salt
/
users-formula
forked from ExternalMirrors/users-formula
Watch 1
Star 0
Fork 0
Code Releases 0 Activity
Browse Source

Merge pull request #67 from daschatten/master 

Add prefix 'users_' to all first level keys to prevent duplicate ids …
lookup-fix-3
Forrest 9 years ago
parent
4e70e924f4 701326e23f
commit
9b11ec775b
3 changed files with 55 additions and 50 deletions
Unified View Show Diff Stats
  1. +4
    -4
      users/googleauth.sls
  2. +42
    -37
      users/init.sls
  3. +9
    -9
      users/sudo.sls

+ 4
- 4
users/googleauth.sls View File

# vim: sts=2 ts=2 sw=2 et ai # vim: sts=2 ts=2 sw=2 et ai
{% from "users/map.jinja" import users with context %} {% from "users/map.jinja" import users with context %}


googleauth-package:
users_googleauth-package:
pkg.installed: pkg.installed:
- name: {{ users.googleauth_package }} - name: {{ users.googleauth_package }}
- require: - require:
- file: {{ users.googleauth_dir }} - file: {{ users.googleauth_dir }}


{{ users.googleauth_dir }}:
file:
- directory
users_{{ users.googleauth_dir }}:
file.directory:
- name: {{ users.googleauth_dir }}
- user: root - user: root
- group: {{ users.root_group }} - group: {{ users.root_group }}
- mode: 600 - mode: 600

+ 42
- 37
users/init.sls View File

{%- endif %} {%- endif %}


{% for group in user.get('groups', []) %} {% for group in user.get('groups', []) %}
{{ name }}_{{ group }}_group:
users_{{ name }}_{{ group }}_group:
group: group:
- name: {{ group }} - name: {{ group }}
- present - present
{% endfor %} {% endfor %}


{{ name }}_user:
users_{{ name }}_user:
{% if user.get('createhome', True) %} {% if user.get('createhome', True) %}
file.directory: file.directory:
- name: {{ home }} - name: {{ home }}
- group: {{ group }} - group: {{ group }}
{% endfor %} {% endfor %}


user_keydir_{{ name }}:
users_user_keydir_{{ name }}:
file.directory: file.directory:
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh
- user: {{ name }} - user: {{ name }}


{% if 'ssh_keys' in user %} {% if 'ssh_keys' in user %}
{% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %} {% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %}
user_{{ name }}_private_key:
users_user_{{ name }}_private_key:
file.managed: file.managed:
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }} - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }}
- user: {{ name }} - user: {{ name }}
- show_diff: False - show_diff: False
- contents_pillar: users:{{ name }}:ssh_keys:privkey - contents_pillar: users:{{ name }}:ssh_keys:privkey
- require: - require:
- user: {{ name }}_user
- user: users_{{ name }}_user
{% for group in user.get('groups', []) %} {% for group in user.get('groups', []) %}
- group: {{ name }}_{{ group }}_group
- group: users_{{ name }}_{{ group }}_group
{% endfor %} {% endfor %}
user_{{ name }}_public_key:
users_user_{{ name }}_public_key:
file.managed: file.managed:
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }}.pub - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }}.pub
- user: {{ name }} - user: {{ name }}
- show_diff: False - show_diff: False
- contents_pillar: users:{{ name }}:ssh_keys:pubkey - contents_pillar: users:{{ name }}:ssh_keys:pubkey
- require: - require:
- user: {{ name }}_user
- user: users_{{ name }}_user
{% for group in user.get('groups', []) %} {% for group in user.get('groups', []) %}
- group: {{ name }}_{{ group }}_group
- group: users_{{ name }}_{{ group }}_group
{% endfor %} {% endfor %}
{% endif %} {% endif %}


{% if 'ssh_auth_file' in user %} {% if 'ssh_auth_file' in user %}
{{ home }}/.ssh/authorized_keys:
users_authorized_keys_{{ name }}:
file.managed: file.managed:
- name: {{ home }}/.ssh/authorized_keys
- user: {{ name }} - user: {{ name }}
- group: {{ name }} - group: {{ name }}
- mode: 600 - mode: 600


