salt
/
users-formula
atdalīts no ExternalMirrors/users-formula
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 0
Kods Laidieni 0 Aktivitāte
Saltstack Official Users Formula
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
145 Revīzijas
2 Atzari
Koks: 03f2158f23
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '03f2158f23'
${ noResults }
users-formula/users/init.sls

init.sls 10KB
Neapstrādāts Parastais skats Vēsture

Add support FreeBSD using map.jinja (Tested on Freebsd10)
pirms 10 gadiem
google auth package and config installation
pirms 10 gadiem
Fix some smaller bugs. Signed-off-by: René Jochum <rene@jochums.at>
pirms 9 gadiem
google auth package and config installation
pirms 10 gadiem
Initial commit
pirms 11 gadiem
Fix some smaller bugs. Signed-off-by: René Jochum <rene@jochums.at>
pirms 9 gadiem
possibility to define alternate user`s prime group
pirms 11 gadiem
Initial commit
pirms 11 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Initial commit
pirms 11 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Clean up logic check to remove redundant check.
pirms 10 gadiem
Initial commit
pirms 11 gadiem
possibility to define alternate user`s prime group
pirms 11 gadiem
added option to specify user home directory mode
pirms 10 gadiem
Initial commit
pirms 11 gadiem
Fix users/init.sls. Signed-off-by: René Jochum <rene@jochums.at>
pirms 9 gadiem
possibility to define alternate user`s prime group
pirms 11 gadiem
If createhome is set to false, don't touch the home directory or its permissions.
pirms 10 gadiem
Initial commit
pirms 11 gadiem
possibility to define alternate user`s prime group
pirms 11 gadiem
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
pirms 11 gadiem
possibility to define alternate user`s prime group
pirms 11 gadiem
Initial commit
pirms 11 gadiem
Change default shell to /bin/csh on FreeBSD This also made it necessary to introduce an additional entry 'shell' into the users lookup table as the formula previously conflated the shell used for running the visudo command and the default shell to be used for user accounts. Fixes: #48
pirms 10 gadiem
Initial commit
pirms 11 gadiem
possibility to define alternate user`s prime group
pirms 11 gadiem
Add Password capabilities
pirms 10 gadiem
Allow '!' prefix in password for locked\disabled accounts. Signed-off-by: Tim Jones <me@prototim.com>
pirms 10 gadiem
Add Password capabilities
pirms 10 gadiem
Adding support for the enforce_password option. This will allow users change their passwords after the initial setting in Salt.
pirms 9 gadiem
Do not escape value of `enforce_password` Fixes #82.
pirms 9 gadiem
Adding support for the enforce_password option. This will allow users change their passwords after the initial setting in Salt.
pirms 9 gadiem
Add ability to create system users.
pirms 10 gadiem
possibility to define alternate user`s prime group
pirms 11 gadiem
Initial commit
pirms 11 gadiem
possibility to define alternate user`s prime group
pirms 11 gadiem
Initial commit
pirms 11 gadiem
possibility to define alternate user`s prime group
pirms 11 gadiem
Add 'createhome' option for 'user.present' state
pirms 10 gadiem
Add support for setting user expire
pirms 10 gadiem
Sorry for the spam, simplify this remove_groups rule a bit
pirms 10 gadiem
Initial commit
pirms 11 gadiem
possibility to define alternate user`s prime group
pirms 11 gadiem
Initial commit
pirms 11 gadiem
possibility to define alternate user`s prime group
pirms 11 gadiem
Initial commit
pirms 11 gadiem
Merge branch 'master' of github.com:pcdummy/saltstack-users-formula Signed-off-by: René Jochum <rene@jochums.at> Conflicts: pillar.example users/init.sls
pirms 9 gadiem
the user's .ssh directory should be created if ssh_auth_file is supplied
pirms 9 gadiem
Initial commit
pirms 11 gadiem
possibility to define alternate user`s prime group
pirms 11 gadiem
Initial commit
pirms 11 gadiem
Change .ssh permissions to 700
pirms 11 gadiem
Initial commit
pirms 11 gadiem
possibility to define alternate user`s prime group
pirms 11 gadiem
Initial commit
pirms 11 gadiem
possibility to define alternate user`s prime group
pirms 11 gadiem
Fix some smaller bugs. Signed-off-by: René Jochum <rene@jochums.at>
pirms 9 gadiem
Initial commit
pirms 11 gadiem
Modified Private Keys and Sudoers Changed Private keys to have content within pillar rather than the salt file repository. Changes sudoers entry to get values from pillar rather than assuming all sudo users want root.
pirms 11 gadiem
Add and support ssh_key_type attribute to allow for dsa ssh key pairs
pirms 11 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Initial commit
pirms 11 gadiem
Add and support ssh_key_type attribute to allow for dsa ssh key pairs
pirms 11 gadiem
Initial commit
pirms 11 gadiem
possibility to define alternate user`s prime group
pirms 11 gadiem
Initial commit
pirms 11 gadiem
Do not echo Public/Private keys to stdout when running the state
pirms 10 gadiem
Changed 'contents' to 'contents_pillar' to correctly parse newlines for private/public SSH keys.
pirms 11 gadiem
Initial commit
pirms 11 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Initial commit
pirms 11 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Initial commit
pirms 11 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Initial commit
