saltstack-formulas/users-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1 from saltstack-formulas/master

Browse Source 
Update from upstream
This commit is contained in:
Tim Jones 2014-12-14 00:35:37 +01:00
commit 26c4578f99
3 changed files with 39 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pillar.example
View File

@ -8,6 +8,7 @@ users:
fullname: B User fullname: B User
password: $6$w............. password: $6$w.............
home: /custom/buser home: /custom/buser
createhome: True
sudouser: True sudouser: True
sudo_rules: sudo_rules:
- ALL=(root) /usr/bin/find - ALL=(root) /usr/bin/find
@ -24,6 +25,8 @@ users:
pubkey: PUBLICKEY pubkey: PUBLICKEY
ssh_auth: ssh_auth:
- PUBLICKEY - PUBLICKEY
ssh_auth.absent:
- PUBLICKEY_TO_BE_REMOVED
## Absent user ## Absent user
cuser: cuser:

40
users/init.sls
View File

@ -26,7 +26,7 @@
- name: {{ home }} - name: {{ home }}
- user: {{ name }} - user: {{ name }}
- group: {{ user_group }} - group: {{ user_group }}
- mode: 0755 - mode: {{ user.get('user_dir_mode', '0750') }}
- require: - require:
- user: {{ name }} - user: {{ name }}
- group: {{ user_group }} - group: {{ user_group }}
@ -40,7 +40,7 @@
user.present: user.present:
- name: {{ name }} - name: {{ name }}
- home: {{ home }} - home: {{ home }}
- shell: {{ user.get('shell', '/bin/bash') }} - shell: {{ user.get('shell', users.get('shell', '/bin/bash')) }}
{% if 'uid' in user -%} {% if 'uid' in user -%}
- uid: {{ user['uid'] }} - uid: {{ user['uid'] }}
{% endif -%} {% endif -%}
@ -55,6 +55,10 @@
{% if 'fullname' in user %} {% if 'fullname' in user %}
- fullname: {{ user['fullname'] }} - fullname: {{ user['fullname'] }}
{% endif -%} {% endif -%}
{% if not user.get('createhome', True) %}
- createhome: False
{% endif %}
- remove_groups: {{ user.get('remove_groups', 'False') }}
- groups: - groups:
- {{ user_group }} - {{ user_group }}
{% for group in user.get('groups', []) -%} {% for group in user.get('groups', []) -%}
@ -123,6 +127,17 @@ ssh_auth_{{ name }}_{{ loop.index0 }}:
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if 'ssh_auth.absent' in user %}
{% for auth in user['ssh_auth.absent'] %}
ssh_auth_delete_{{ name }}_{{ loop.index0 }}:
ssh_auth.absent:
- user: {{ name }}
- name: {{ auth }}
- require:
- file: {{ name }}_user
- user: {{ name }}_user
{% endfor %}
{% endif %}
{% if 'sudouser' in user and user['sudouser'] %} {% if 'sudouser' in user and user['sudouser'] %}
{% if not used_sudo %} {% if not used_sudo %}
@ -133,7 +148,7 @@ include:
sudoer-{{ name }}: sudoer-{{ name }}:
file.managed: file.managed:
- name: {{ users.sudoers_dir }}{{ name }} - name: {{ users.sudoers_dir }}/{{ name }}
- user: root - user: root
- group: {{ users.root_group }} - group: {{ users.root_group }}
- mode: '0440' - mode: '0440'
@ -141,16 +156,17 @@ sudoer-{{ name }}:
{% for rule in user['sudo_rules'] %} {% for rule in user['sudo_rules'] %}
"validate {{ name }} sudo rule {{ loop.index0 }} {{ name }} {{ rule }}": "validate {{ name }} sudo rule {{ loop.index0 }} {{ name }} {{ rule }}":
cmd.run: cmd.run:
- name: 'visudo -cf - <<<"$rule"' - name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }'
- stateful: True
- shell: {{ users.visudo_shell }} - shell: {{ users.visudo_shell }}
- env: - env:
# Specify the rule via an env var to avoid shell quoting issues. # Specify the rule via an env var to avoid shell quoting issues.
- rule: "{{ name }} {{ rule }}" - rule: "{{ name }} {{ rule }}"
- require_in: - require_in:
- file: {{ users.sudoers_dir }}{{ name }} - file: {{ users.sudoers_dir }}/{{ name }}
{% endfor %} {% endfor %}
{{ users.sudoers_dir }}{{ name }}: {{ users.sudoers_dir }}/{{ name }}:
file.managed: file.managed:
- contents: | - contents: |
{%- for rule in user['sudo_rules'] %} {%- for rule in user['sudo_rules'] %}
@ -161,9 +177,9 @@ sudoer-{{ name }}:
- file: sudoer-{{ name }} - file: sudoer-{{ name }}
{% endif %} {% endif %}
{% else %} {% else %}
{{ users.sudoers_dir }}{{ name }}: {{ users.sudoers_dir }}/{{ name }}:
file.absent: file.absent:
- name: {{ users.sudoers_dir }}{{ name }} - name: {{ users.sudoers_dir }}/{{ name }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
@ -181,17 +197,17 @@ sudoer-{{ name }}:
{% else %} {% else %}
user.absent user.absent
{% endif -%} {% endif -%}
{{ users.sudoers_dir }}{{ name }}: {{ users.sudoers_dir }}/{{ name }}:
file.absent: file.absent:
- name: {{ users.sudoers_dir }}{{ name }} - name: {{ users.sudoers_dir }}/{{ name }}
{% endfor %} {% endfor %}
{% for user in pillar.get('absent_users', []) %} {% for user in pillar.get('absent_users', []) %}
{{ user }}: {{ user }}:
user.absent user.absent
{{ users.sudoers_dir }}{{ user }}: {{ users.sudoers_dir }}/{{ user }}:
file.absent: file.absent:
- name: {{ users.sudoers_dir }}{{ user }} - name: {{ users.sudoers_dir }}/{{ user }}
{% endfor %} {% endfor %}
{% for group in pillar.get('absent_groups', []) %} {% for group in pillar.get('absent_groups', []) %}

