salt
/
openssh-formula
forked from ExternalMirrors/openssh-formula
Watch 1
Star 0
Fork 0
Code Releases 0 Activity
Browse Source

Merge pull request #87 from alxwr/auth_map 

openssh.auth_map
master
alxwr 7 years ago
parent
66c954ed66 674216d0ad
commit
9fddb0ea2a
3 changed files with 53 additions and 0 deletions
Unified View Show Diff Stats
  1. +7
    -0
      README.rst
  2. +33
    -0
      openssh/auth_map.sls
  3. +13
    -0
      pillar.example

+ 7
- 0
README.rst View File



Manages SSH certificates for users. Manages SSH certificates for users.


``openssh.auth_map``
-----------

Same functionality as openssh.auth but with a simplified Pillar syntax.
Plays nicely with `Pillarstack
<https://docs.saltstack.com/en/latest/ref/pillar/all/salt.pillar.stack.html>`_.

``openssh.banner`` ``openssh.banner``
------------------ ------------------



+ 33
- 0
openssh/auth_map.sls View File

include:
- openssh

{% from "openssh/map.jinja" import openssh with context -%}
{%- set openssh_pillar = salt["pillar.get"]("openssh", {}) -%}
{%- set authorized_keys_file = salt["pillar.get"]("sshd_config:AuthorizedKeysFile", None) %}

{%- for store, config in salt["pillar.get"]("openssh:auth_map", {}).iteritems() %}
{%- set store_base = config["source"] %}
# SSH store openssh:auth_map:{{ store }}
{%- for user, keys in config.get("users", {}).iteritems() %}
{%- for key, key_cfg in keys.iteritems() %}
"ssh_auth--{{ store }}--{{ user }}--{{ key }}":
{%- set present = key_cfg.get("present", True) %}
{%- set options = key_cfg.get("options", []) %}
{%- if present %}
ssh_auth.present:
- require:
- service: {{ openssh.service }}
{%- else %}
ssh_auth.absent:
{%- endif %}
- user: {{ user }}
- source: {{ store_base }}/{{ key }}.pub
{%- if authorized_keys_file %}
- config: "{{ authorized_keys_file }}"
{%- endif %}
{%- if options %}
- options: "{{ options }}"
{%- endif %}
{%- endfor %}
{%- endfor %}
{%- endfor %}

+ 13
- 0
pillar.example View File

enc: ssh-rsa enc: ssh-rsa
comment: obsolete key - removed comment: obsolete key - removed
source: salt://ssh_keys/joe.no-valid.pub source: salt://ssh_keys/joe.no-valid.pub
# Maps users to source files
# Designed to play nice with ext_pillar
# salt.states.ssh_auth: If source is set, comment and enc will be ignored
auth_map:
personal_keys: # store name
source: salt://ssh_keys
users:
joe:
joe.desktop: {}
joe.netbook:
options: [] # see salt.states.ssh_auth.present
joe.no-valid:
present: False


generate_dsa_keys: False generate_dsa_keys: False
absent_dsa_keys: False absent_dsa_keys: False

Write Preview
Loading…
Cancel
Save