Browse Source

Add support FreeBSD using map.jinja (Tested on Freebsd10)

lookup-fix-3
root 10 years ago
parent
commit
8417c6c888
3 changed files with 47 additions and 15 deletions
  1. +14
    -11
      users/init.sls
  2. +21
    -0
      users/map.jinja
  3. +12
    -4
      users/sudo.sls

+ 14
- 11
users/init.sls View File

# vim: sts=2 ts=2 sw=2 et ai
{% from "users/map.jinja" import users with context %}

include: include:
- users.sudo - users.sudo


{% if 'sudouser' in user and user['sudouser'] %} {% if 'sudouser' in user and user['sudouser'] %}
sudoer-{{ name }}: sudoer-{{ name }}:
file.managed: file.managed:
- name: /etc/sudoers.d/{{ name }}
- name: {{ users.sudoers_dir }}{{ name }}
- user: root - user: root
- group: root
- group: {{ users.root_group }}
- mode: '0440' - mode: '0440'
{% if 'sudo_rules' in user %} {% if 'sudo_rules' in user %}
{% for rule in user['sudo_rules'] %} {% for rule in user['sudo_rules'] %}
"validate {{ name }} sudo rule {{ loop.index0 }} {{ name }} {{ rule }}": "validate {{ name }} sudo rule {{ loop.index0 }} {{ name }} {{ rule }}":
cmd.run: cmd.run:
- name: 'visudo -cf - <<<"$rule"' - name: 'visudo -cf - <<<"$rule"'
- shell: /bin/bash
- shell: {{ users.visudo_shell }}
- env: - env:
# Specify the rule via an env var to avoid shell quoting issues. # Specify the rule via an env var to avoid shell quoting issues.
- rule: "{{ name }} {{ rule }}" - rule: "{{ name }} {{ rule }}"
- require_in: - require_in:
- file: /etc/sudoers.d/{{ name }}
- file: {{ users.sudoers_dir }}{{ name }}
{% endfor %} {% endfor %}


/etc/sudoers.d/{{ name }}:
{{ users.sudoers_dir }}{{ name }}:
file.managed: file.managed:
- contents: | - contents: |
{%- for rule in user['sudo_rules'] %} {%- for rule in user['sudo_rules'] %}
- file: sudoer-{{ name }} - file: sudoer-{{ name }}
{% endif %} {% endif %}
{% else %} {% else %}
/etc/sudoers.d/{{ name }}:
{{ users.sudoers_dir }}{{ name }}:
file.absent: file.absent:
- name: /etc/sudoers.d/{{ name }}
- name: {{ users.sudoers_dir }}{{ name }}
{% endif %} {% endif %}


{% endfor %} {% endfor %}
{% else %} {% else %}
user.absent user.absent
{% endif -%} {% endif -%}
/etc/sudoers.d/{{ name }}:
{{ users.sudoers_dir }}{{ name }}:
file.absent: file.absent:
- name: /etc/sudoers.d/{{ name }}
- name: {{ users.sudoers_dir }}{{ name }}
{% endfor %} {% endfor %}


{% for user in pillar.get('absent_users', []) %} {% for user in pillar.get('absent_users', []) %}
{{ user }}: {{ user }}:
user.absent user.absent
/etc/sudoers.d/{{ user }}:
{{ users.sudoers_dir }}{{ user }}:
file.absent: file.absent:
- name: /etc/sudoers.d/{{ user }}
- name: {{ users.sudoers_dir }}{{ user }}
{% endfor %} {% endfor %}


{% for group in pillar.get('absent_groups', []) %} {% for group in pillar.get('absent_groups', []) %}

+ 21
- 0
users/map.jinja View File

# vim: sts=2 ts=2 sw=2 et ai
{% set users = salt['grains.filter_by']({
'Debian': {
'sudoers_dir': '/etc/sudoers.d/',
'sudoers_file': '/etc/sudoers',
'root_group': 'root',
'visudo_shell': '/bin/bash',
},
'FreeBSD': {
'sudoers_dir': '/usr/local/etc/sudoers.d/',
'sudoers_file': '/usr/local/etc/sudoers',
'root_group': 'wheel',
'visudo_shell': '/usr/local/bin/bash',
},
'default': {
'sudoers_dir': '/etc/sudoers.d/',
'sudoers_file': '/etc/sudoers',
'root_group': 'root',
'visudo_shell': '/bin/bash',
},
}, merge=salt['pillar.get']('users:lookup')) %}

+ 12
- 4
users/sudo.sls View File

# vim: sts=2 ts=2 sw=2 et ai
{% from "users/map.jinja" import users with context %}

#Support bash in FreeBSD
bash:
pkg:
- installed

sudo: sudo:
group: group:
- present - present
- installed - installed
- require: - require:
- group: sudo - group: sudo
- file: /etc/sudoers.d
- file: {{ users.sudoers_dir }}


/etc/sudoers.d:
{{ users.sudoers_dir }}:
file: file:
- directory - directory


sudoer-defaults: sudoer-defaults:
file.append: file.append:
- name: /etc/sudoers
- name: {{ users.sudoers_file }}
- require: - require:
- pkg: sudo - pkg: sudo
- text: - text:
- Defaults env_reset - Defaults env_reset
- Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
- '#includedir /etc/sudoers.d'
- '#includedir {{ users.sudoers_dir }}'

Loading…
Cancel
Save