']('users:' ~ name ~ ':user_files:enabled', False) %}

  32. {%- do used_user_files.append(1) %}

  33. {%- endif %}

  34. {%- endfor %}

  35. 

  36. {%- if used_sudo or used_googleauth or used_user_files %}

  37. include:

  38. {%- if used_sudo %}

  39.   - users.sudo

  40. {%- endif %}

  41. {%- if used_googleauth %}

  42.   - users.googleauth

  43. {%- endif %}

  44. {%- if used_user_files %}

  45.   - users.user_files

  46. {%- endif %}

  47. {%- endif %}

  48. 

  49. {% for name, user in pillar.get('users', {}).items()

  50.         if user.absent is not defined or not user.absent %}

  51. {%- if user == None -%}

  52. {%- set user = {} -%}

  53. {%- endif -%}

  54. {%- set current = salt.user.info(name) -%}

  55. {%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%}

  56. {%- set createhome = user.get('createhome') -%}

  57. 

  58. {%- if 'prime_group' in user and 'name' in user['prime_group'] %}

  59. {%- set user_group = user.prime_group.name -%}

  60. {%- else -%}

  61. {%- set user_group = name -%}

  62. {%- endif %}

  63. 

  64. {%- if not ( 'sudoonly' in user and user['sudoonly'] ) %}

  65. {% for group in user.get('groups', []) %}

  66. users_{{ name }}_{{ group }}_group:

  67.   group.present:

  68.     - name: {{ group }}

  69.     {% if group == 'sudo' %}

  70.     - system: True

  71.     {% endif %}

  72. {% endfor %}

  73. 

  74. {# in case home subfolder doesn't exist, create it before the user exists #}

  75. {% if createhome -%}

  76. users_{{ name }}_user_prereq:

  77.   file.directory:

  78.     - name: {{ salt['file.dirname'](home) }}

  79.     - makedirs: True

  80.     - prereq:

  81.       - user: users_{{ name }}_user

  82. {%- endif %}

  83. 

  84. users_{{ name }}_user:

  85.   {% if createhome -%}

  86.   file.directory:

  87.     - name: {{ home }}

  88.     - user: {{ user.get('homedir_owner', name) }}

  89.     - group: {{ user.get('homedir_group', user_group) }}

  90.     - mode: {{ user.get('user_dir_mode', '0750') }}

  91.     - makedirs: True

  92.     - require:

  93.       - user: users_{{ name }}_user

  94.       - group: {{ user_group }}

  95.   {%- endif %}

  96.   group.present:

  97.     - name: {{ user_group }}

  98.     {%- if 'prime_group' in user and 'gid' in user['prime_group'] %}

  99.     - gid: {{ user['prime_group']['gid'] }}

  100.     {%- elif 'uid' in user %}

  101.     - gid: {{ user['uid'] }}

  102.     {%- endif %}

  103.     {% if 'system' in user and user['system'] %}

  104.     - system: True

  105.     {% endif %}

  106.   user.present:

  107.     - name: {{ name }}

  108.     - home: {{ home }}

  109.     - shell: {{ user.get('shell', current.get('shell', users.get('shell', '/bin/bash'))) }}

  110.     {% if 'uid' in user -%}

  111.     - uid: {{ user['uid'] }}

  112.     {% endif -%}

  113.     {% if 'password' in user -%}

  114.     - password: '{{ user['password'] }}'

