ExternalMirrors
/
users-formula
mirror of https://github.com/saltstack-formulas/users-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 13 Wiki Activity
Saltstack Official Users Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
326 Commits
3 Branches
Tree: d4f8cf955d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd4f8cf955d'
${ noResults }
users-formula/users/init.sls

598 lines
17KB
Raw Blame History 

  1. # vim: sts=2 ts=2 sw=2 et ai

  2. {% from "users/map.jinja" import users with context %}

  3. {% set used_sudo = [] %}

  4. {% set used_googleauth = [] %}

  5. {% set used_user_files = [] %}

  6. 

  7. {% for group, setting in salt['pillar.get']('groups', {}).items() %}

  8. {%   if setting.absent is defined and setting.absent or setting.get('state', "present") == 'absent' %}

  9. users_group_absent_{{ group }}:

  10.   group.absent:

  11.     - name: {{ group }}

  12. {% else %}

  13. users_group_present_{{ group }}:

  14.   group.present:

  15.     - name: {{ group }}

  16.     - gid: {{ setting.get('gid', "null") }}

  17.     - system: {{ setting.get('system',"False") }}

  18.     - members: {{ setting.get('members')|json }}

  19.     - addusers: {{ setting.get('addusers')|json }}

  20.     - delusers: {{ setting.get('delusers')|json }}

  21. {% endif %}

  22. {% endfor %}

  23. 

  24. {%- for name, user in pillar.get('users', {}).items()

  25.         if user.absent is not defined or not user.absent %}

  26. {%- if user == None -%}

  27. {%- set user = {} -%}

  28. {%- endif -%}

  29. {%- if 'sudoonly' in user and user['sudoonly'] %}

  30. {%- set _dummy=user.update({'sudouser': True}) %}

  31. {%- endif %}

  32. {%- if 'sudouser' in user and user['sudouser'] %}

  33. {%- do used_sudo.append(1) %}

  34. {%- endif %}

  35. {%- if 'google_auth' in user %}

  36. {%- do used_googleauth.append(1) %}

  37. {%- endif %}

  38. {%- if salt['pillar.get']('users:' ~ name ~ ':user_files:enabled', False) %}

  39. {%- do used_user_files.append(1) %}

  40. {%- endif %}

  41. {%- endfor %}

  42. 

  43. {%- if used_sudo or used_googleauth or used_user_files %}

  44. include:

  45. {%- if used_sudo %}

  46.   - users.sudo

  47. {%- endif %}

  48. {%- if used_googleauth %}

  49.   - users.googleauth

  50. {%- endif %}

  51. {%- if used_user_files %}

  52.   - users.user_files

  53. {%- endif %}

  54. {%- endif %}

  55. 

  56. {% for name, user in pillar.get('users', {}).items()

  57.         if user.absent is not defined or not user.absent %}

  58. {%- if user == None -%}

  59. {%- set user = {} -%}

  60. {%- endif -%}

  61. {%- set current = salt.user.info(name) -%}

  62. {%- set home = user.get('home', current.get('home', "/home/%s" % name)) -%}

  63. {%- set createhome = user.get('createhome') -%}

  64. 

  65. {%- if 'prime_group' in user and 'name' in user['prime_group'] %}

  66. {%- set user_group = user.prime_group.name -%}

  67. {%- else -%}

  68. {%- set user_group = name -%}

  69. {%- endif %}

  70. 

  71. {%- if not ( 'sudoonly' in user and user['sudoonly'] ) %}

  72. {% for group in user.get('groups', []) %}

  73. users_{{ name }}_{{ group }}_group:

  74.   group.present:

  75.     - name: {{ group }}

  76.     {% if group == 'sudo' %}

  77.     - system: True

  78.     {% endif %}

  79. {% endfor %}

  80. 

  81. {# in case home subfolder doesn't exist, create it before the user exists #}

  82. {% if createhome -%}

  83. users_{{ name }}_user_prereq:

  84.   file.directory:

  85.     - name: {{ salt['file.dirname'](home) }}

  86.     - makedirs: True

  87.     - prereq:

  88.       - user: users_{{ name }}_user

  89. {%- endif %}

  90. 

