瀏覽代碼

Merge pull request #87 from alxwr/auth_map

openssh.auth_map
master
alxwr 7 年之前
父節點
當前提交
9fddb0ea2a
共有 3 個檔案被更改,包括 53 行新增0 行删除
  1. +7
    -0
      README.rst
  2. +33
    -0
      openssh/auth_map.sls
  3. +13
    -0
      pillar.example

+ 7
- 0
README.rst 查看文件

@@ -23,6 +23,13 @@ Installs the ``openssh`` server package and service.

Manages SSH certificates for users.

``openssh.auth_map``
-----------

Same functionality as openssh.auth but with a simplified Pillar syntax.
Plays nicely with `Pillarstack
<https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.stack.html>`_.

``openssh.banner``
------------------


+ 33
- 0
openssh/auth_map.sls 查看文件

@@ -0,0 +1,33 @@
include:
- openssh

{% from "openssh/map.jinja" import openssh with context -%}
{%- set openssh_pillar = salt["pillar.get"]("openssh", {}) -%}
{%- set authorized_keys_file = salt["pillar.get"]("sshd_config:AuthorizedKeysFile", None) %}

{%- for store, config in salt["pillar.get"]("openssh:auth_map", {}).iteritems() %}
{%- set store_base = config["source"] %}
# SSH store openssh:auth_map:{{ store }}
{%- for user, keys in config.get("users", {}).iteritems() %}
{%- for key, key_cfg in keys.iteritems() %}
"ssh_auth--{{ store }}--{{ user }}--{{ key }}":
{%- set present = key_cfg.get("present", True) %}
{%- set options = key_cfg.get("options", []) %}
{%- if present %}
ssh_auth.present:
- require:
- service: {{ openssh.service }}
{%- else %}
ssh_auth.absent:
{%- endif %}
- user: {{ user }}
- source: {{ store_base }}/{{ key }}.pub
{%- if authorized_keys_file %}
- config: "{{ authorized_keys_file }}"
{%- endif %}
{%- if options %}
- options: "{{ options }}"
{%- endif %}
{%- endfor %}
{%- endfor %}
{%- endfor %}

+ 13
- 0
pillar.example 查看文件

@@ -166,6 +166,19 @@ openssh:
enc: ssh-rsa
comment: obsolete key - removed
source: salt://ssh_keys/joe.no-valid.pub
# Maps users to source files
# Designed to play nice with ext_pillar
# salt.states.ssh_auth: If source is set, comment and enc will be ignored
auth_map:
personal_keys: # store name
source: salt://ssh_keys
users:
joe:
joe.desktop: {}
joe.netbook:
options: [] # see salt.states.ssh_auth.present
joe.no-valid:
present: False

generate_dsa_keys: False
absent_dsa_keys: False

Loading…
取消
儲存