salt
/
users-formula
forked from ExternalMirrors/users-formula
Watch 1
Star 0
Fork 0
Code Releases 0 Activity
Saltstack Official Users Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 Commits
2 Branches
Tree: 07aeb2c4f8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '07aeb2c4f8'
${ noResults }
users-formula/users/init.sls

init.sls 4.4KB
Raw Normal View History

Initial commit
11 years ago
New format of user.absent support introduced. Old format still supported.
10 years ago
possibility to define alternate user`s prime group
11 years ago
Initial commit
11 years ago
SLS no longer fails for multiple groups
11 years ago
Initial commit
11 years ago
possibility to define alternate user`s prime group
11 years ago
Initial commit
11 years ago
possibility to define alternate user`s prime group
11 years ago
Initial commit
11 years ago
possibility to define alternate user`s prime group
11 years ago
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 years ago
possibility to define alternate user`s prime group
11 years ago
Initial commit
11 years ago
Fixed user default shell source Pulling 'shell' from pillar globally makes no sense, probably a mistake; pulling it from user instead.
11 years ago
Initial commit
11 years ago
possibility to define alternate user`s prime group
11 years ago
Initial commit
11 years ago
possibility to define alternate user`s prime group
11 years ago
Initial commit
11 years ago
possibility to define alternate user`s prime group
11 years ago
Initial commit
11 years ago
possibility to define alternate user`s prime group
11 years ago
Initial commit
11 years ago
possibility to define alternate user`s prime group
11 years ago
Initial commit
11 years ago
possibility to define alternate user`s prime group
11 years ago
Initial commit
11 years ago
Change .ssh permissions to 700
10 years ago
Initial commit
11 years ago
possibility to define alternate user`s prime group
11 years ago
Initial commit
11 years ago
possibility to define alternate user`s prime group
11 years ago
Initial commit
11 years ago
Modified Private Keys and Sudoers Changed Private keys to have content within pillar rather than the salt file repository. Changes sudoers entry to get values from pillar rather than assuming all sudo users want root.
10 years ago
Add and support ssh_key_type attribute to allow for dsa ssh key pairs
10 years ago
Initial commit
11 years ago
Add and support ssh_key_type attribute to allow for dsa ssh key pairs
10 years ago
Initial commit
11 years ago
possibility to define alternate user`s prime group
11 years ago
Initial commit
11 years ago
Changed 'contents' to 'contents_pillar' to correctly parse newlines for private/public SSH keys.
10 years ago
Initial commit
11 years ago
SLS no longer fails for multiple groups
11 years ago
Initial commit
11 years ago
Add and support ssh_key_type attribute to allow for dsa ssh key pairs
10 years ago
Initial commit
11 years ago
change pub key to use user_group if you set an alternate prime_group this would break, replaced {{ name }} with {{ user_group }}
10 years ago
Initial commit
11 years ago
Fix pubkey privkey typo Fixes #22
10 years ago
Initial commit
11 years ago
SLS no longer fails for multiple groups
11 years ago
Initial commit
11 years ago
New format of user.absent support introduced. Old format still supported.
10 years ago
Initial commit
11 years ago
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 years ago
Check for sudo_rules before text.append state. Since ebe5198f, if a user's pillar dict didn't contain sudo_rules, a broken file.append state would be rendered (since some text is required). With this patch, the file is still created/managed by the previous state, but will be empty by default if created fresh. This seems a more sensible default than assuming a default sudoer policy. Further, since the first word on each rule line should be the user's name, that is now assumed.
10 years ago
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 years ago
Check for sudo_rules before text.append state. Since ebe5198f, if a user's pillar dict didn't contain sudo_rules, a broken file.append state would be rendered (since some text is required). With this patch, the file is still created/managed by the previous state, but will be empty by default if created fresh. This seems a more sensible default than assuming a default sudoer policy. Further, since the first word on each rule line should be the user's name, that is now assumed.
10 years ago
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 years ago
Initial commit
11 years ago
New format of user.absent support introduced. Old format still supported.
10 years ago
Initial commit
11 years ago
better sudoers support & default gid add support for sudouser being False. change to adding sudoers config to /etc/sudoers.d/<user> adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
11 years ago
Initial commit
11 years ago
Add absent_groups pillar to remove groups.
10 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177 
  1. include:

  2.   - users.sudo

  3. 

  4. {% for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %}

  5. {%- if user == None -%}

  6. {%- set user = {} -%}

  7. {%- endif -%}

  8. {%- set home = user.get('home', "/home/%s" % name) -%}

  9. 

  10. {%- if 'prime_group' in user and 'name' in user['prime_group'] %}

  11. {%- set user_group = user.prime_group.name -%}

  12. {%- else -%}

  13. {%- set user_group = name -%}

  14. {%- endif %}

  15. 

  16. {% for group in user.get('groups', []) %}

  17. {{ name }}_{{ group }}_group:

  18.   group:

  19.     - name: {{ group }}

  20.     - present

  21. {% endfor %}

  22. 