  91. users_{{ name }}_user:

  92.   {% if createhome -%}

  93.   file.directory:

  94.     - name: {{ home }}

  95.     - user: {{ user.get('homedir_owner', name) }}

  96.     - group: {{ user.get('homedir_group', user_group) }}

  97.     - mode: {{ user.get('user_dir_mode', '0750') }}

  98.     - makedirs: True

  99.     - require:

  100.       - user: users_{{ name }}_user

  101.       - group: {{ user_group }}

  102.   {%- endif %}

  103.   group.present:

  104.     - name: {{ user_group }}

  105.     {%- if 'prime_group' in user and 'gid' in user['prime_group'] %}

  106.     - gid: {{ user['prime_group']['gid'] }}

  107.     {%- elif 'uid' in user %}

  108.     - gid: {{ user['uid'] }}

  109.     {%- endif %}

  110.     {% if 'system' in user and user['system'] %}

  111.     - system: True

  112.     {% endif %}

  113.   user.present:

  114.     - name: {{ name }}

  115.     - home: {{ home }}

  116.     - shell: {{ user.get('shell', current.get('shell', users.get('shell', '/bin/bash'))) }}

  117.     {% if 'uid' in user -%}

  118.     - uid: {{ user['uid'] }}

  119.     {% endif -%}

  120.     {% if 'password' in user -%}

  121.     - password: '{{ user['password'] }}'

  122.     {% endif -%}

  123.     {% if user.get('empty_password') -%}

  124.     - empty_password: {{ user.get('empty_password') }}

  125.     {% endif -%}

  126.     {% if 'enforce_password' in user -%}

  127.     - enforce_password: {{ user['enforce_password'] }}

  128.     {% endif -%}

  129.     {% if 'hash_password' in user -%}

  130.     - hash_password: {{ user['hash_password'] }}

  131.     {% endif -%}

  132.     {% if user.get('system', False) -%}

  133.     - system: True

  134.     {% endif -%}

  135.     {% if 'prime_group' in user and 'gid' in user['prime_group'] -%}

  136.     - gid: {{ user['prime_group']['gid'] }}

  137.     {% elif 'prime_group' in user and 'name' in user['prime_group'] %}

  138.     - gid: {{ user['prime_group']['name'] }}

  139.     {% else -%}

  140.     - gid_from_name: True

  141.     {% endif -%}

  142.     {% if 'fullname' in user %}

  143.     - fullname: {{ user['fullname'] }}

  144.     {% endif -%}

  145.     {% if 'roomnumber' in user %}

  146.     - roomnumber: {{ user['roomnumber'] }}

  147.     {% endif %}

  148.     {% if 'workphone' in user %}

  149.     - workphone: {{ user['workphone'] }}

  150.     {% endif %}

  151.     {% if 'homephone' in user %}

  152.     - homephone: {{ user['homephone'] }}

  153.     {% endif %}

  154.     - createhome: {{ createhome }}

  155.     {% if not user.get('unique', True) %}

  156.     - unique: False

  157.     {% endif %}

  158.     {%- if grains['saltversioninfo'] >= [2018, 3, 1] %}

  159.     - allow_gid_change: {{ users.allow_gid_change if 'allow_gid_change' not in user else user['allow_gid_change'] }}

  160.     {%- endif %}

  161.     {% if 'expire' in user -%}

  162.         {% if grains['kernel'].endswith('BSD') and

  163.             user['expire'] < 157766400 %}

  164.         {# 157762800s since epoch equals 01 Jan 1975 00:00:00 UTC #}

  165.     - expire: {{ user['expire'] * 86400 }}

  166.         {% elif grains['kernel'] == 'Linux' and

  167.             user['expire'] > 84006 %}

  168.         {# 2932896 days since epoch equals 9999-12-31 #}

  169.     - expire: {{ (user['expire'] / 86400) | int}}

  170.         {% else %}

  171.     - expire: {{ user['expire'] }}

  172.         {% endif %}

  173.     {% endif -%}

  174.     {% if 'mindays' in user %}

  175.     - mindays: {{ user.get('mindays', None) }}

  176.     {% endif %}

  177.     {% if 'maxdays' in user %}

  178.     - maxdays: {{ user.get('maxdays', None) }}

  179.     {% endif %}

  180.     {% if 'inactdays' in user %}

  181.     - inactdays: {{ user.get('inactdays', None) }}

  182.     {% endif %}

  183.     {% if 'warndays' in user %}

  184.     - warndays: {{ user.get('warndays', None) }}

  185.     {% endif %}

  186.     - remove_groups: {{ user.get('remove_groups', 'False') }}

  187.     - groups:

  188.       - {{ user_group }}

  189.       {% for group in user.get('groups', []) -%}

  190.       - {{ group }}

  191.       {% endfor %}

  192.     {% if 'optional_groups' in user %}

  193.     - optional_groups:

  194.       {% for optional_group in user['optional_groups'] -%}

  195.       - {{optional_group}}

  196.       {% endfor %}

  197.     {% endif %}

  198.     - require:

  199.       - group: {{ user_group }}

  200.       {% for group in user.get('groups', []) -%}

  201.       - group: {{ group }}

  202.       {% endfor %}

  203. 

  204. 

  205.   {% if 'ssh_keys' in user or

  206.       'ssh_auth' in user or

  207.       'ssh_auth_file' in user or

  208.       'ssh_auth_pillar' in user or

  209.       'ssh_auth.absent' in user or

  210.       'ssh_config' in user %}

  211. user_keydir_{{ name }}:

  212.   file.directory:

  213.     - name: {{ home }}/.ssh

  214.     - user: {{ name }}

  215.     - group: {{ user_group }}

  216.     - makedirs: True

  217.     - mode: 700

  218.     - dir_mode: 700

  219.     - require:

  220.       - user: {{ name }}

  221.       - group: {{ user_group }}

  222.       {%- for group in user.get('groups', []) %}

  223.       - group: {{ group }}

  224.       {%- endfor %}

  225.   {% endif %}

  226. 

  227.   {% if 'ssh_keys' in user %}

  228.     {% for _key in user.ssh_keys.keys() %}

  229.       {% if _key == 'privkey' %}

  230.         {% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') %}

  231.       {% elif _key ==  'pubkey' %}

  232.         {% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') + '.pub' %}

  233.       {% else %}

  234.         {% set key_name = _key %}

  235.       {% endif %}

  236. users_{{ name }}_{{ key_name }}_key:

  237.   file.managed:

  238.     - name: {{ home }}/.ssh/{{ key_name }}

  239.     - user: {{ name }}

  240.     - group: {{ user_group }}

  241.       {% if key_name.endswith(".pub") %}

  242.     - mode: 644

  243.       {% else %}

  244.     - mode: 600

  245.       {% endif %}

  246.     - show_diff: False

  247.     {%- set key_value = salt['pillar.get']('users:'+name+':ssh_keys:'+_key) %}

  248.     {%- if 'salt://' in key_value[:7] %}

  249.     - source: {{ key_value }}

  250.     {%- else %}

  251.     - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }}

  252.     {%- endif %}

  253.     - require:

  254.       - user: users_{{ name }}_user

  255.       {% for group in user.get('groups', []) %}

  256.       - group: users_{{ name }}_{{ group }}_group

  257.       {% endfor %}

  258.     {% endfor %}

  259.   {% endif %}

  260. 

  261. 

  262. {% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %}

  263. users_authorized_keys_{{ name }}:

  264.   file.managed:

  265.     - name: {{ home }}/.ssh/authorized_keys

  266.     - user: {{ name }}

  267.     - group: {{ user_group }}

  268.     - mode: 600

  269. {% if 'ssh_auth_file' in user %}

  270.     - contents: |

  271.         {% for auth in user.ssh_auth_file -%}

  272.         {{ auth }}

  273.         {% endfor -%}

  274. {% else %}

  275.     - contents: |

  276.         {%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %}

  277.         {{ salt['pillar.get'](pillar_name + ':' + key_name + ':pubkey', '') }}

  278.         {%- endfor %}

  279. {% endif %}

  280. {% endif %}

  281. 

  282. {% if 'ssh_auth' in user %}

  283. {% for auth in user['ssh_auth'] %}

  284. users_ssh_auth_{{ name }}_{{ loop.index0 }}:

  285.   ssh_auth.present:

  286.     - user: {{ name }}

  287.     - name: {{ auth }}

  288.     - require:

  289.         - file: user_keydir_{{ name }}

  290.         - user: users_{{ name }}_user

  291. {% endfor %}

  292. {% endif %}

  293. 