  115.     {% endif -%}

  116.     {% if user.get('empty_password') -%}

  117.     - empty_password: {{ user.get('empty_password') }}

  118.     {% endif -%}

  119.     {% if 'enforce_password' in user -%}

  120.     - enforce_password: {{ user['enforce_password'] }}

  121.     {% endif -%}

  122.     {% if 'hash_password' in user -%}

  123.     - hash_password: {{ user['hash_password'] }}

  124.     {% endif -%}

  125.     {% if user.get('system', False) -%}

  126.     - system: True

  127.     {% endif -%}

  128.     {% if 'prime_group' in user and 'gid' in user['prime_group'] -%}

  129.     - gid: {{ user['prime_group']['gid'] }}

  130.     {% elif 'prime_group' in user and 'name' in user['prime_group'] %}

  131.     - gid: {{ user['prime_group']['name'] }}

  132.     {% else -%}

  133.     - gid_from_name: True

  134.     {% endif -%}

  135.     {% if 'fullname' in user %}

  136.     - fullname: {{ user['fullname'] }}

  137.     {% endif -%}

  138.     {% if 'roomnumber' in user %}

  139.     - roomnumber: {{ user['roomnumber'] }}

  140.     {% endif %}

  141.     {% if 'workphone' in user %}

  142.     - workphone: {{ user['workphone'] }}

  143.     {% endif %}

  144.     {% if 'homephone' in user %}

  145.     - homephone: {{ user['homephone'] }}

  146.     {% endif %}

  147.     - createhome: {{ createhome }}

  148.     {% if not user.get('unique', True) %}

  149.     - unique: False

  150.     {% endif %}

  151.     {%- if grains['saltversioninfo'] >= [2018, 3, 1] %}

  152.     - allow_gid_change: {{ users.allow_gid_change if 'allow_gid_change' not in user else user['allow_gid_change'] }}

  153.     {%- endif %}

  154.     {% if 'expire' in user -%}

  155.         {% if grains['kernel'].endswith('BSD') and

  156.             user['expire'] < 157766400 %}

  157.         {# 157762800s since epoch equals 01 Jan 1975 00:00:00 UTC #}

  158.     - expire: {{ user['expire'] * 86400 }}

  159.         {% elif grains['kernel'] == 'Linux' and

  160.             user['expire'] > 84006 %}

  161.         {# 2932896 days since epoch equals 9999-12-31 #}

  162.     - expire: {{ (user['expire'] / 86400) | int}}

  163.         {% else %}

  164.     - expire: {{ user['expire'] }}

  165.         {% endif %}

  166.     {% endif -%}

  167.     {% if 'mindays' in user %}

  168.     - mindays: {{ user.get('mindays', None) }}

  169.     {% endif %}

  170.     {% if 'maxdays' in user %}

  171.     - maxdays: {{ user.get('maxdays', None) }}

  172.     {% endif %}

  173.     {% if 'inactdays' in user %}

  174.     - inactdays: {{ user.get('inactdays', None) }}

  175.     {% endif %}

  176.     {% if 'warndays' in user %}

  177.     - warndays: {{ user.get('warndays', None) }}

  178.     {% endif %}

  179.     - remove_groups: {{ user.get('remove_groups', 'False') }}

  180.     - groups:

  181.       - {{ user_group }}

  182.       {% for group in user.get('groups', []) -%}

  183.       - {{ group }}

  184.       {% endfor %}

  185.     {% if 'optional_groups' in user %}

  186.     - optional_groups:

  187.       {% for optional_group in user['optional_groups'] -%}

  188.       - {{optional_group}}

  189.       {% endfor %}

  190.     {% endif %}

  191.     - require:

  192.       - group: {{ user_group }}

  193.       {% for group in user.get('groups', []) -%}

  194.       - group: {{ group }}

  195.       {% endfor %}

  196. 

  197. 

  198.   {% if 'ssh_keys' in user or

  199.       'ssh_auth' in user or

  200.       'ssh_auth_file' in user or

  201.       'ssh_auth_pillar' in user or

  202.       'ssh_auth.absent' in user or

  203.       'ssh_config' in user %}

  204. user_keydir_{{ name }}:

  205.   file.directory:

  206.     - name: {{ home }}/.ssh

  207.     - user: {{ name }}

  208.     - group: {{ user_group }}

  209.     - makedirs: True

  210.     - mode: 700

  211.     - dir_mode: 700

  212.     - require:

  213.       - user: {{ name }}

  214.       - group: {{ user_group }}

  215.       {%- for group in user.get('groups', []) %}

  216.       - group: {{ group }}

  217.       {%- endfor %}

  218.   {% endif %}

  219. 