pirms 11 gadiem
Add and support ssh_key_type attribute to allow for dsa ssh key pairs
pirms 11 gadiem
Initial commit
pirms 11 gadiem
change pub key to use user_group if you set an alternate prime_group this would break, replaced {{ name }} with {{ user_group }}
pirms 11 gadiem
Initial commit
pirms 11 gadiem
Do not echo Public/Private keys to stdout when running the state
pirms 10 gadiem
Fix pubkey privkey typo Fixes #22
pirms 10 gadiem
Initial commit
pirms 11 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Initial commit
pirms 11 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Initial commit
pirms 11 gadiem
Move ssh_auth_file key processing to before ssh_auth key to extend instead of overwrite functionality.
pirms 10 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Move ssh_auth_file key processing to before ssh_auth key to extend instead of overwrite functionality.
pirms 10 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Move ssh_auth_file key processing to before ssh_auth key to extend instead of overwrite functionality.
pirms 10 gadiem
Initial commit
pirms 11 gadiem
New format of user.absent support introduced. Old format still supported.
pirms 10 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Initial commit
pirms 11 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Initial commit
pirms 11 gadiem
Add pulling keys from other pillar. Example pillar: ssh_keys: id_rsa: privkey: | -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+ GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI -----END RSA PRIVATE KEY----- pubkey: | ssh-rsa MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2H....
pirms 9 gadiem
Rework ssh_keys_pillar-related states SSH key pairs deployed via the user's ssh_keys_pillar dict aren't handled the same as the user's ssh_keys, e.g., file ownership and permissions aren't specified, and the keying material gets copied directly into the SLS file. This change rewrites the two templated file.managed states to behave as follows: - set the files' owner to be the user - set the files' group to be the user's primary group - for the public key, set the mode to 644 (u=rw,go=r) - for the private key, set the mode to 600 (u=rw,g=) - pull the files' contents directly from pillar
pirms 9 gadiem
Add pulling keys from other pillar. Example pillar: ssh_keys: id_rsa: privkey: | -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+ GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI -----END RSA PRIVATE KEY----- pubkey: | ssh-rsa MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2H....
pirms 9 gadiem
Rework ssh_keys_pillar-related states SSH key pairs deployed via the user's ssh_keys_pillar dict aren't handled the same as the user's ssh_keys, e.g., file ownership and permissions aren't specified, and the keying material gets copied directly into the SLS file. This change rewrites the two templated file.managed states to behave as follows: - set the files' owner to be the user - set the files' group to be the user's primary group - for the public key, set the mode to 644 (u=rw,go=r) - for the private key, set the mode to 600 (u=rw,g=) - pull the files' contents directly from pillar
pirms 9 gadiem
Add pulling keys from other pillar. Example pillar: ssh_keys: id_rsa: privkey: | -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+ GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI -----END RSA PRIVATE KEY----- pubkey: | ssh-rsa MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2H....
pirms 9 gadiem
Rework ssh_keys_pillar-related states SSH key pairs deployed via the user's ssh_keys_pillar dict aren't handled the same as the user's ssh_keys, e.g., file ownership and permissions aren't specified, and the keying material gets copied directly into the SLS file. This change rewrites the two templated file.managed states to behave as follows: - set the files' owner to be the user - set the files' group to be the user's primary group - for the public key, set the mode to 644 (u=rw,go=r) - for the private key, set the mode to 600 (u=rw,g=) - pull the files' contents directly from pillar
pirms 9 gadiem
Add pulling keys from other pillar. Example pillar: ssh_keys: id_rsa: privkey: | -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+ GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI -----END RSA PRIVATE KEY----- pubkey: | ssh-rsa MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2H....
pirms 9 gadiem
Added option to source ssh public keys from files.
pirms 9 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Added option to source ssh public keys from files.
pirms 9 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Initial commit
pirms 11 gadiem
added option to remove ssh public keys from auth (ssh_auth.absent)
pirms 10 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
added option to remove ssh public keys from auth (ssh_auth.absent)
pirms 10 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
added option to remove ssh public keys from auth (ssh_auth.absent)
pirms 10 gadiem
Initial commit
pirms 11 gadiem
Add ~/.ssh/config management This adds the ability to manage the ~/.ssh/config file for users.
pirms 9 gadiem
Add "Do Not Edit" part
pirms 9 gadiem
