Merge pull request #29 from brot/f/user_with_more_keys
Refactor auth.sls to allow more keys for one user
This commit is contained in:
Nitin Madhok
commit
7adb33ca01
@ -1,15 +1,18 @@
|
|||||||
include:
|
{%- macro print_name(identifier, key) -%}
|
||||||
- openssh
|
{%- if 'name' in key %}
|
||||||
{%- from "openssh/map.jinja" import openssh with context -%}
|
|
||||||
{%- set openssh_pillar = pillar.get('openssh', {}) -%}
|
|
||||||
{%- set auth = openssh_pillar.get('auth', {}) -%}
|
|
||||||
{%- for user,keys in auth.items() -%}
|
|
||||||
{%- for key in keys -%}
|
|
||||||
{% if 'present' in key and key['present'] %}
|
|
||||||
{{ key['name'] }}:
|
{{ key['name'] }}:
|
||||||
ssh_auth.present:
|
{%- else %}
|
||||||
- user: {{ user }}
|
{{ identifier }}:
|
||||||
{%- if 'source' in key %}
|
{%- endif %}
|
||||||
|
{%- endmacro -%}
|
||||||
|
|
||||||
|
{%- macro print_ssh_auth(identifier, key) -%}
|
||||||
|
{%- if 'user' in key %}
|
||||||
|
- user: {{ key['user'] }}
|
||||||
|
{%- else %}
|
||||||
|
- user: {{ identifier }}
|
||||||
|
{%- endif %}
|
||||||
|
{%- if 'present' in key and key['present'] and 'source' in key %}
|
||||||
- source: {{ key['source'] }}
|
- source: {{ key['source'] }}
|
||||||
{%- else %}
|
{%- else %}
|
||||||
{%- if 'enc' in key %}
|
{%- if 'enc' in key %}
|
||||||
@ -22,21 +25,25 @@ include:
|
|||||||
- options: {{ key['options'] }}
|
- options: {{ key['options'] }}
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
{%- endmacro -%}
|
||||||
|
|
||||||
|
include:
|
||||||
|
- openssh
|
||||||
|
{%- from "openssh/map.jinja" import openssh with context -%}
|
||||||
|
{%- set openssh_pillar = pillar.get('openssh', {}) -%}
|
||||||
|
{%- set auth = openssh_pillar.get('auth', {}) -%}
|
||||||
|
{%- for identifier,keys in auth.items() -%}
|
||||||
|
{%- for key in keys -%}
|
||||||
|
{% if 'present' in key and key['present'] %}
|
||||||
|
{{ print_name(identifier, key) }}:
|
||||||
|
ssh_auth.present:
|
||||||
|
{{ print_ssh_auth(identifier, key) }}
|
||||||
- require:
|
- require:
|
||||||
- service: {{ openssh.service }}
|
- service: {{ openssh.service }}
|
||||||
{%- else %}
|
{%- else %}
|
||||||
{{ key['name'] }}:
|
{{ print_name(identifier, key) }}:
|
||||||
ssh_auth.absent:
|
ssh_auth.absent:
|
||||||
- user: {{ user }}
|
{{ print_ssh_auth(identifier, key) }}
|
||||||
{%- if 'enc' in key %}
|
|
||||||
- enc: {{ key['enc'] }}
|
|
||||||
{%- endif -%}
|
|
||||||
{%- if 'comment' in key %}
|
|
||||||
- comment: {{ key['comment'] }}
|
|
||||||
{%- endif -%}
|
|
||||||
{%- if 'options' in key %}
|
|
||||||
- options: {{ key['options'] }}
|
|
||||||
{%- endif -%}
|
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
{%- endfor -%}
|
{%- endfor -%}
|
||||||
{%- endfor -%}
|
{%- endfor -%}
|
||||||
|
|||||||
@ -49,12 +49,18 @@ sshd_config:
|
|||||||
|
|
||||||
openssh:
|
openssh:
|
||||||
auth:
|
auth:
|
||||||
joe:
|
joe-valid-ssh-key-desktop:
|
||||||
- name: JOE_VALID_SSH_PUBLIC_KEY
|
- user: joe
|
||||||
present: True
|
present: True
|
||||||
enc: ssh-rsa
|
enc: ssh-rsa
|
||||||
comment: main key
|
comment: main key - desktop
|
||||||
- name: JOE_NON_VALID_SSH_PUBLIC_KEY
|
joe-valid-ssh-key-notebook:
|
||||||
|
- user: joe
|
||||||
|
present: True
|
||||||
|
enc: ssh-rsa
|
||||||
|
comment: main key - notebook
|
||||||
|
joe-non-valid-ssh-key:
|
||||||
|
- user: joe
|
||||||
present: False
|
present: False
|
||||||
enc: ssh-rsa
|
enc: ssh-rsa
|
||||||
comment: obsolete key - removed
|
comment: obsolete key - removed
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user