Browse Source
Merge pull request #67 from daschatten/master
Add prefix 'users_' to all first level keys to prevent duplicate ids …lookup-fix-3
Forrest
9 years ago
3 changed files with 55 additions and 50 deletions
+ 4
- 4
users/googleauth.sls
View File
| @@ -1,15 +1,15 @@ | |||
| # vim: sts=2 ts=2 sw=2 et ai | |||
| {% from "users/map.jinja" import users with context %} | |||
| googleauth-package: | |||
| users_googleauth-package: | |||
| pkg.installed: | |||
| - name: {{ users.googleauth_package }} | |||
| - require: | |||
| - file: {{ users.googleauth_dir }} | |||
| {{ users.googleauth_dir }}: | |||
| file: | |||
| - directory | |||
| users_{{ users.googleauth_dir }}: | |||
| file.directory: | |||
| - name: {{ users.googleauth_dir }} | |||
| - user: root | |||
| - group: {{ users.root_group }} | |||
| - mode: 600 | |||
+ 42
- 37
users/init.sls
View File
| @@ -38,13 +38,13 @@ include: | |||
| {%- endif %} | |||
| {% for group in user.get('groups', []) %} | |||
| {{ name }}_{{ group }}_group: | |||
| users_{{ name }}_{{ group }}_group: | |||
| group: | |||
| - name: {{ group }} | |||
| - present | |||
| {% endfor %} | |||
| {{ name }}_user: | |||
| users_{{ name }}_user: | |||
| {% if user.get('createhome', True) %} | |||
| file.directory: | |||
| - name: {{ home }} | |||
| @@ -98,7 +98,7 @@ include: | |||
| - group: {{ group }} | |||
| {% endfor %} | |||
| user_keydir_{{ name }}: | |||
| users_user_keydir_{{ name }}: | |||
| file.directory: | |||
| - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh | |||
| - user: {{ name }} | |||
| @@ -114,7 +114,7 @@ user_keydir_{{ name }}: | |||
| {% if 'ssh_keys' in user %} | |||
| {% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %} | |||
| user_{{ name }}_private_key: | |||
| users_user_{{ name }}_private_key: | |||
| file.managed: | |||
| - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }} | |||
| - user: {{ name }} | |||
| @@ -123,11 +123,11 @@ user_{{ name }}_private_key: | |||
| - show_diff: False | |||
| - contents_pillar: users:{{ name }}:ssh_keys:privkey | |||
| - require: | |||
| - user: {{ name }}_user | |||
| - user: users_{{ name }}_user | |||
| {% for group in user.get('groups', []) %} | |||
| - group: {{ name }}_{{ group }}_group | |||
| - group: users_{{ name }}_{{ group }}_group | |||
| {% endfor %} | |||
| user_{{ name }}_public_key: | |||
| users_user_{{ name }}_public_key: | |||
| file.managed: | |||
| - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }}.pub | |||
| - user: {{ name }} | |||
| @@ -136,15 +136,16 @@ user_{{ name }}_public_key: | |||
| - show_diff: False | |||
| - contents_pillar: users:{{ name }}:ssh_keys:pubkey | |||
| - require: | |||
| - user: {{ name }}_user | |||
| - user: users_{{ name }}_user | |||
| {% for group in user.get('groups', []) %} | |||
| - group: {{ name }}_{{ group }}_group | |||
| - group: users_{{ name }}_{{ group }}_group | |||
| {% endfor %} | |||
| {% endif %} | |||
| {% if 'ssh_auth_file' in user %} | |||
| {{ home }}/.ssh/authorized_keys: | |||
| users_authorized_keys_{{ name }}: | |||
| file.managed: | |||
| - name: {{ home }}/.ssh/authorized_keys | |||
| - user: {{ name }} | |||
| - group: {{ name }} | |||
| - mode: 600 | |||
| @@ -156,25 +157,25 @@ user_{{ name }}_public_key: | |||
| {% if 'ssh_auth' in user %} | |||
| {% for auth in user['ssh_auth'] %} | |||