Add ~/.ssh/config management This adds the ability to manage the ~/.ssh/config file for users.
pirms 9 gadiem
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
pirms 11 gadiem
Only include users.sudo when a user with sudouser is declared.
pirms 10 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
pirms 11 gadiem
Remove trailing slash from sudoers_dir
pirms 10 gadiem
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
pirms 11 gadiem
Remove leading whitespaces.
pirms 10 gadiem
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
pirms 11 gadiem
possibility to define user-specific Defaults
pirms 9 gadiem
Check for sudo_rules before text.append state. Since ebe5198f, if a user's pillar dict didn't contain sudo_rules, a broken file.append state would be rendered (since some text is required). With this patch, the file is still created/managed by the previous state, but will be empty by default if created fresh. This seems a more sensible default than assuming a default sudoer policy. Further, since the first word on each rule line should be the user's name, that is now assumed.
pirms 11 gadiem
Validate user sudo rules before applying them
pirms 10 gadiem
modified visudo to only report change in salt when there is an error.
pirms 10 gadiem
Remove leading whitespaces.
pirms 10 gadiem
Validate user sudo rules before applying them
pirms 10 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Validate user sudo rules before applying them
pirms 10 gadiem
possibility to define user-specific Defaults
pirms 9 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
possibility to define user-specific Defaults
pirms 9 gadiem
Validate user sudo rules before applying them
pirms 10 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Overwrite a sudoer file rather than append to fix #21
pirms 10 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Overwrite a sudoer file rather than append to fix #21
pirms 10 gadiem
possibility to define user-specific Defaults
pirms 9 gadiem
Overwrite a sudoer file rather than append to fix #21
pirms 10 gadiem
possibility to define user-specific Defaults
pirms 9 gadiem
Check for sudo_rules before text.append state. Since ebe5198f, if a user's pillar dict didn't contain sudo_rules, a broken file.append state would be rendered (since some text is required). With this patch, the file is still created/managed by the previous state, but will be empty by default if created fresh. This seems a more sensible default than assuming a default sudoer policy. Further, since the first word on each rule line should be the user's name, that is now assumed.
pirms 11 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Check for sudo_rules before text.append state. Since ebe5198f, if a user's pillar dict didn't contain sudo_rules, a broken file.append state would be rendered (since some text is required). With this patch, the file is still created/managed by the previous state, but will be empty by default if created fresh. This seems a more sensible default than assuming a default sudoer policy. Further, since the first word on each rule line should be the user's name, that is now assumed.
pirms 11 gadiem
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
pirms 11 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
pirms 11 gadiem
Remove trailing slash from sudoers_dir
pirms 10 gadiem
Initial commit
pirms 11 gadiem
google auth package and config installation
pirms 10 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
google auth package and config installation
pirms 10 gadiem
fix permission of GA config file
pirms 9 gadiem
google auth package and config installation
pirms 10 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
google auth package and config installation
pirms 10 gadiem
Initial commit
pirms 11 gadiem
Merge branch 'master' of github.com:pcdummy/saltstack-users-formula Signed-off-by: René Jochum <rene@jochums.at> Conflicts: pillar.example users/init.sls
pirms 9 gadiem
Fix some smaller bugs. Signed-off-by: René Jochum <rene@jochums.at>
pirms 9 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
New format of user.absent support introduced. Old format still supported.
pirms 10 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
New format of user.absent support introduced. Old format still supported.
pirms 10 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
New format of user.absent support introduced. Old format still supported.
pirms 10 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
New format of user.absent support introduced. Old format still supported.
pirms 10 gadiem
Remove trailing slash from sudoers_dir
pirms 10 gadiem
New format of user.absent support introduced. Old format still supported.
pirms 10 gadiem
Initial commit
pirms 11 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Initial commit
pirms 11 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
pirms 11 gadiem
Remove trailing slash from sudoers_dir
pirms 10 gadiem
Initial commit
pirms 11 gadiem
Add absent_groups pillar to remove groups.
pirms 11 gadiem
Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user).
pirms 9 gadiem
Add absent_groups pillar to remove groups.
pirms 11 gadiem
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365 
  1. # vim: sts=2 ts=2 sw=2 et ai