{% if 'ssh_auth' in user %} {% if 'ssh_auth' in user %}
{% for auth in user['ssh_auth'] %} {% for auth in user['ssh_auth'] %}
ssh_auth_{{ name }}_{{ loop.index0 }}:
users_ssh_auth_{{ name }}_{{ loop.index0 }}:
ssh_auth.present: ssh_auth.present:
- user: {{ name }} - user: {{ name }}
- name: {{ auth }} - name: {{ auth }}
- require: - require:
- file: {{ name }}_user
- user: {{ name }}_user
- file: users_{{ name }}_user
- user: users_{{ name }}_user
{% endfor %} {% endfor %}
{% endif %} {% endif %}


{% if 'ssh_keys_pillar' in user %} {% if 'ssh_keys_pillar' in user %}
{% for key_name, pillar_name in user['ssh_keys_pillar'].iteritems() %} {% for key_name, pillar_name in user['ssh_keys_pillar'].iteritems() %}
ssh_keys_files_{{ name }}_{{ key_name }}_pub:
users_ssh_keys_files_{{ name }}_{{ key_name }}_pub:
file.managed: file.managed:
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_name - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_name
}}.pub }}.pub
- contents: | - contents: |
{{ pillar[pillar_name][key_name]['pubkey'] }} {{ pillar[pillar_name][key_name]['pubkey'] }}
ssh_keys_files_{{ name }}_{{ key_name }}_priv:
users_ssh_keys_files_{{ name }}_{{ key_name }}_priv:
file.managed: file.managed:
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_name - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_name
}} }}


{% if 'ssh_auth_sources' in user %} {% if 'ssh_auth_sources' in user %}
{% for pubkey_file in user['ssh_auth_sources'] %} {% for pubkey_file in user['ssh_auth_sources'] %}
ssh_auth_source_{{ name }}_{{ loop.index0 }}:
users_ssh_auth_source_{{ name }}_{{ loop.index0 }}:
ssh_auth.present: ssh_auth.present:
- user: {{ name }} - user: {{ name }}
- source: {{ pubkey_file }} - source: {{ pubkey_file }}
- require: - require:
- file: {{ name }}_user
- user: {{ name }}_user
- file: users_{{ name }}_user
- user: users_{{ name }}_user
{% endfor %} {% endfor %}
{% endif %} {% endif %}


{% if 'ssh_auth.absent' in user %} {% if 'ssh_auth.absent' in user %}
{% for auth in user['ssh_auth.absent'] %} {% for auth in user['ssh_auth.absent'] %}
ssh_auth_delete_{{ name }}_{{ loop.index0 }}:
users_ssh_auth_delete_{{ name }}_{{ loop.index0 }}:
ssh_auth.absent: ssh_auth.absent:
- user: {{ name }} - user: {{ name }}
- name: {{ auth }} - name: {{ auth }}
- require: - require:
- file: {{ name }}_user
- user: {{ name }}_user
- file: users_{{ name }}_user
- user: users_{{ name }}_user
{% endfor %} {% endfor %}
{% endif %} {% endif %}


{% if 'sudouser' in user and user['sudouser'] %} {% if 'sudouser' in user and user['sudouser'] %}


sudoer-{{ name }}:
users_sudoer-{{ name }}:
file.managed: file.managed:
- name: {{ users.sudoers_dir }}/{{ name }} - name: {{ users.sudoers_dir }}/{{ name }}
- user: root - user: root
# Specify the rule via an env var to avoid shell quoting issues. # Specify the rule via an env var to avoid shell quoting issues.
- rule: "{{ name }} {{ rule }}" - rule: "{{ name }} {{ rule }}"
- require_in: - require_in:
- file: {{ users.sudoers_dir }}/{{ name }}
- file: users_{{ users.sudoers_dir }}/{{ name }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if 'sudo_defaults' in user %} {% if 'sudo_defaults' in user %}
# Specify the rule via an env var to avoid shell quoting issues. # Specify the rule via an env var to avoid shell quoting issues.
- rule: "Defaults:{{ name }} {{ entry }}" - rule: "Defaults:{{ name }} {{ entry }}"
- require_in: - require_in:
- file: {{ users.sudoers_dir }}/{{ name }}
- file: users_{{ users.sudoers_dir }}/{{ name }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}