| ssh_auth_{{ name }}_{{ loop.index0 }}: | |||
| users_ssh_auth_{{ name }}_{{ loop.index0 }}: | |||
| ssh_auth.present: | |||
| - user: {{ name }} | |||
| - name: {{ auth }} | |||
| - require: | |||
| - file: {{ name }}_user | |||
| - user: {{ name }}_user | |||
| - file: users_{{ name }}_user | |||
| - user: users_{{ name }}_user | |||
| {% endfor %} | |||
| {% endif %} | |||
| {% if 'ssh_keys_pillar' in user %} | |||
| {% for key_name, pillar_name in user['ssh_keys_pillar'].iteritems() %} | |||
| ssh_keys_files_{{ name }}_{{ key_name }}_pub: | |||
| users_ssh_keys_files_{{ name }}_{{ key_name }}_pub: | |||
| file.managed: | |||
| - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_name | |||
| }}.pub | |||
| - contents: | | |||
| {{ pillar[pillar_name][key_name]['pubkey'] }} | |||
| ssh_keys_files_{{ name }}_{{ key_name }}_priv: | |||
| users_ssh_keys_files_{{ name }}_{{ key_name }}_priv: | |||
| file.managed: | |||
| - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_name | |||
| }} | |||
| @@ -185,31 +186,31 @@ ssh_keys_files_{{ name }}_{{ key_name }}_priv: | |||
| {% if 'ssh_auth_sources' in user %} | |||
| {% for pubkey_file in user['ssh_auth_sources'] %} | |||
| ssh_auth_source_{{ name }}_{{ loop.index0 }}: | |||
| users_ssh_auth_source_{{ name }}_{{ loop.index0 }}: | |||
| ssh_auth.present: | |||
| - user: {{ name }} | |||
| - source: {{ pubkey_file }} | |||
| - require: | |||
| - file: {{ name }}_user | |||
| - user: {{ name }}_user | |||
| - file: users_{{ name }}_user | |||
| - user: users_{{ name }}_user | |||
| {% endfor %} | |||
| {% endif %} | |||
| {% if 'ssh_auth.absent' in user %} | |||
| {% for auth in user['ssh_auth.absent'] %} | |||
| ssh_auth_delete_{{ name }}_{{ loop.index0 }}: | |||
| users_ssh_auth_delete_{{ name }}_{{ loop.index0 }}: | |||
| ssh_auth.absent: | |||
| - user: {{ name }} | |||
| - name: {{ auth }} | |||
| - require: | |||
| - file: {{ name }}_user | |||
| - user: {{ name }}_user | |||
| - file: users_{{ name }}_user | |||
| - user: users_{{ name }}_user | |||
| {% endfor %} | |||
| {% endif %} | |||
| {% if 'sudouser' in user and user['sudouser'] %} | |||
| sudoer-{{ name }}: | |||
| users_sudoer-{{ name }}: | |||
| file.managed: | |||
| - name: {{ users.sudoers_dir }}/{{ name }} | |||
| - user: root | |||
| @@ -227,7 +228,7 @@ sudoer-{{ name }}: | |||
| # Specify the rule via an env var to avoid shell quoting issues. | |||
| - rule: "{{ name }} {{ rule }}" | |||
| - require_in: | |||
| - file: {{ users.sudoers_dir }}/{{ name }} | |||
| - file: users_{{ users.sudoers_dir }}/{{ name }} | |||
| {% endfor %} | |||
| {% endif %} | |||
| {% if 'sudo_defaults' in user %} | |||
| @@ -241,12 +242,13 @@ sudoer-{{ name }}: | |||
| # Specify the rule via an env var to avoid shell quoting issues. | |||
| - rule: "Defaults:{{ name }} {{ entry }}" | |||
| - require_in: | |||
| - file: {{ users.sudoers_dir }}/{{ name }} | |||
| - file: users_{{ users.sudoers_dir }}/{{ name }} | |||
| {% endfor %} | |||
| {% endif %} | |||
| {{ users.sudoers_dir }}/{{ name }}: | |||
| users_{{ users.sudoers_dir }}/{{ name }}: | |||
| file.managed: | |||
| - name: {{ users.sudoers_dir }}/{{ name }} | |||
| - contents: | | |||
| {%- if 'sudo_defaults' in user %} | |||
| {%- for entry in user['sudo_defaults'] %} | |||
| @@ -259,18 +261,18 @@ sudoer-{{ name }}: | |||
| {%- endfor %} | |||
| {%- endif %} | |||