  220.   {% if 'ssh_keys' in user %}

  221.     {% for _key in user.ssh_keys.keys() %}

  222.       {% if _key == 'privkey' %}

  223.         {% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') %}

  224.       {% elif _key ==  'pubkey' %}

  225.         {% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') + '.pub' %}

  226.       {% else %}

  227.         {% set key_name = _key %}

  228.       {% endif %}

  229. users_{{ name }}_{{ key_name }}_key:

  230.   file.managed:

  231.     - name: {{ home }}/.ssh/{{ key_name }}

  232.     - user: {{ name }}

  233.     - group: {{ user_group }}

  234.       {% if key_name.endswith(".pub") %}

  235.     - mode: 644

  236.       {% else %}

  237.     - mode: 600

  238.       {% endif %}

  239.     - show_diff: False

  240.     {%- set key_value = salt['pillar.get']('users:'+name+':ssh_keys:'+_key) %}

  241.     {%- if 'salt://' in key_value[:7] %}

  242.     - source: {{ key_value }}

  243.     {%- else %}

  244.     - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }}

  245.     {%- endif %}

  246.     - require:

  247.       - user: users_{{ name }}_user

  248.       {% for group in user.get('groups', []) %}

  249.       - group: users_{{ name }}_{{ group }}_group

  250.       {% endfor %}

  251.     {% endfor %}

  252.   {% endif %}

  253. 

  254. 

  255. {% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %}

  256. users_authorized_keys_{{ name }}:

  257.   file.managed:

  258.     - name: {{ home }}/.ssh/authorized_keys

  259.     - user: {{ name }}

  260.     - group: {{ user_group }}

  261.     - mode: 600

  262. {% if 'ssh_auth_file' in user %}

  263.     - contents: |

  264.         {% for auth in user.ssh_auth_file -%}

  265.         {{ auth }}

  266.         {% endfor -%}

  267. {% else %}

  268.     - contents: |

  269.         {%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %}

  270.         {{ salt['pillar.get'](pillar_name + ':' + key_name + ':pubkey', '') }}

  271.         {%- endfor %}

  272. {% endif %}

  273. {% endif %}

  274. 

  275. {% if 'ssh_auth' in user %}

  276. {% for auth in user['ssh_auth'] %}

  277. users_ssh_auth_{{ name }}_{{ loop.index0 }}:

  278.   ssh_auth.present:

  279.     - user: {{ name }}

  280.     - name: {{ auth }}

  281.     - require:

  282.         - file: user_keydir_{{ name }}

  283.         - user: users_{{ name }}_user

  284. {% endfor %}

  285. {% endif %}

  286. 

  287. {% if 'ssh_keys_pillar' in user %}

  288. {% for key_name, pillar_name in user['ssh_keys_pillar'].items() %}

  289. user_ssh_keys_files_{{ name }}_{{ key_name }}_private_key:

  290.   file.managed:

  291.     - name: {{ home }}/.ssh/{{ key_name }}

  292.     - user: {{ name }}

  293.     - group: {{ user_group }}

  294.     - mode: 600

  295.     - show_diff: False

  296.     - contents_pillar: {{ pillar_name }}:{{ key_name }}:privkey

  297.     - require:

  298.       - user: users_{{ name }}_user

  299.       {% for group in user.get('groups', []) %}

  300.       - group: users_{{ name }}_{{ group }}_group

  301.       {% endfor %}

  302. user_ssh_keys_files_{{ name }}_{{ key_name }}_public_key:

  303.   file.managed:

  304.     - name: {{ home }}/.ssh/{{ key_name }}.pub

  305.     - user: {{ name }}

  306.     - group: {{ user_group }}

  307.     - mode: 644

  308.     - show_diff: False

  309.     - contents_pillar: {{ pillar_name }}:{{ key_name }}:pubkey

  310.     - require:

  311.       - user: users_{{ name }}_user

  312.       {% for group in user.get('groups', []) %}

  313.       - group: users_{{ name }}_{{ group }}_group

  314.       {% endfor %}

  315. {% endfor %}

  316. {% endif %}

  317. 

