Browse Source

User publisher_acl setting in salt master config even if used client_acl in

pillar (backwards compatibility)
master
Vitali Quiering 7 years ago
parent
commit
f7189e2900
1 changed files with 6 additions and 6 deletions
  1. +6
    -6
      salt/files/master.d/f_defaults.conf

+ 6
- 6
salt/files/master.d/f_defaults.conf View File

{%- endfor -%} {%- endfor -%}
{% elif 'client_acl' in cfg_master -%} {% elif 'client_acl' in cfg_master -%}
{%- do default_keys.append('client_acl') %} {%- do default_keys.append('client_acl') %}
client_acl:
publisher_acl:
{%- for name, user in cfg_master['client_acl']|dictsort %} {%- for name, user in cfg_master['client_acl']|dictsort %}
{{ name}}: {{ name}}:
{%- for command in user %} {%- for command in user %}
{%- endfor -%} {%- endfor -%}
{%- endfor -%} {%- endfor -%}
{% elif 'client_acl' in cfg_salt -%} {% elif 'client_acl' in cfg_salt -%}
client_acl:
publisher_acl:
{%- for name, user in cfg_salt['client_acl']|dictsort %} {%- for name, user in cfg_salt['client_acl']|dictsort %}
{{ name }}: {{ name }}:
{%- for command in user %} {%- for command in user %}
{% endfor %} {% endfor %}
{% elif 'client_acl_blacklist' in cfg_master %} {% elif 'client_acl_blacklist' in cfg_master %}
{%- do default_keys.append('client_acl_blacklist') %} {%- do default_keys.append('client_acl_blacklist') %}
client_acl_blacklist:
publisher_acl_blacklist:
users: users:
{% for user in cfg_master['client_acl_blacklist'].get('users', []) %} {% for user in cfg_master['client_acl_blacklist'].get('users', []) %}
- {{ user }} - {{ user }}
- {{ mod }} - {{ mod }}
{% endfor %} {% endfor %}
{% elif 'client_acl_blacklist' in cfg_salt %} {% elif 'client_acl_blacklist' in cfg_salt %}
client_acl_blacklist:
publisher_acl_blacklist:
users: users:
{% for user in cfg_salt['client_acl_blacklist'].get('users', []) %} {% for user in cfg_salt['client_acl_blacklist'].get('users', []) %}
- {{ user }} - {{ user }}
- {{ mod }} - {{ mod }}
{% endfor %} {% endfor %}
{% else %} {% else %}
#client_acl_blacklist:
#publisher_acl_blacklist:
# users: # users:
# - root # - root
# - '^(?!sudo_).*$' # all non sudo users # - '^(?!sudo_).*$' # all non sudo users
# - cmd # - cmd
{% endif %} {% endif %}


# Enforce client_acl & client_acl_blacklist when users have sudo
# Enforce publisher_acl & publisher_acl_blacklist when users have sudo
# access to the salt command. # access to the salt command.
{{ get_config('sudo_acl', 'False') }} {{ get_config('sudo_acl', 'False') }}



Loading…
Cancel
Save