  294. {% if 'ssh_keys_pillar' in user %}

  295. {% for key_name, pillar_name in user['ssh_keys_pillar'].items() %}

  296. user_ssh_keys_files_{{ name }}_{{ key_name }}_private_key:

  297.   file.managed:

  298.     - name: {{ home }}/.ssh/{{ key_name }}

  299.     - user: {{ name }}

  300.     - group: {{ user_group }}

  301.     - mode: 600

  302.     - show_diff: False

  303.     - contents_pillar: {{ pillar_name }}:{{ key_name }}:privkey

  304.     - require:

  305.       - user: users_{{ name }}_user

  306.       {% for group in user.get('groups', []) %}

  307.       - group: users_{{ name }}_{{ group }}_group

  308.       {% endfor %}

  309. user_ssh_keys_files_{{ name }}_{{ key_name }}_public_key:

  310.   file.managed:

  311.     - name: {{ home }}/.ssh/{{ key_name }}.pub

  312.     - user: {{ name }}

  313.     - group: {{ user_group }}

  314.     - mode: 644

  315.     - show_diff: False

  316.     - contents_pillar: {{ pillar_name }}:{{ key_name }}:pubkey

  317.     - require:

  318.       - user: users_{{ name }}_user

  319.       {% for group in user.get('groups', []) %}

  320.       - group: users_{{ name }}_{{ group }}_group

  321.       {% endfor %}

  322. {% endfor %}

  323. {% endif %}

  324. 

  325. {% if 'ssh_auth_sources' in user %}

  326. {% for pubkey_file in user['ssh_auth_sources'] %}

  327. users_ssh_auth_source_{{ name }}_{{ loop.index0 }}:

  328.   ssh_auth.present:

  329.     - user: {{ name }}

  330.     - source: {{ pubkey_file }}

  331.     - require:

  332.         {% if createhome -%}

  333.         - file: users_{{ name }}_user

  334.         {% endif -%}

  335.         - user: users_{{ name }}_user

  336. {% endfor %}

  337. {% endif %}

  338. 

  339. {% if 'ssh_auth_sources.absent' in user %}

  340. {% for pubkey_file in user['ssh_auth_sources.absent'] %}

  341. users_ssh_auth_source_delete_{{ name }}_{{ loop.index0 }}:

  342.   ssh_auth.absent:

  343.     - user: {{ name }}

  344.     - source: {{ pubkey_file }}

  345.     - require:

  346.         {% if createhome -%}

  347.         - file: users_{{ name }}_user

  348.         {% endif -%}

  349.         - user: users_{{ name }}_user

  350. {% endfor %}

  351. {% endif %}

  352. 

  353. {% if 'ssh_auth.absent' in user %}

  354. {% for auth in user['ssh_auth.absent'] %}

  355. users_ssh_auth_delete_{{ name }}_{{ loop.index0 }}:

  356.   ssh_auth.absent:

  357.     - user: {{ name }}

  358.     - name: {{ auth }}

  359.     - require:

  360.         {% if createhome -%}

  361.         - file: users_{{ name }}_user

  362.         {% endif -%}

  363.         - user: users_{{ name }}_user

  364. {% endfor %}

  365. {% endif %}

  366. 

  367. {% if 'ssh_config' in user %}

  368. users_ssh_config_{{ name }}:

  369.   file.managed:

  370.     - name: {{ home }}/.ssh/config

  371.     - user: {{ name }}

  372.     - group: {{ user_group }}

  373.     - mode: 640

  374.     - contents: |

  375.         # Managed by Saltstack

  376.         # Do Not Edit

  377.         {% for label, setting in user.ssh_config.items() %}

  378.         # {{ label }}

  379.         Host {{ setting.get('hostname') }}

  380.           {%- for opts in setting.get('options') %}

  381.           {{ opts }}

  382.           {%- endfor %}

  383.         {% endfor -%}

  384. {% endif %}

  385. 

  386. {% if 'ssh_known_hosts' in user %}

  387. {% for hostname, host in user['ssh_known_hosts'].items() %}

  388. users_ssh_known_hosts_{{ name }}_{{ loop.index0 }}:

  389.   ssh_known_hosts.present:

  390.     - user: {{ name }}

  391.     - name: {{ hostname }}

  392.     {% if 'port' in host %}

  393.     - port: {{ host['port'] }}

  394.     {% endif -%}

  395.     {% if 'fingerprint' in host %}

  396.     - fingerprint: {{ host['fingerprint'] }}

  397.     {% endif -%}

  398.     {% if 'key' in host %}

  399.     - key: {{ host['key'] }}

  400.     {% endif -%}

  401.     {% if 'enc' in host %}

  402.     - enc: {{ host['enc'] }}

  403.     {% endif -%}

  404.     {% if 'hash_known_hosts' in host %}

  405.     - hash_known_hosts: {{ host['hash_known_hosts'] }}

  406.     {% endif -%}

  407.     {% if 'timeout' in host %}

  408.     - timeout: {{ host['timeout'] }}

  409.     {% endif -%}

  410.     {% if 'fingerprint_hash_type' in host %}

  411.     - fingerprint_hash_type: {{ host['fingerprint_hash_type'] }}

  412.     {% endif -%}

  413. {% endfor %}

  414. {% endif %}

  415. 

  416. {% if 'ssh_known_hosts.absent' in user %}

  417. {% for host in user['ssh_known_hosts.absent'] %}

  418. users_ssh_known_hosts_delete_{{ name }}_{{ loop.index0 }}:

  419.   ssh_known_hosts.absent:

  420.     - user: {{ name }}

  421.     - name: {{ host }}

  422. {% endfor %}

  423. {% endif %}

  424. {% endif %}

  425. 

  426. {% set sudoers_d_filename = name|replace('.','_') %}

  427. {% if 'sudouser' in user and user['sudouser'] %}

  428. 

  429. users_sudoer-{{ name }}:

  430.   file.managed:

  431.     - replace: False

  432.     - name: {{ users.sudoers_dir }}/{{ sudoers_d_filename }}

  433.     - user: root

  434.     - group: {{ users.root_group }}

  435.     - mode: '0440'

  436. {% if 'sudo_rules' in user or 'sudo_defaults' in user %}

  437. #{#%

  438. {% if 'sudo_rules' in user %}

  439. {% for rule in user['sudo_rules'] %}

  440. "validate {{ name }} sudo rule {{ loop.index0 }} {{ name }} {{ rule }}":

  441.   cmd.run:

  442.     - name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }'

  443.     - stateful: True

  444.     - shell: {{ users.visudo_shell }}

  445.     - env:

  446.       # Specify the rule via an env var to avoid shell quoting issues.

  447.       - rule: "{{ name }} {{ rule }}"

  448.     - require_in:

  449.       - file: users_{{ users.sudoers_dir }}/{{ name }}

  450. {% endfor %}

  451. {% endif %}

  452. {% if 'sudo_defaults' in user %}

  453. {% for entry in user['sudo_defaults'] %}

  454. "validate {{ name }} sudo Defaults {{ loop.index0 }} {{ name }} {{ entry }}":

  455.   cmd.run:

  456.     - name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }'

  457.     - stateful: True

  458.     - shell: {{ users.visudo_shell }}

  459.     - env:

  460.       # Specify the rule via an env var to avoid shell quoting issues.

  461.       - rule: "Defaults:{{ name }} {{ entry }}"

  462.     - require_in:

  463.       - file: users_{{ users.sudoers_dir }}/{{ name }}

  464. {% endfor %}

  465. {% endif %}

  466. #%#}

  467. 

  468. users_{{ users.sudoers_dir }}/{{ name }}:

  469.   file.managed:

  470.     - replace: True

  471.     - name: {{ users.sudoers_dir }}/{{ sudoers_d_filename }}

  472.     - contents: |

  473.       {%- if 'sudo_defaults' in user %}

  474.       {%- for entry in user['sudo_defaults'] %}

  475.         Defaults:{{ name }} {{ entry }}

  476.       {%- endfor %}

  477.       {%- endif %}

  478.       {%- if 'sudo_rules' in user %}

  479.         ########################################################################

  480.         # File managed by Salt (users-formula).

  481.         # Your changes will be overwritten.