  2. {% from "users/map.jinja" import users with context %}

  3. {% set used_sudo = [] %}

  4. {% set used_googleauth = [] %}

  5. 

  6. {%- for name, user in pillar.get('users', {}).iteritems() if user.absent is not defined or not user.absent %}

  7. {%- if user == None -%}

  8. {%- set user = {} -%}

  9. {%- endif -%}

  10. {%- if 'sudouser' in user and user['sudouser'] %}

  11. {%- do used_sudo.append(1) %}

  12. {%- endif %}

  13. {%- if 'google_auth' in user %}

  14. {%- do used_googleauth.append(1) %}

  15. {%- endif %}

  16. {%- endfor %}

  17. 

  18. {%- if used_sudo or used_googleauth %}

  19. include:

  20. {%- if used_sudo %}

  21.   - users.sudo

  22. {%- endif %}

  23. {%- if used_googleauth %}

  24.   - users.googleauth

  25. {%- endif %}

  26. {%- endif %}

  27. 

  28. {% for name, user in pillar.get('users', {}).iteritems() if user.absent is not defined or not user.absent %}

  29. {%- if user == None -%}

  30. {%- set user = {} -%}

  31. {%- endif -%}

  32. {%- set home = user.get('home', "/home/%s" % name) -%}

  33. 

  34. {%- if 'prime_group' in user and 'name' in user['prime_group'] %}

  35. {%- set user_group = user.prime_group.name -%}

  36. {%- else -%}

  37. {%- set user_group = name -%}

  38. {%- endif %}

  39. 

  40. {% for group in user.get('groups', []) %}

  41. users_{{ name }}_{{ group }}_group:

  42.   group:

  43.     - name: {{ group }}

  44.     - present

  45. {% endfor %}

  46. 

  47. users_{{ name }}_user:

  48.   {% if user.get('createhome', True) %}

  49.   file.directory:

  50.     - name: {{ home }}

  51.     - user: {{ name }}

  52.     - group: {{ user_group }}

  53.     - mode: {{ user.get('user_dir_mode', '0750') }}

  54.     - require:

  55.       - user: users_{{ name }}_user

  56.       - group: {{ user_group }}

  57.   {%- endif %}

  58.   group.present:

  59.     - name: {{ user_group }}

  60.     {%- if 'prime_group' in user and 'gid' in user['prime_group'] %}

  61.     - gid: {{ user['prime_group']['gid'] }}

  62.     {%- elif 'uid' in user %}

  63.     - gid: {{ user['uid'] }}

  64.     {%- endif %}

  65.   user.present:

  66.     - name: {{ name }}

  67.     - home: {{ home }}

  68.     - shell: {{ user.get('shell', users.get('shell', '/bin/bash')) }}

  69.     {% if 'uid' in user -%}

  70.     - uid: {{ user['uid'] }}

  71.     {% endif -%}

  72.     {% if 'password' in user -%}

  73.     - password: '{{ user['password'] }}'

  74.     {% endif -%}

  75.     {% if 'enforce_password' in user -%}

  76.     - enforce_password: {{ user['enforce_password'] }}

  77.     {% endif -%}

  78.     {% if user.get('system', False) -%}

  79.     - system: True

  80.     {% endif -%}

  81.     {% if 'prime_group' in user and 'gid' in user['prime_group'] -%}

  82.     - gid: {{ user['prime_group']['gid'] }}

  83.     {% else -%}

  84.     - gid_from_name: True

  85.     {% endif -%}

  86.     {% if 'fullname' in user %}

  87.     - fullname: {{ user['fullname'] }}

  88.     {% endif -%}

  89.     {% if not user.get('createhome', True) %}

  90.     - createhome: False

  91.     {% endif %}

  92.     {% if 'expire' in user -%}

  93.     - expire: {{ user['expire'] }}

  94.     {% endif -%}

  95.     - remove_groups: {{ user.get('remove_groups', 'False') }}

  96.     - groups:

  97.       - {{ user_group }}

  98.       {% for group in user.get('groups', []) -%}

  99.       - {{ group }}

  100.       {% endfor %}

  101.     - require:

  102.       - group: {{ user_group }}

  103.       {% for group in user.get('groups', []) -%}

  104.       - group: {{ group }}

  105.       {% endfor %}

  106. 

  107. 

  108.   {% if 'ssh_keys' in user or 'ssh_auth' in user or 'ssh_auth_file' in user or 'ssh_auth.absent' in user %}

  109. user_keydir_{{ name }}:

  110.   file.directory:

  111.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh

  112.     - user: {{ name }}

  113.     - group: {{ user_group }}

  114.     - makedirs: True

  115.     - mode: 700

  116.     - require:

  117.       - user: {{ name }}

  118.       - group: {{ user_group }}

  119.       {%- for group in user.get('groups', []) %}

  120.       - group: {{ group }}

  121.       {%- endfor %}

  122.   {% endif %}

  123. 

  124.   {% if 'ssh_keys' in user %}

  125.   {% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %}

  126. users_user_{{ name }}_private_key:

  127.   file.managed:

  128.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }}

  129.     - user: {{ name }}

  130.     - group: {{ user_group }}

  131.     - mode: 600

  132.     - show_diff: False

  133.     - contents_pillar: users:{{ name }}:ssh_keys:privkey

  134.     - require:

  135.       - user: users_{{ name }}_user

  136.       {% for group in user.get('groups', []) %}

  137.       - group: users_{{ name }}_{{ group }}_group

  138.       {% endfor %}

  139. users_user_{{ name }}_public_key:

  140.   file.managed:

  141.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }}.pub

  142.     - user: {{ name }}

  143.     - group: {{ user_group }}

  144.     - mode: 644

  145.     - show_diff: False

  146.     - contents_pillar: users:{{ name }}:ssh_keys:pubkey

  147.     - require:

  148.       - user: users_{{ name }}_user

  149.       {% for group in user.get('groups', []) %}

  150.       - group: users_{{ name }}_{{ group }}_group

  151.       {% endfor %}

  152.   {% endif %}

  153. 

  154. {% if 'ssh_auth_file' in user %}

  155. users_authorized_keys_{{ name }}:

  156.   file.managed:

  157.     - name: {{ home }}/.ssh/authorized_keys

  158.     - user: {{ name }}

  159.     - group: {{ name }}

  160.     - mode: 600

  161.     - contents: |

  162.         {% for auth in user.ssh_auth_file -%}

  163.         {{ auth }}

  164.         {% endfor -%}

  165. {% endif %}

  166. 

