Sfoglia il codice sorgente

Merge pull request #379 from aanriot/master

Support publisher_acl minion-level commands
master
Niels Abspoel 6 anni fa
parent
commit
0383f20d9d
Nessun account collegato all'indirizzo email del committer
1 ha cambiato i file con 31 aggiunte e 11 eliminazioni
  1. +31
    -11
      salt/files/master.d/f_defaults.conf

+ 31
- 11
salt/files/master.d/f_defaults.conf Vedi File

@@ -385,21 +385,46 @@ event_return_blacklist:
# This setting should be treated with care since it opens up execution
# capabilities to non root users. By default this capability is completely
# disabled.
#publisher_acl:
# larry:
# - test.ping
# - network.*
# - '*':
# - pkg.*
#
{% if 'publisher_acl' in cfg_master -%}
{%- do default_keys.append('publisher_acl') %}
publisher_acl:
{%- for name, user in cfg_master['publisher_acl']|dictsort %}
{{ name}}:
{%- for command in user %}
{%- for user, commands in cfg_master['publisher_acl']|dictsort %}
{{ user }}:
{%- for command in commands %}
{%- if command is mapping %}
{%- for target, targetcommands in command.items() %}
- {% raw %}'{% endraw %}{{ target }}{% raw %}'{% endraw %}:
{%- for targetcommand in targetcommands %}
- {% raw %}'{% endraw %}{{ targetcommand }}{% raw %}'{% endraw %}
{%- endfor -%}
{%- endfor -%}
{%- else %}
- {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %}
{%- endif %}
{%- endfor -%}
{%- endfor -%}
{% elif 'publisher_acl' in cfg_salt -%}
publisher_acl:
{%- for name, user in cfg_salt['publisher_acl']|dictsort %}
{{ name }}:
{%- for command in user %}
{%- for user, commands in cfg_salt['publisher_acl']|dictsort %}
{{ user }}:
{%- for command in commands %}
{%- if command is mapping %}
{%- for target, targetcommands in command.items() %}
- {% raw %}'{% endraw %}{{ target }}{% raw %}'{% endraw %}:
{%- for targetcommand in targetcommands %}
- {% raw %}'{% endraw %}{{ targetcommand }}{% raw %}'{% endraw %}
{%- endfor -%}
{%- endfor -%}
{%- else %}
- {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %}
{%- endif %}
{%- endfor -%}
{%- endfor -%}
{% elif 'client_acl' in cfg_master -%}
@@ -420,11 +445,6 @@ publisher_acl:
{%- endfor -%}
{%- endfor -%}
{% else -%}
#publisher_acl:
# larry:
# - test.ping
# - network.*
#
{%- endif %}

# Blacklist any of the following users or modules

Loading…
Annulla
Salva