  318. {% if 'ssh_auth_sources' in user %}

  319. {% for pubkey_file in user['ssh_auth_sources'] %}

  320. users_ssh_auth_source_{{ name }}_{{ loop.index0 }}:

  321.   ssh_auth.present:

  322.     - user: {{ name }}

  323.     - source: {{ pubkey_file }}

  324.     - require:

  325.         {% if createhome -%}

  326.         - file: users_{{ name }}_user

  327.         {% endif -%}

  328.         - user: users_{{ name }}_user

  329. {% endfor %}

  330. {% endif %}

  331. 

  332. {% if 'ssh_auth_sources.absent' in user %}

  333. {% for pubkey_file in user['ssh_auth_sources.absent'] %}

  334. users_ssh_auth_source_delete_{{ name }}_{{ loop.index0 }}:

  335.   ssh_auth.absent:

  336.     - user: {{ name }}

  337.     - source: {{ pubkey_file }}

  338.     - require:

  339.         {% if createhome -%}

  340.         - file: users_{{ name }}_user

  341.         {% endif -%}

  342.         - user: users_{{ name }}_user

  343. {% endfor %}

  344. {% endif %}

  345. 

  346. {% if 'ssh_auth.absent' in user %}

  347. {% for auth in user['ssh_auth.absent'] %}

  348. users_ssh_auth_delete_{{ name }}_{{ loop.index0 }}:

  349.   ssh_auth.absent:

  350.     - user: {{ name }}

  351.     - name: {{ auth }}

  352.     - require:

  353.         {% if createhome -%}

  354.         - file: users_{{ name }}_user

  355.         {% endif -%}

  356.         - user: users_{{ name }}_user

  357. {% endfor %}

  358. {% endif %}

  359. 

  360. {% if 'ssh_config' in user %}

  361. users_ssh_config_{{ name }}:

  362.   file.managed:

  363.     - name: {{ home }}/.ssh/config

  364.     - user: {{ name }}

  365.     - group: {{ user_group }}

  366.     - mode: 640

  367.     - contents: |

  368.         # Managed by Saltstack

  369.         # Do Not Edit

  370.         {% for label, setting in user.ssh_config.items() %}

  371.         # {{ label }}

  372.         Host {{ setting.get('hostname') }}

  373.           {%- for opts in setting.get('options') %}

  374.           {{ opts }}

  375.           {%- endfor %}

  376.         {% endfor -%}

  377. {% endif %}

  378. 

  379. {% if 'ssh_known_hosts' in user %}

  380. {% for hostname, host in user['ssh_known_hosts'].items() %}

  381. users_ssh_known_hosts_{{ name }}_{{ loop.index0 }}:

  382.   ssh_known_hosts.present:

  383.     - user: {{ name }}

  384.     - name: {{ hostname }}

  385.     {% if 'port' in host %}

  386.     - port: {{ host['port'] }}

  387.     {% endif -%}

  388.     {% if 'fingerprint' in host %}

  389.     - fingerprint: {{ host['fingerprint'] }}

  390.     {% endif -%}

  391.     {% if 'key' in host %}

  392.     - key: {{ host['key'] }}

  393.     {% endif -%}

  394.     {% if 'enc' in host %}

  395.     - enc: {{ host['enc'] }}

  396.     {% endif -%}

  397.     {% if 'hash_known_hosts' in host %}

  398.     - hash_known_hosts: {{ host['hash_known_hosts'] }}

  399.     {% endif -%}

  400.     {% if 'timeout' in host %}

  401.     - timeout: {{ host['timeout'] }}

  402.     {% endif -%}

  403.     {% if 'fingerprint_hash_type' in host %}

  404.     - fingerprint_hash_type: {{ host['fingerprint_hash_type'] }}

  405.     {% endif -%}

  406. {% endfor %}

  407. {% endif %}

  408. 