{{ users.sudoers_dir }}/{{ name }}:
users_{{ users.sudoers_dir }}/{{ name }}:
file.managed: file.managed:
- name: {{ users.sudoers_dir }}/{{ name }}
- contents: | - contents: |
{%- if 'sudo_defaults' in user %} {%- if 'sudo_defaults' in user %}
{%- for entry in user['sudo_defaults'] %} {%- for entry in user['sudo_defaults'] %}
{%- endfor %} {%- endfor %}
{%- endif %} {%- endif %}
- require: - require:
- file: sudoer-defaults
- file: sudoer-{{ name }}
- file: users_sudoer-defaults
- file: users_sudoer-{{ name }}
{% endif %} {% endif %}
{% else %} {% else %}
{{ users.sudoers_dir }}/{{ name }}:
users_{{ users.sudoers_dir }}/{{ name }}:
file.absent: file.absent:
- name: {{ users.sudoers_dir }}/{{ name }} - name: {{ users.sudoers_dir }}/{{ name }}
{% endif %} {% endif %}


{%- if 'google_auth' in user %} {%- if 'google_auth' in user %}
{%- for svc in user['google_auth'] %} {%- for svc in user['google_auth'] %}
googleauth-{{ svc }}-{{ name }}:
users_googleauth-{{ svc }}-{{ name }}:
file.managed: file.managed:
- replace: false - replace: false
- name: {{ users.googleauth_dir }}/{{ name }}_{{ svc }} - name: {{ users.googleauth_dir }}/{{ name }}_{{ svc }}
- group: {{ users.root_group }} - group: {{ users.root_group }}
- mode: 600 - mode: 600
- require: - require:
- pkg: googleauth-package
- pkg: users_googleauth-package
{%- endfor %} {%- endfor %}
{%- endif %} {%- endif %}


{% endfor %} {% endfor %}


{% for name, user in pillar.get('users', {}).items() if user.absent is defined and user.absent %} {% for name, user in pillar.get('users', {}).items() if user.absent is defined and user.absent %}
{{ name }}:
users_absent_user_{{ name }}:
{% if 'purge' in user or 'force' in user %} {% if 'purge' in user or 'force' in user %}
user.absent: user.absent:
- name: {{ name }}
{% if 'purge' in user %} {% if 'purge' in user %}
- purge: {{ user['purge'] }} - purge: {{ user['purge'] }}
{% endif %} {% endif %}
- force: {{ user['force'] }} - force: {{ user['force'] }}
{% endif %} {% endif %}
{% else %} {% else %}
user.absent
user.absent:
- name: {{ name }}
{% endif -%} {% endif -%}
{{ users.sudoers_dir }}/{{ name }}:
users_{{ users.sudoers_dir }}/{{ name }}:
file.absent: file.absent:
- name: {{ users.sudoers_dir }}/{{ name }} - name: {{ users.sudoers_dir }}/{{ name }}
{% endfor %} {% endfor %}


{% for user in pillar.get('absent_users', []) %} {% for user in pillar.get('absent_users', []) %}
{{ user }}:
users_absent_user_2_{{ user }}:
user.absent user.absent
{{ users.sudoers_dir }}/{{ user }}:
users_2_{{ users.sudoers_dir }}/{{ user }}:
file.absent: file.absent:
- name: {{ users.sudoers_dir }}/{{ user }} - name: {{ users.sudoers_dir }}/{{ user }}
{% endfor %} {% endfor %}


{% for group in pillar.get('absent_groups', []) %} {% for group in pillar.get('absent_groups', []) %}
{{ group }}:
group.absent
users_absent_group_{{ group }}:
group.absent:
- name: {{ group }}
{% endfor %} {% endfor %}



+ 9
- 9
users/sudo.sls View File

{% from "users/map.jinja" import users with context %} {% from "users/map.jinja" import users with context %}


# Ensure availability of bash # Ensure availability of bash
bash-package:
users_bash-package:
pkg.installed: pkg.installed:
- name: {{ users.bash_package }} - name: {{ users.bash_package }}


sudo-group:
users_sudo-group:
group.present: group.present:
- name: sudo - name: sudo
- system: True - system: True


sudo-package:
users_sudo-package:
pkg.installed: pkg.installed:
- name: {{ users.sudo_package }} - name: {{ users.sudo_package }}
- require: - require:
- group: sudo-group
- group: users_sudo-group
- file: {{ users.sudoers_dir }} - file: {{ users.sudoers_dir }}


{{ users.sudoers_dir }}:
file:
- directory
users_{{ users.sudoers_dir }}:
file.directory:
- name: {{ users.sudoers_dir }}


sudoer-defaults:
users_sudoer-defaults:
file.append: file.append:
- name: {{ users.sudoers_file }} - name: {{ users.sudoers_file }}
- require: - require:
- pkg: sudo-package
- pkg: users_sudo-package
- text: - text:
- Defaults env_reset - Defaults env_reset
- Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

Write Preview
Loading…
Cancel
Save