| - require: | |||
| - file: sudoer-defaults | |||
| - file: sudoer-{{ name }} | |||
| - file: users_sudoer-defaults | |||
| - file: users_sudoer-{{ name }} | |||
| {% endif %} | |||
| {% else %} | |||
| {{ users.sudoers_dir }}/{{ name }}: | |||
| users_{{ users.sudoers_dir }}/{{ name }}: | |||
| file.absent: | |||
| - name: {{ users.sudoers_dir }}/{{ name }} | |||
| {% endif %} | |||
| {%- if 'google_auth' in user %} | |||
| {%- for svc in user['google_auth'] %} | |||
| googleauth-{{ svc }}-{{ name }}: | |||
| users_googleauth-{{ svc }}-{{ name }}: | |||
| file.managed: | |||
| - replace: false | |||
| - name: {{ users.googleauth_dir }}/{{ name }}_{{ svc }} | |||
| @@ -279,16 +281,17 @@ googleauth-{{ svc }}-{{ name }}: | |||
| - group: {{ users.root_group }} | |||
| - mode: 600 | |||
| - require: | |||
| - pkg: googleauth-package | |||
| - pkg: users_googleauth-package | |||
| {%- endfor %} | |||
| {%- endif %} | |||
| {% endfor %} | |||
| {% for name, user in pillar.get('users', {}).items() if user.absent is defined and user.absent %} | |||
| {{ name }}: | |||
| users_absent_user_{{ name }}: | |||
| {% if 'purge' in user or 'force' in user %} | |||
| user.absent: | |||
| - name: {{ name }} | |||
| {% if 'purge' in user %} | |||
| - purge: {{ user['purge'] }} | |||
| {% endif %} | |||
| @@ -296,23 +299,25 @@ googleauth-{{ svc }}-{{ name }}: | |||
| - force: {{ user['force'] }} | |||
| {% endif %} | |||
| {% else %} | |||
| user.absent | |||
| user.absent: | |||
| - name: {{ name }} | |||
| {% endif -%} | |||
| {{ users.sudoers_dir }}/{{ name }}: | |||
| users_{{ users.sudoers_dir }}/{{ name }}: | |||
| file.absent: | |||
| - name: {{ users.sudoers_dir }}/{{ name }} | |||
| {% endfor %} | |||
| {% for user in pillar.get('absent_users', []) %} | |||
| {{ user }}: | |||
| users_absent_user_2_{{ user }}: | |||
| user.absent | |||
| {{ users.sudoers_dir }}/{{ user }}: | |||
| users_2_{{ users.sudoers_dir }}/{{ user }}: | |||
| file.absent: | |||
| - name: {{ users.sudoers_dir }}/{{ user }} | |||
| {% endfor %} | |||
| {% for group in pillar.get('absent_groups', []) %} | |||
| {{ group }}: | |||
| group.absent | |||
| users_absent_group_{{ group }}: | |||
| group.absent: | |||
| - name: {{ group }} | |||
| {% endfor %} | |||
+ 9
- 9
users/sudo.sls
View File
| @@ -2,31 +2,31 @@ | |||
| {% from "users/map.jinja" import users with context %} | |||
| # Ensure availability of bash | |||
| bash-package: | |||
| users_bash-package: | |||
| pkg.installed: | |||
| - name: {{ users.bash_package }} | |||
| sudo-group: | |||
| users_sudo-group: | |||
| group.present: | |||
| - name: sudo | |||
| - system: True | |||
| sudo-package: | |||
| users_sudo-package: | |||
| pkg.installed: | |||
| - name: {{ users.sudo_package }} | |||
| - require: | |||
| - group: sudo-group | |||
| - group: users_sudo-group | |||
| - file: {{ users.sudoers_dir }} | |||
| {{ users.sudoers_dir }}: | |||
| file: | |||
| - directory | |||
| users_{{ users.sudoers_dir }}: | |||
| file.directory: | |||
| - name: {{ users.sudoers_dir }} | |||
| sudoer-defaults: | |||
| users_sudoer-defaults: | |||
| file.append: | |||
| - name: {{ users.sudoers_file }} | |||
| - require: | |||
| - pkg: sudo-package | |||
| - pkg: users_sudo-package | |||
| - text: | |||
| - Defaults env_reset | |||
| - Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" | |||
Loading…