  409. {% if 'ssh_known_hosts.absent' in user %}

  410. {% for host in user['ssh_known_hosts.absent'] %}

  411. users_ssh_known_hosts_delete_{{ name }}_{{ loop.index0 }}:

  412.   ssh_known_hosts.absent:

  413.     - user: {{ name }}

  414.     - name: {{ host }}

  415. {% endfor %}

  416. {% endif %}

  417. {% endif %}

  418. 

  419. {% set sudoers_d_filename = name|replace('.','_') %}

  420. {% if 'sudouser' in user and user['sudouser'] %}

  421. 

  422. users_sudoer-{{ name }}:

  423.   file.managed:

  424.     - replace: False

  425.     - name: {{ users.sudoers_dir }}/{{ sudoers_d_filename }}

  426.     - user: root

  427.     - group: {{ users.root_group }}

  428.     - mode: '0440'

  429. {% if 'sudo_rules' in user or 'sudo_defaults' in user %}

  430. #{#%

  431. {% if 'sudo_rules' in user %}

  432. {% for rule in user['sudo_rules'] %}

  433. "validate {{ name }} sudo rule {{ loop.index0 }} {{ name }} {{ rule }}":

  434.   cmd.run:

  435.     - name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }'

  436.     - stateful: True

  437.     - shell: {{ users.visudo_shell }}

  438.     - env:

  439.       # Specify the rule via an env var to avoid shell quoting issues.

  440.       - rule: "{{ name }} {{ rule }}"

  441.     - require_in:

  442.       - file: users_{{ users.sudoers_dir }}/{{ name }}

  443. {% endfor %}

  444. {% endif %}

  445. {% if 'sudo_defaults' in user %}

  446. {% for entry in user['sudo_defaults'] %}

  447. "validate {{ name }} sudo Defaults {{ loop.index0 }} {{ name }} {{ entry }}":

  448.   cmd.run:

  449.     - name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }'

  450.     - stateful: True

  451.     - shell: {{ users.visudo_shell }}

  452.     - env:

  453.       # Specify the rule via an env var to avoid shell quoting issues.

  454.       - rule: "Defaults:{{ name }} {{ entry }}"

  455.     - require_in:

  456.       - file: users_{{ users.sudoers_dir }}/{{ name }}

  457. {% endfor %}

  458. {% endif %}

  459. #%#}

  460. 

  461. users_{{ users.sudoers_dir }}/{{ name }}:

  462.   file.managed:

  463.     - replace: True

  464.     - name: {{ users.sudoers_dir }}/{{ sudoers_d_filename }}

  465.     - contents: |

  466.       {%- if 'sudo_defaults' in user %}

  467.       {%- for entry in user['sudo_defaults'] %}

  468.         Defaults:{{ name }} {{ entry }}

  469.       {%- endfor %}

  470.       {%- endif %}

  471.       {%- if 'sudo_rules' in user %}

  472.         ########################################################################

  473.         # File managed by Salt (users-formula).

  474.         # Your changes will be overwritten.

  475.         ########################################################################

  476.         #

  477.       {%- for rule in user['sudo_rules'] %}

  478.         {{ name }} {{ rule }}

  479.       {%- endfor %}

  480.       {%- endif %}

  481.     - require:

  482.       - file: users_sudoer-defaults

  483.       - file: users_sudoer-{{ name }}

  484.   cmd.wait:

  485.     - name: visudo -cf {{ users.sudoers_dir }}/{{ sudoers_d_filename }} || ( rm -rvf {{ users.sudoers_dir }}/{{ sudoers_d_filename }}; exit 1 )

  486.     - watch:

  487.       - file: {{ users.sudoers_dir }}/{{ sudoers_d_filename }}

  488. {% endif %}

  489. {% else %}

  490. users_{{ users.sudoers_dir }}/{{ sudoers_d_filename }}:

  491.   file.absent:

  492.     - name: {{ users.sudoers_dir }}/{{ sudoers_d_filename }}

  493. {% endif %}

  494. 

