openssh-formula/openssh/auth_map.sls

include:
  - openssh

{%  from "openssh/map.jinja" import mapdata with context -%}
{%- set openssh = mapdata.openssh %}
{%- set sshd_config = mapdata.sshd_config %}
{%- set authorized_keys_file = sshd_config.get("AuthorizedKeysFile", None) %}

{%- for store, config in openssh.get("auth_map", {}).items() %}
{%- set store_base = config["source"] %}
# SSH store openssh:auth_map:{{ store }}
{%-   for user, keys in config.get("users", {}).items() %}
{%-     for key, key_cfg in keys.items() %}
"ssh_auth--{{ store }}--{{ user }}--{{ key }}":
{%-       set present = key_cfg.get("present", True) %}
{%-       set options = key_cfg.get("options", []) %}
{%-       if present %}
  ssh_auth.present:
    - require:
      - service: {{ openssh.service }}
{%-       else %}
  ssh_auth.absent:
{%-       endif %}
    - user: {{ user }}
    - source: {{ store_base }}/{{ key }}.pub
{%-       if authorized_keys_file %}
    - config: "{{ authorized_keys_file }}"
{%-       endif %}
{%-       if options %}
    - options: "{{ options }}"
{%-       endif %}
{%-     endfor %}
{%-   endfor %}
{%- endfor %}
openssh.auth_map 2017-03-03 14:17:41 +01:00			`include:`
			`- openssh`

feat(map): update to v4 “map.jinja” The `map.jinja` now exports a single variable called `mapdata`. We extract the `openssh`, `sshd_config` and `ssh_config` from it to minimize the changes to `.sls` files. 2020-07-31 10:54:40 +02:00			`{% from "openssh/map.jinja" import mapdata with context -%}`
			`{%- set openssh = mapdata.openssh %}`
			`{%- set sshd_config = mapdata.sshd_config %}`
Remove duplicated pillar.get calls to retrieve the sshd_config and ssh_config pillars 2019-04-28 05:00:57 +02:00			`{%- set authorized_keys_file = sshd_config.get("AuthorizedKeysFile", None) %}`
openssh.auth_map 2017-03-03 14:17:41 +01:00
Remove duplicated pillar.get calls to retrieve the sshd_config and ssh_config pillars 2019-04-28 05:00:57 +02:00			`{%- for store, config in openssh.get("auth_map", {}).items() %}`
openssh.auth_map 2017-03-03 14:17:41 +01:00			`{%- set store_base = config["source"] %}`
			`# SSH store openssh:auth_map:{{ store }}`
fix iteritems for python3 2018-03-10 16:35:57 +01:00			`{%- for user, keys in config.get("users", {}).items() %}`
			`{%- for key, key_cfg in keys.items() %}`
openssh.auth_map 2017-03-03 14:17:41 +01:00			`"ssh_auth--{{ store }}--{{ user }}--{{ key }}":`
			`{%- set present = key_cfg.get("present", True) %}`
			`{%- set options = key_cfg.get("options", []) %}`
			`{%- if present %}`
			`ssh_auth.present:`
			`- require:`
			`- service: {{ openssh.service }}`
			`{%- else %}`
			`ssh_auth.absent:`
			`{%- endif %}`
			`- user: {{ user }}`
			`- source: {{ store_base }}/{{ key }}.pub`
			`{%- if authorized_keys_file %}`
			`- config: "{{ authorized_keys_file }}"`
			`{%- endif %}`
			`{%- if options %}`
			`- options: "{{ options }}"`
			`{%- endif %}`
			`{%- endfor %}`
			`{%- endfor %}`
			`{%- endfor %}`