saltstack-formulas/salt-formula
Template
2
0
Fork 0
Code Releases Activity

Support publisher_acl minion-level commands

Browse Source
This commit is contained in:
Alexandre Anriot 2018-07-11 14:36:41 +02:00
parent d87d858a87
commit 3e6e6028ae
1 changed files with 31 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
salt/files/master.d/f_defaults.conf
View File

@ -385,21 +385,46 @@ event_return_blacklist:
# This setting should be treated with care since it opens up execution # This setting should be treated with care since it opens up execution
# capabilities to non root users. By default this capability is completely # capabilities to non root users. By default this capability is completely
# disabled. # disabled.
#publisher_acl:
# larry:
# - test.ping
# - network.*
# - '*':
# - pkg.*
#
{% if 'publisher_acl' in cfg_master -%} {% if 'publisher_acl' in cfg_master -%}
{%- do default_keys.append('publisher_acl') %} {%- do default_keys.append('publisher_acl') %}
publisher_acl: publisher_acl:
{%- for name, user in cfg_master['publisher_acl']|dictsort %} {%- for user, commands in cfg_master['publisher_acl']|dictsort %}
{{ name}}: {{ user }}:
{%- for command in user %} {%- for command in commands %}
{%- if command is mapping %}
{%- for target, targetcommands in command.items() %}
- {% raw %}'{% endraw %}{{ target }}{% raw %}'{% endraw %}:
{%- for targetcommand in targetcommands %}
- {% raw %}'{% endraw %}{{ targetcommand }}{% raw %}'{% endraw %}
{%- endfor -%}
{%- endfor -%}
{%- else %}
- {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %} - {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %}
{%- endif %}
{%- endfor -%} {%- endfor -%}
{%- endfor -%} {%- endfor -%}
{% elif 'publisher_acl' in cfg_salt -%} {% elif 'publisher_acl' in cfg_salt -%}
publisher_acl: publisher_acl:
{%- for name, user in cfg_salt['publisher_acl']|dictsort %} {%- for user, commands in cfg_salt['publisher_acl']|dictsort %}
{{ name }}: {{ user }}:
{%- for command in user %} {%- for command in commands %}
{%- if command is mapping %}
{%- for target, targetcommands in command.items() %}
- {% raw %}'{% endraw %}{{ target }}{% raw %}'{% endraw %}:
{%- for targetcommand in targetcommands %}
- {% raw %}'{% endraw %}{{ targetcommand }}{% raw %}'{% endraw %}
{%- endfor -%}
{%- endfor -%}
{%- else %}
- {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %} - {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %}
{%- endif %}
{%- endfor -%} {%- endfor -%}
{%- endfor -%} {%- endfor -%}
{% elif 'client_acl' in cfg_master -%} {% elif 'client_acl' in cfg_master -%}
@ -420,11 +445,6 @@ publisher_acl:
{%- endfor -%} {%- endfor -%}
{%- endfor -%} {%- endfor -%}
{% else -%} {% else -%}
#publisher_acl:
# larry:
# - test.ping
# - network.*
#
{%- endif %} {%- endif %}
# Blacklist any of the following users or modules # Blacklist any of the following users or modules