  495. {%- if 'google_auth' in user %}

  496. {%- for svc in user['google_auth'] %}

  497. users_googleauth-{{ svc }}-{{ name }}:

  498.   file.managed:

  499.     - replace: false

  500.     - name: {{ users.googleauth_dir }}/{{ name }}_{{ svc }}

  501.     - contents_pillar: 'users:{{ name }}:google_auth:{{ svc }}'

  502.     - user: root

  503.     - group: {{ users.root_group }}

  504.     - mode: 400

  505.     - require:

  506.       - pkg: users_googleauth-package

  507. {%- endfor %}

  508. {%- endif %}

  509. 

  510. # this doesn't work (Salt bug), therefore need to run state.apply twice

  511. #include:

  512. #  - users

  513. #

  514. #git:

  515. #  pkg.installed:

  516. #    - require_in:

  517. #      - sls: users

  518. #

  519. {% if salt['cmd.has_exec']('git') %}

  520. 

  521. {% if 'gitconfig' in user %}

  522. {% for key, value in user['gitconfig'].items() %}

  523. users_{{ name }}_user_gitconfig_{{ loop.index0 }}:

  524.   {% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %}

  525.   git.config_set:

  526.   {% else %}

  527.   git.config:

  528.   {% endif %}

  529.     - name: {{ key }}

  530.     - value: "{{ value }}"

  531.     - user: {{ name }}

  532.     {% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %}

  533.     - global: True

  534.     {% else %}

  535.     - is_global: True

  536.     {% endif %}

  537. {% endfor %}

  538. {% endif %}

  539. 

  540. {% if 'gitconfig.absent' in user and grains['saltversioninfo'] >= [2015, 8, 0, 0] %}

  541. {% for key in user.get('gitconfig.absent') %}

  542. users_{{ name }}_user_gitconfig_absent_{{ key }}:

  543.   git.config_unset:

  544.     - name: '{{ key }}'

  545.     - user: {{ name }}

  546.     - global: True

  547.     - all: True

  548. {% endfor %}

  549. {% endif %}

  550. 

  551. {% endif %}

  552. 

  553. {% endfor %}

  554. 

  555. 

  556. {% for name, user in pillar.get('users', {}).items()

  557.         if user.absent is defined and user.absent %}

  558. users_absent_user_{{ name }}:

  559. {% if 'purge' in user or 'force' in user %}

  560.   user.absent:

  561.     - name: {{ name }}

  562.     {% if 'purge' in user %}

  563.     - purge: {{ user['purge'] }}

  564.     {% endif %}

  565.     {% if 'force' in user %}

  566.     - force: {{ user['force'] }}

  567.     {% endif %}

  568. {% else %}

  569.   user.absent:

  570.     - name: {{ name }}

  571. {% endif -%}

  572. users_{{ users.sudoers_dir }}/{{ name }}:

  573.   file.absent:

  574.     - name: {{ users.sudoers_dir }}/{{ name }}

  575. {% endfor %}

  576. 

  577. {% for user in pillar.get('absent_users', []) %}

  578. users_absent_user_2_{{ user }}:

  579.   user.absent:

  580.     - name: {{ user }}

  581. users_2_{{ users.sudoers_dir }}/{{ user }}:

  582.   file.absent:

  583.     - name: {{ users.sudoers_dir }}/{{ user }}

  584. {% endfor %}

  585. 

  586. {% for group in pillar.get('absent_groups', []) %}

  587. users_absent_group_{{ group }}:

  588.   group.absent:

  589.     - name: {{ group }}

  590. {% endfor %}