saltstack-formulas/salt-formula
Template
2
0
Fork 0
Code Releases Activity

Merge pull request #379 from aanriot/master

Browse Source 
Support publisher_acl minion-level commands
This commit is contained in:
Niels Abspoel 2018-07-11 20:35:12 +02:00 committed by GitHub
commit 0383f20d9d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 31 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
salt/files/master.d/f_defaults.conf
View File

@ -385,21 +385,46 @@ event_return_blacklist:
# This setting should be treated with care since it opens up execution
# capabilities to non root users. By default this capability is completely
# disabled.
#publisher_acl:
# larry:
# - test.ping
# - network.*
# - '*':
# - pkg.*
#
{% if 'publisher_acl' in cfg_master -%}
{%- do default_keys.append('publisher_acl') %}
publisher_acl:
{%- for name, user in cfg_master['publisher_acl']|dictsort %}
{{ name}}:
{%- for command in user %}
{%- for user, commands in cfg_master['publisher_acl']|dictsort %}
{{ user }}:
{%- for command in commands %}
{%- if command is mapping %}
{%- for target, targetcommands in command.items() %}
- {% raw %}'{% endraw %}{{ target }}{% raw %}'{% endraw %}:
{%- for targetcommand in targetcommands %}
- {% raw %}'{% endraw %}{{ targetcommand }}{% raw %}'{% endraw %}
{%- endfor -%}
{%- endfor -%}
{%- else %}
- {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %}
{%- endif %}
{%- endfor -%}
{%- endfor -%}
{% elif 'publisher_acl' in cfg_salt -%}
publisher_acl:
{%- for name, user in cfg_salt['publisher_acl']|dictsort %}
{{ name }}:
{%- for command in user %}
{%- for user, commands in cfg_salt['publisher_acl']|dictsort %}
{{ user }}:
{%- for command in commands %}
{%- if command is mapping %}
{%- for target, targetcommands in command.items() %}
- {% raw %}'{% endraw %}{{ target }}{% raw %}'{% endraw %}:
{%- for targetcommand in targetcommands %}
- {% raw %}'{% endraw %}{{ targetcommand }}{% raw %}'{% endraw %}
{%- endfor -%}
{%- endfor -%}
{%- else %}
- {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %}
{%- endif %}
{%- endfor -%}
{%- endfor -%}
{% elif 'client_acl' in cfg_master -%}
@ -420,11 +445,6 @@ publisher_acl:
{%- endfor -%}
{%- endfor -%}
{% else -%}
#publisher_acl:
# larry:
# - test.ping
# - network.*
#
{%- endif %}
# Blacklist any of the following users or modules