Merge pull request #1 from saltstack-formulas/master

Update from upstream
This commit is contained in:
Tim Jones 2014-12-14 00:35:37 +01:00
commit 26c4578f99
3 changed files with 39 additions and 16 deletions

View File

@ -8,6 +8,7 @@ users:
fullname: B User
password: $6$w.............
home: /custom/buser
createhome: True
sudouser: True
sudo_rules:
- ALL=(root) /usr/bin/find
@ -24,6 +25,8 @@ users:
pubkey: PUBLICKEY
ssh_auth:
- PUBLICKEY
ssh_auth.absent:
- PUBLICKEY_TO_BE_REMOVED
## Absent user
cuser:

View File

@ -26,7 +26,7 @@
- name: {{ home }}
- user: {{ name }}
- group: {{ user_group }}
- mode: 0755
- mode: {{ user.get('user_dir_mode', '0750') }}
- require:
- user: {{ name }}
- group: {{ user_group }}
@ -40,7 +40,7 @@
user.present:
- name: {{ name }}
- home: {{ home }}
- shell: {{ user.get('shell', '/bin/bash') }}
- shell: {{ user.get('shell', users.get('shell', '/bin/bash')) }}
{% if 'uid' in user -%}
- uid: {{ user['uid'] }}
{% endif -%}
@ -55,6 +55,10 @@
{% if 'fullname' in user %}
- fullname: {{ user['fullname'] }}
{% endif -%}
{% if not user.get('createhome', True) %}
- createhome: False
{% endif %}
- remove_groups: {{ user.get('remove_groups', 'False') }}
- groups:
- {{ user_group }}
{% for group in user.get('groups', []) -%}
@ -123,6 +127,17 @@ ssh_auth_{{ name }}_{{ loop.index0 }}:
{% endfor %}
{% endif %}
{% if 'ssh_auth.absent' in user %}
{% for auth in user['ssh_auth.absent'] %}
ssh_auth_delete_{{ name }}_{{ loop.index0 }}:
ssh_auth.absent:
- user: {{ name }}
- name: {{ auth }}
- require:
- file: {{ name }}_user
- user: {{ name }}_user
{% endfor %}
{% endif %}
{% if 'sudouser' in user and user['sudouser'] %}
{% if not used_sudo %}
@ -133,7 +148,7 @@ include:
sudoer-{{ name }}:
file.managed:
- name: {{ users.sudoers_dir }}{{ name }}
- name: {{ users.sudoers_dir }}/{{ name }}
- user: root
- group: {{ users.root_group }}
- mode: '0440'
@ -141,16 +156,17 @@ sudoer-{{ name }}:
{% for rule in user['sudo_rules'] %}
"validate {{ name }} sudo rule {{ loop.index0 }} {{ name }} {{ rule }}":
cmd.run:
- name: 'visudo -cf - <<<"$rule"'
- name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }'
- stateful: True
- shell: {{ users.visudo_shell }}
- env:
# Specify the rule via an env var to avoid shell quoting issues.
- rule: "{{ name }} {{ rule }}"
- require_in:
- file: {{ users.sudoers_dir }}{{ name }}
- file: {{ users.sudoers_dir }}/{{ name }}
{% endfor %}
{{ users.sudoers_dir }}{{ name }}:
{{ users.sudoers_dir }}/{{ name }}:
file.managed:
- contents: |
{%- for rule in user['sudo_rules'] %}
@ -161,9 +177,9 @@ sudoer-{{ name }}:
- file: sudoer-{{ name }}
{% endif %}
{% else %}
{{ users.sudoers_dir }}{{ name }}:
{{ users.sudoers_dir }}/{{ name }}:
file.absent:
- name: {{ users.sudoers_dir }}{{ name }}
- name: {{ users.sudoers_dir }}/{{ name }}
{% endif %}
{% endfor %}
@ -181,17 +197,17 @@ sudoer-{{ name }}:
{% else %}
user.absent
{% endif -%}
{{ users.sudoers_dir }}{{ name }}:
{{ users.sudoers_dir }}/{{ name }}:
file.absent:
- name: {{ users.sudoers_dir }}{{ name }}
- name: {{ users.sudoers_dir }}/{{ name }}
{% endfor %}
{% for user in pillar.get('absent_users', []) %}
{{ user }}:
user.absent
{{ users.sudoers_dir }}{{ user }}:
{{ users.sudoers_dir }}/{{ user }}:
file.absent:
- name: {{ users.sudoers_dir }}{{ user }}
- name: {{ users.sudoers_dir }}/{{ user }}
{% endfor %}
{% for group in pillar.get('absent_groups', []) %}

View File

@ -1,33 +1,37 @@
# vim: sts=2 ts=2 sw=2 et ai
{% set users = salt['grains.filter_by']({
'Debian': {
'sudoers_dir': '/etc/sudoers.d/',
'sudoers_dir': '/etc/sudoers.d',
'sudoers_file': '/etc/sudoers',
'root_group': 'root',
'shell': '/bin/bash',
'visudo_shell': '/bin/bash',
'bash_package': 'bash',
'sudo_package': 'sudo',
},
'Gentoo': {
'sudoers_dir': '/etc/sudoers.d/',
'sudoers_dir': '/etc/sudoers.d',
'sudoers_file': '/etc/sudoers',
'root_group': 'root',
'shell': '/bin/bash',
'visudo_shell': '/bin/bash',
'bash_package': 'app-shells/bash',
'sudo_package': 'app-admin/sudo',
},
'FreeBSD': {
'sudoers_dir': '/usr/local/etc/sudoers.d/',
'sudoers_dir': '/usr/local/etc/sudoers.d',
'sudoers_file': '/usr/local/etc/sudoers',
'root_group': 'wheel',
'shell': '/bin/csh',
'visudo_shell': '/usr/local/bin/bash',
'bash_package': 'bash',
'sudo_package': 'sudo',
},
'default': {
'sudoers_dir': '/etc/sudoers.d/',
'sudoers_dir': '/etc/sudoers.d',
'sudoers_file': '/etc/sudoers',
'root_group': 'root',
'shell': '/bin/bash',
'visudo_shell': '/bin/bash',
'bash_package': 'bash',
'sudo_package': 'sudo',