  167. {% if 'ssh_auth' in user %}

  168. {% for auth in user['ssh_auth'] %}

  169. users_ssh_auth_{{ name }}_{{ loop.index0 }}:

  170.   ssh_auth.present:

  171.     - user: {{ name }}

  172.     - name: {{ auth }}

  173.     - require:

  174.         - file: users_{{ name }}_user

  175.         - user: users_{{ name }}_user

  176. {% endfor %}

  177. {% endif %}

  178. 

  179. {% if 'ssh_keys_pillar' in user %}

  180. {% for key_name, pillar_name in user['ssh_keys_pillar'].items() %}

  181. user_ssh_keys_files_{{ name }}_{{ key_name }}_private_key:

  182.   file.managed:

  183.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_name }}

  184.     - user: {{ name }}

  185.     - group: {{ user_group }}

  186.     - mode: 600

  187.     - show_diff: False

  188.     - contents_pillar: {{ pillar_name }}:{{ key_name }}:privkey

  189.     - require:

  190.       - user: users_{{ name }}_user

  191.       {% for group in user.get('groups', []) %}

  192.       - group: users_{{ name }}_{{ group }}_group

  193.       {% endfor %}

  194. user_ssh_keys_files_{{ name }}_{{ key_name }}_public_key:

  195.   file.managed:

  196.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_name }}.pub

  197.     - user: {{ name }}

  198.     - group: {{ user_group }}

  199.     - mode: 644

  200.     - show_diff: False

  201.     - contents_pillar: {{ pillar_name }}:{{ key_name }}:pubkey

  202.     - require:

  203.       - user: users_{{ name }}_user

  204.       {% for group in user.get('groups', []) %}

  205.       - group: users_{{ name }}_{{ group }}_group

  206.       {% endfor %}

  207. {% endfor %}

  208. {% endif %}

  209. 

  210. {% if 'ssh_auth_sources' in user %}

  211. {% for pubkey_file in user['ssh_auth_sources'] %}

  212. users_ssh_auth_source_{{ name }}_{{ loop.index0 }}:

  213.   ssh_auth.present:

  214.     - user: {{ name }}

  215.     - source: {{ pubkey_file }}

  216.     - require:

  217.         - file: users_{{ name }}_user

  218.         - user: users_{{ name }}_user

  219. {% endfor %}

  220. {% endif %}

  221. 

  222. {% if 'ssh_auth.absent' in user %}

  223. {% for auth in user['ssh_auth.absent'] %}

  224. users_ssh_auth_delete_{{ name }}_{{ loop.index0 }}:

  225.   ssh_auth.absent:

  226.     - user: {{ name }}

  227.     - name: {{ auth }}

  228.     - require:

  229.         - file: users_{{ name }}_user

  230.         - user: users_{{ name }}_user

  231. {% endfor %}

  232. {% endif %}

  233. 

  234. {% if 'ssh_config' in user %}

  235. users_ssh_config_{{ name }}:

  236.   file.managed:

  237.     - name: {{ home }}/.ssh/config

  238.     - user: {{ name }}

  239.     - group: {{ user_group }}

  240.     - mode: 640

  241.     - contents: |

  242.         # Managed by Saltstack

  243.         # Do Not Edit

  244.         {% for label, setting in user.ssh_config.items() %}

  245.         # {{ label }}

  246.         Host {{ setting.get('hostname') }}

  247.           {%- for opts in setting.get('options') %}

  248.           {{ opts }}

  249.           {%- endfor %}

  250.         {% endfor -%}

  251. {% endif %}

  252. 

  253. {% if 'sudouser' in user and user['sudouser'] %}

  254. 

  255. users_sudoer-{{ name }}:

  256.   file.managed:

  257.     - name: {{ users.sudoers_dir }}/{{ name }}

  258.     - user: root

  259.     - group: {{ users.root_group }}

  260.     - mode: '0440'

  261. {% if 'sudo_rules' in user or 'sudo_defaults' in user %}

  262. {% if 'sudo_rules' in user %}

  263. {% for rule in user['sudo_rules'] %}

  264. "validate {{ name }} sudo rule {{ loop.index0 }} {{ name }} {{ rule }}":

  265.   cmd.run:

  266.     - name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }'

  267.     - stateful: True

  268.     - shell: {{ users.visudo_shell }}

  269.     - env:

  270.       # Specify the rule via an env var to avoid shell quoting issues.