  23. {{ name }}_user:

  24.   file.directory:

  25.     - name: {{ home }}

  26.     - user: {{ name }}

  27.     - group: {{ user_group }}

  28.     - mode: 0755

  29.     - require:

  30.       - user: {{ name }}

  31.       - group: {{ user_group }}

  32.   group.present:

  33.     - name: {{ user_group }}

  34.     {%- if 'prime_group' in user and 'gid' in user['prime_group'] %}

  35.     - gid: {{ user['prime_group']['gid'] }}

  36.     {%- elif 'uid' in user %}

  37.     - gid: {{ user['uid'] }}

  38.     {%- endif %}

  39.   user.present:

  40.     - name: {{ name }}

  41.     - home: {{ home }}

  42.     - shell: {{ user.get('shell', '/bin/bash') }}

  43.     {% if 'uid' in user -%}

  44.     - uid: {{ user['uid'] }}

  45.     {% endif -%}

  46.     {% if 'prime_group' in user and 'gid' in user['prime_group'] -%}

  47.     - gid: {{ user['prime_group']['gid'] }}

  48.     {% else -%}

  49.     - gid_from_name: True

  50.     {% endif -%}

  51.     {% if 'fullname' in user %}

  52.     - fullname: {{ user['fullname'] }}

  53.     {% endif -%}

  54.     - groups:

  55.       - {{ user_group }}

  56.       {% for group in user.get('groups', []) -%}

  57.       - {{ group }}

  58.       {% endfor %}

  59.     - require:

  60.       - group: {{ user_group }}

  61.       {% for group in user.get('groups', []) -%}

  62.       - group: {{ group }}

  63.       {% endfor %}

  64. 

  65. user_keydir_{{ name }}:

  66.   file.directory:

  67.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh

  68.     - user: {{ name }}

  69.     - group: {{ user_group }}

  70.     - makedirs: True

  71.     - mode: 700

  72.     - require:

  73.       - user: {{ name }}

  74.       - group: {{ user_group }}

  75.       {%- for group in user.get('groups', []) %}

  76.       - group: {{ group }}

  77.       {%- endfor %}

  78. 

  79.   {% if 'ssh_keys' in user %}

  80.   {% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %}

  81. user_{{ name }}_private_key:

  82.   file.managed:

  83.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }}

  84.     - user: {{ name }}

  85.     - group: {{ user_group }}

  86.     - mode: 600

  87.     - contents_pillar: users:{{ name }}:ssh_keys:privkey

  88.     - require:

  89.       - user: {{ name }}_user

  90.       {% for group in user.get('groups', []) %}

  91.       - group: {{ name }}_{{ group }}_group

  92.       {% endfor %}

  93. user_{{ name }}_public_key:

  94.   file.managed:

  95.     - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }}.pub

  96.     - user: {{ name }}

  97.     - group: {{ user_group }}

  98.     - mode: 644

  99.     - contents_pillar: users:{{ name }}:ssh_keys:pubkey

  100.     - require:

  101.       - user: {{ name }}_user

  102.       {% for group in user.get('groups', []) %}

  103.       - group: {{ name }}_{{ group }}_group

  104.       {% endfor %}

  105.   {% endif %}

  106. 

  107. 

  108. {% if 'ssh_auth' in user %}

  109. {% for auth in user['ssh_auth'] %}

  110. ssh_auth_{{ name }}_{{ loop.index0 }}:

  111.   ssh_auth.present:

  112.     - user: {{ name }}

  113.     - name: {{ auth }}

  114.     - require:

  115.         - file: {{ name }}_user

  116.         - user: {{ name }}_user

  117. {% endfor %}

  118. {% endif %}

  119. 

  120. 

  121. {% if 'sudouser' in user and user['sudouser'] %}

  122. sudoer-{{ name }}:

  123.   file.managed:

  124.     - name: /etc/sudoers.d/{{ name }}

  125.     - user: root

  126.     - group: root

  127.     - mode: '0440'

  128. {% if 'sudo_rules' in user %}

  129. /etc/sudoers.d/{{ name }}:

  130.   file.append:

  131.     - text:

  132.       {% for rule in user['sudo_rules'] %}

  133.       - "{{ name }} {{ rule }}"

  134.       {% endfor %}

  135.     - require:

  136.       - file: sudoer-defaults

  137.       - file: sudoer-{{ name }}

  138. {% endif %}

  139. {% else %}

  140. /etc/sudoers.d/{{ name }}:

  141.   file.absent:

  142.     - name: /etc/sudoers.d/{{ name }}

  143. {% endif %}

  144. 

  145. {% endfor %}

  146. 

  147. {% for name, user in pillar.get('users', {}).items() if user.absent is defined and user.absent %}

  148. {{ name }}:

  149. {% if 'purge' in user or 'force' in user %}

  150.   user.absent:

  151.     {% if 'purge' in user %}

  152.     - purge: {{ user['purge'] }}

  153.     {% endif %}

  154.     {% if 'force' in user %}

  155.     - force: {{ user['force'] }}

  156.     {% endif %}

  157. {% else %}

  158.   user.absent

  159. {% endif -%}

  160. /etc/sudoers.d/{{ name }}:

  161.   file.absent:

  162.     - name: /etc/sudoers.d/{{ name }}

  163. {% endfor %}

  164. 

  165. {% for user in pillar.get('absent_users', []) %}

  166. {{ user }}:

  167.   user.absent

  168. /etc/sudoers.d/{{ user }}:

  169.   file.absent:

  170.     - name: /etc/sudoers.d/{{ user }}

  171. {% endfor %}

  172. 

  173. {% for group in pillar.get('absent_groups', []) %}

  174. {{ group }}:

  175.   group.absent

  176. {% endfor %}

  177.