12
users/map.jinja
View File

@ -1,33 +1,37 @@
# vim: sts=2 ts=2 sw=2 et ai # vim: sts=2 ts=2 sw=2 et ai
{% set users = salt['grains.filter_by']({ {% set users = salt['grains.filter_by']({
'Debian': { 'Debian': {
'sudoers_dir': '/etc/sudoers.d/', 'sudoers_dir': '/etc/sudoers.d',
'sudoers_file': '/etc/sudoers', 'sudoers_file': '/etc/sudoers',
'root_group': 'root', 'root_group': 'root',
'shell': '/bin/bash',
'visudo_shell': '/bin/bash', 'visudo_shell': '/bin/bash',
'bash_package': 'bash', 'bash_package': 'bash',
'sudo_package': 'sudo', 'sudo_package': 'sudo',
}, },
'Gentoo': { 'Gentoo': {
'sudoers_dir': '/etc/sudoers.d/', 'sudoers_dir': '/etc/sudoers.d',
'sudoers_file': '/etc/sudoers', 'sudoers_file': '/etc/sudoers',
'root_group': 'root', 'root_group': 'root',
'shell': '/bin/bash',
'visudo_shell': '/bin/bash', 'visudo_shell': '/bin/bash',
'bash_package': 'app-shells/bash', 'bash_package': 'app-shells/bash',
'sudo_package': 'app-admin/sudo', 'sudo_package': 'app-admin/sudo',
}, },
'FreeBSD': { 'FreeBSD': {
'sudoers_dir': '/usr/local/etc/sudoers.d/', 'sudoers_dir': '/usr/local/etc/sudoers.d',
'sudoers_file': '/usr/local/etc/sudoers', 'sudoers_file': '/usr/local/etc/sudoers',
'root_group': 'wheel', 'root_group': 'wheel',
'shell': '/bin/csh',
'visudo_shell': '/usr/local/bin/bash', 'visudo_shell': '/usr/local/bin/bash',
'bash_package': 'bash', 'bash_package': 'bash',
'sudo_package': 'sudo', 'sudo_package': 'sudo',
}, },
'default': { 'default': {
'sudoers_dir': '/etc/sudoers.d/', 'sudoers_dir': '/etc/sudoers.d',
'sudoers_file': '/etc/sudoers', 'sudoers_file': '/etc/sudoers',
'root_group': 'root', 'root_group': 'root',
'shell': '/bin/bash',
'visudo_shell': '/bin/bash', 'visudo_shell': '/bin/bash',
'bash_package': 'bash', 'bash_package': 'bash',
'sudo_package': 'sudo', 'sudo_package': 'sudo',