From d3b46a3648a1e90833b6aa747e65e3e2b9475406 Mon Sep 17 00:00:00 2001
From: Vitali Quiering <vitali@quiering.com>
Date: Fri, 24 Mar 2017 13:07:19 +0100
Subject: [PATCH] add publisher_acl to salt master config

---
 salt/files/master.d/f_defaults.conf | 44 +++++++++++++++++++++++++++--
 1 file changed, 41 insertions(+), 3 deletions(-)

diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf
index 36346ce..40761c7 100644
--- a/salt/files/master.d/f_defaults.conf
+++ b/salt/files/master.d/f_defaults.conf
@@ -332,7 +332,24 @@ event_return_blacklist:
 # This setting should be treated with care since it opens up execution
 # capabilities to non root users. By default this capability is completely
 # disabled.
-{% if 'client_acl' in cfg_master -%}
+{% if 'publisher_acl' in cfg_master -%}
+{%- do default_keys.append('publisher_acl') %}
+publisher_acl:
+{%- for name, user in cfg_master['publisher_acl']|dictsort %}
+  {{ name}}:
+{%- for command in user %}
+    - {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %}
+{%- endfor -%}
+{%- endfor -%}
+{% elif 'publisher_acl' in cfg_salt -%}
+publisher_acl:
+{%- for name, user in cfg_salt['publisher_acl']|dictsort %}
+  {{ name }}:
+{%- for command in user %}
+    - {% raw %}'{% endraw %}{{ command }}{% raw %}'{% endraw %}
+{%- endfor -%}
+{%- endfor -%}
+{% elif 'client_acl' in cfg_master -%}
 {%- do default_keys.append('client_acl') %}
 client_acl:
 {%- for name, user in cfg_master['client_acl']|dictsort %}
@@ -350,7 +367,7 @@ client_acl:
 {%- endfor -%}
 {%- endfor -%}
 {% else -%}
-#client_acl:
+#publisher_acl:
 #  larry:
 #    - test.ping
 #    - network.*
@@ -361,7 +378,28 @@ client_acl:
 # This example would blacklist all non sudo users, including root from
 # running any commands. It would also blacklist any use of the "cmd"
 # module. This is completely disabled by default.
-{% if 'client_acl_blacklist' in cfg_master %}
+{% if 'publisher_acl_blacklist' in cfg_master %}
+{%- do default_keys.append('publisher_acl_blacklist') %}
+publisher_acl_blacklist:
+  users:
+  {% for user in cfg_master['publisher_acl_blacklist'].get('users', []) %}
+    - {{ user }}
+  {% endfor %}
+  modules:
+  {% for mod in cfg_master['publisher_acl_blacklist'].get('modules', []) %}
+    - {{ mod }}
+  {% endfor %}
+{% elif 'publisher_acl_blacklist' in cfg_salt  %}
+publisher_acl_blacklist:
+  users:
+  {% for user in cfg_salt['publisher_acl_blacklist'].get('users', []) %}
+    - {{ user }}
+  {% endfor %}
+  modules:
+  {% for mod in cfg_salt['publisher_acl_blacklist'].get('modules', []) %}
+    - {{ mod }}
+  {% endfor %}
+{% elif 'client_acl_blacklist' in cfg_master %}
 {%- do default_keys.append('client_acl_blacklist') %}
 client_acl_blacklist:
   users: