users:
  ## Minimal required pillar values
  auser:
    fullname: A User

  ## Full list of pillar values
  buser:
    fullname: B User
    password: $6$w.............
    home: /custom/buser
    createhome: True
    expire: 16426
    sudouser: True
    sudo_rules:
      - ALL=(root) /usr/bin/find
      - ALL=(otheruser) /usr/bin/script.sh
    sudo_defaults:
      - '!requiretty'
    shell: /bin/bash
    prime_group:
      name: primarygroup
      gid: 500
    groups:
      - users
    ssh_key_type: rsa
    # You can inline the private keys ...
    ssh_keys:
      privkey: PRIVATEKEY
      pubkey: PUBLICKEY
    # ... or you can pull them from a different pillar,
    # for example one called "ssh_keys":
    ssh_keys_pillar:
      id_rsa: "ssh_keys"
      another_key_pair: "ssh_keys"
    ssh_auth:
      - PUBLICKEY
    ssh_auth.absent:
      - PUBLICKEY_TO_BE_REMOVED
    # Generates an authorized_keys file for the user
    # with the given keys
    ssh_auth_file:
      - PUBLICKEY
    # If you prefer to keep public keys as files rather
    # than inline in pillar, this works.
    ssh_auth_sources:
      - salt://keys/buser.id_rsa.pub
    # Manage the ~/.ssh/config file
    ssh_config:
      all:
        hostname: "*"
        options:
          - "StrictHostKeyChecking no"
          - "UserKnownHostsFile=/dev/null"
      importanthost:
        hostname: "needcheck.example.com"
        options:
          - "StrictHostKeyChecking yes"

    google_auth:
      ssh: |
        SOMEGAUTHHASHVAL
        " RESETTING_TIME_SKEW 46956472+2 46991595-2
        " RATE_LIMIT 3 30 1415800560
        " DISALLOW_REUSE 47193352
        " TOTP_AUTH
        11111111
        22222222
        33333333
        44444444
        55555555

  ## Absent user
  cuser:
    absent: True
    purge: True
    force: True


## Old syntax of absent_users still supported
absent_users:
  - donald
  - bad_guy