  271.       - rule: "{{ name }} {{ rule }}"

  272.     - require_in:

  273.       - file: users_{{ users.sudoers_dir }}/{{ name }}

  274. {% endfor %}

  275. {% endif %}

  276. {% if 'sudo_defaults' in user %}

  277. {% for entry in user['sudo_defaults'] %}

  278. "validate {{ name }} sudo Defaults {{ loop.index0 }} {{ name }} {{ entry }}":

  279.   cmd.run:

  280.     - name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }'

  281.     - stateful: True

  282.     - shell: {{ users.visudo_shell }}

  283.     - env:

  284.       # Specify the rule via an env var to avoid shell quoting issues.

  285.       - rule: "Defaults:{{ name }} {{ entry }}"

  286.     - require_in:

  287.       - file: users_{{ users.sudoers_dir }}/{{ name }}

  288. {% endfor %}

  289. {% endif %}

  290. 

  291. users_{{ users.sudoers_dir }}/{{ name }}:

  292.   file.managed:

  293.     - name: {{ users.sudoers_dir }}/{{ name }}

  294.     - contents: |

  295.       {%- if 'sudo_defaults' in user %}

  296.       {%- for entry in user['sudo_defaults'] %}

  297.         Defaults:{{ name }} {{ entry }}

  298.       {%- endfor %}

  299.       {%- endif %}

  300.       {%- if 'sudo_rules' in user %}

  301.       {%- for rule in user['sudo_rules'] %}

  302.         {{ name }} {{ rule }}

  303.       {%- endfor %}

  304.       {%- endif %}

  305.     - require:

  306.       - file: users_sudoer-defaults

  307.       - file: users_sudoer-{{ name }}

  308. {% endif %}

  309. {% else %}

  310. users_{{ users.sudoers_dir }}/{{ name }}:

  311.   file.absent:

  312.     - name: {{ users.sudoers_dir }}/{{ name }}

  313. {% endif %}

  314. 

  315. {%- if 'google_auth' in user %}

  316. {%- for svc in user['google_auth'] %}

  317. users_googleauth-{{ svc }}-{{ name }}:

  318.   file.managed:

  319.     - replace: false

  320.     - name: {{ users.googleauth_dir }}/{{ name }}_{{ svc }}

  321.     - contents_pillar: 'users:{{ name }}:google_auth:{{ svc }}'

  322.     - user: root

  323.     - group: {{ users.root_group }}

  324.     - mode: 400

  325.     - require:

  326.       - pkg: users_googleauth-package

  327. {%- endfor %}

  328. {%- endif %}

  329. 

  330. {% endfor %}

  331. 

  332. 

  333. {% for name, user in pillar.get('users', {}).iteritems() if user.absent is defined and user.absent %}

  334. users_absent_user_{{ name }}:

  335. {% if 'purge' in user or 'force' in user %}

  336.   user.absent:

  337.     - name: {{ name }}

  338.     {% if 'purge' in user %}

  339.     - purge: {{ user['purge'] }}

  340.     {% endif %}

  341.     {% if 'force' in user %}

  342.     - force: {{ user['force'] }}

  343.     {% endif %}

  344. {% else %}

  345.   user.absent:

  346.     - name: {{ name }}

  347. {% endif -%}

  348. users_{{ users.sudoers_dir }}/{{ name }}:

  349.   file.absent:

  350.     - name: {{ users.sudoers_dir }}/{{ name }}

  351. {% endfor %}

  352. 

  353. {% for user in pillar.get('absent_users', []) %}

  354. users_absent_user_2_{{ user }}:

  355.   user.absent

  356. users_2_{{ users.sudoers_dir }}/{{ user }}:

  357.   file.absent:

  358.     - name: {{ users.sudoers_dir }}/{{ user }}

  359. {% endfor %}

  360. 

  361. {% for group in pillar.get('absent_groups', []) %}

  362. users_absent_group_{{ group }}:

  363.   group.absent:

  364.     - name: {{ group }}

  365. {% endfor %}