  482.         ########################################################################

  483.         #

  484.       {%- for rule in user['sudo_rules'] %}

  485.         {{ name }} {{ rule }}

  486.       {%- endfor %}

  487.       {%- endif %}

  488.     - require:

  489.       - file: users_sudoer-defaults

  490.       - file: users_sudoer-{{ name }}

  491.   cmd.wait:

  492.     - name: visudo -cf {{ users.sudoers_dir }}/{{ sudoers_d_filename }} || ( rm -rvf {{ users.sudoers_dir }}/{{ sudoers_d_filename }}; exit 1 )

  493.     - watch:

  494.       - file: {{ users.sudoers_dir }}/{{ sudoers_d_filename }}

  495. {% endif %}

  496. {% else %}

  497. users_{{ users.sudoers_dir }}/{{ sudoers_d_filename }}:

  498.   file.absent:

  499.     - name: {{ users.sudoers_dir }}/{{ sudoers_d_filename }}

  500. {% endif %}

  501. 

  502. {%- if 'google_auth' in user %}

  503. {%- for svc in user['google_auth'] %}

  504. users_googleauth-{{ svc }}-{{ name }}:

  505.   file.managed:

  506.     - replace: false

  507.     - name: {{ users.googleauth_dir }}/{{ name }}_{{ svc }}

  508.     - contents_pillar: 'users:{{ name }}:google_auth:{{ svc }}'

  509.     - user: root

  510.     - group: {{ users.root_group }}

  511.     - mode: 400

  512.     - require:

  513.       - pkg: users_googleauth-package

  514. {%- endfor %}

  515. {%- endif %}

  516. 

  517. # this doesn't work (Salt bug), therefore need to run state.apply twice

  518. #include:

  519. #  - users

  520. #

  521. #git:

  522. #  pkg.installed:

  523. #    - require_in:

  524. #      - sls: users

  525. #

  526. {% if salt['cmd.has_exec']('git') %}

  527. 

  528. {% if 'gitconfig' in user %}

  529. {% for key, value in user['gitconfig'].items() %}

  530. users_{{ name }}_user_gitconfig_{{ loop.index0 }}:

  531.   {% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %}

  532.   git.config_set:

  533.   {% else %}

  534.   git.config:

  535.   {% endif %}

  536.     - name: {{ key }}

  537.     - value: "{{ value }}"

  538.     - user: {{ name }}

  539.     {% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %}

  540.     - global: True

  541.     {% else %}

  542.     - is_global: True

  543.     {% endif %}

  544. {% endfor %}

  545. {% endif %}

  546. 

  547. {% if 'gitconfig.absent' in user and grains['saltversioninfo'] >= [2015, 8, 0, 0] %}

  548. {% for key in user.get('gitconfig.absent') %}

  549. users_{{ name }}_user_gitconfig_absent_{{ key }}:

  550.   git.config_unset:

  551.     - name: '{{ key }}'

  552.     - user: {{ name }}

  553.     - global: True

  554.     - all: True

  555. {% endfor %}

  556. {% endif %}

  557. 

  558. {% endif %}

  559. 

  560. {% endfor %}

  561. 

  562. 

  563. {% for name, user in pillar.get('users', {}).items()

  564.         if user.absent is defined and user.absent %}

  565. users_absent_user_{{ name }}:

  566. {% if 'purge' in user or 'force' in user %}

  567.   user.absent:

  568.     - name: {{ name }}

  569.     {% if 'purge' in user %}

  570.     - purge: {{ user['purge'] }}

  571.     {% endif %}

  572.     {% if 'force' in user %}

  573.     - force: {{ user['force'] }}

  574.     {% endif %}

  575. {% else %}

  576.   user.absent:

  577.     - name: {{ name }}

  578. {% endif -%}

  579. users_{{ users.sudoers_dir }}/{{ name }}:

  580.   file.absent:

  581.     - name: {{ users.sudoers_dir }}/{{ name }}

  582. {% endfor %}

  583. 

  584. {% for user in pillar.get('absent_users', []) %}

  585. users_absent_user_2_{{ user }}:

  586.   user.absent:

  587.     - name: {{ user }}

  588. users_2_{{ users.sudoers_dir }}/{{ user }}:

  589.   file.absent:

  590.     - name: {{ users.sudoers_dir }}/{{ user }}

  591. {% endfor %}

  592. 

  593. {% for group in pillar.get('absent_groups', []) %}

  594. users_absent_group_{{ group }}:

  595.   group.absent:

  596.     - name: {{ group }}

  597. {% endfor %}