saltstack-formulas/users-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #67 from daschatten/master

Browse Source 
Add prefix 'users_' to all first level keys to prevent duplicate ids …
This commit is contained in:
Forrest 2015-05-06 15:39:50 -07:00
commit 9b11ec775b
3 changed files with 55 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
users/googleauth.sls
View File

@ -1,15 +1,15 @@
# vim: sts=2 ts=2 sw=2 et ai
{% from "users/map.jinja" import users with context %}
googleauth-package:
users_googleauth-package:
pkg.installed:
- name: {{ users.googleauth_package }}
- require:
- file: {{ users.googleauth_dir }}
{{ users.googleauth_dir }}:
file:
- directory
users_{{ users.googleauth_dir }}:
file.directory:
- name: {{ users.googleauth_dir }}
- user: root
- group: {{ users.root_group }}
- mode: 600

79
users/init.sls
View File

@ -38,13 +38,13 @@ include:
{%- endif %}
{% for group in user.get('groups', []) %}
{{ name }}_{{ group }}_group:
users_{{ name }}_{{ group }}_group:
group:
- name: {{ group }}
- present
{% endfor %}
{{ name }}_user:
users_{{ name }}_user:
{% if user.get('createhome', True) %}
file.directory:
- name: {{ home }}
@ -98,7 +98,7 @@ include:
- group: {{ group }}
{% endfor %}
user_keydir_{{ name }}:
users_user_keydir_{{ name }}:
file.directory:
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh
- user: {{ name }}
@ -114,7 +114,7 @@ user_keydir_{{ name }}:
{% if 'ssh_keys' in user %}
{% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %}
user_{{ name }}_private_key:
users_user_{{ name }}_private_key:
file.managed:
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }}
- user: {{ name }}
@ -123,11 +123,11 @@ user_{{ name }}_private_key:
- show_diff: False
- contents_pillar: users:{{ name }}:ssh_keys:privkey
- require:
- user: {{ name }}_user
- user: users_{{ name }}_user
{% for group in user.get('groups', []) %}
- group: {{ name }}_{{ group }}_group
- group: users_{{ name }}_{{ group }}_group
{% endfor %}
user_{{ name }}_public_key:
users_user_{{ name }}_public_key:
file.managed:
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }}.pub
- user: {{ name }}
@ -136,15 +136,16 @@ user_{{ name }}_public_key:
- show_diff: False
- contents_pillar: users:{{ name }}:ssh_keys:pubkey
- require:
- user: {{ name }}_user
- user: users_{{ name }}_user
{% for group in user.get('groups', []) %}
- group: {{ name }}_{{ group }}_group
- group: users_{{ name }}_{{ group }}_group
{% endfor %}
{% endif %}
{% if 'ssh_auth_file' in user %}
{{ home }}/.ssh/authorized_keys:
users_authorized_keys_{{ name }}:
file.managed:
- name: {{ home }}/.ssh/authorized_keys
- user: {{ name }}
- group: {{ name }}
- mode: 600
@ -156,25 +157,25 @@ user_{{ name }}_public_key:
{% if 'ssh_auth' in user %}
{% for auth in user['ssh_auth'] %}
ssh_auth_{{ name }}_{{ loop.index0 }}:
users_ssh_auth_{{ name }}_{{ loop.index0 }}:
ssh_auth.present:
- user: {{ name }}
- name: {{ auth }}
- require:
- file: {{ name }}_user
- user: {{ name }}_user
- file: users_{{ name }}_user
- user: users_{{ name }}_user
{% endfor %}
{% endif %}
{% if 'ssh_keys_pillar' in user %}
{% for key_name, pillar_name in user['ssh_keys_pillar'].iteritems() %}
ssh_keys_files_{{ name }}_{{ key_name }}_pub:
users_ssh_keys_files_{{ name }}_{{ key_name }}_pub:
file.managed:
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_name
}}.pub
- contents: |
{{ pillar[pillar_name][key_name]['pubkey'] }}
ssh_keys_files_{{ name }}_{{ key_name }}_priv:
users_ssh_keys_files_{{ name }}_{{ key_name }}_priv:
file.managed:
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_name
}}
@ -185,31 +186,31 @@ ssh_keys_files_{{ name }}_{{ key_name }}_priv:
{% if 'ssh_auth_sources' in user %}
{% for pubkey_file in user['ssh_auth_sources'] %}
ssh_auth_source_{{ name }}_{{ loop.index0 }}:
users_ssh_auth_source_{{ name }}_{{ loop.index0 }}:
ssh_auth.present:
- user: {{ name }}
- source: {{ pubkey_file }}
- require:
- file: {{ name }}_user
- user: {{ name }}_user
- file: users_{{ name }}_user
- user: users_{{ name }}_user
{% endfor %}
{% endif %}
{% if 'ssh_auth.absent' in user %}
{% for auth in user['ssh_auth.absent'] %}
ssh_auth_delete_{{ name }}_{{ loop.index0 }}:
users_ssh_auth_delete_{{ name }}_{{ loop.index0 }}:
ssh_auth.absent:
- user: {{ name }}
- name: {{ auth }}
- require:
- file: {{ name }}_user
- user: {{ name }}_user
- file: users_{{ name }}_user
- user: users_{{ name }}_user
{% endfor %}
{% endif %}
{% if 'sudouser' in user and user['sudouser'] %}
sudoer-{{ name }}:
users_sudoer-{{ name }}:
file.managed:
- name: {{ users.sudoers_dir }}/{{ name }}
- user: root
@ -227,7 +228,7 @@ sudoer-{{ name }}:
# Specify the rule via an env var to avoid shell quoting issues.
- rule: "{{ name }} {{ rule }}"
- require_in:
- file: {{ users.sudoers_dir }}/{{ name }}
- file: users_{{ users.sudoers_dir }}/{{ name }}
{% endfor %}
{% endif %}
{% if 'sudo_defaults' in user %}
@ -241,12 +242,13 @@ sudoer-{{ name }}:
# Specify the rule via an env var to avoid shell quoting issues.
- rule: "Defaults:{{ name }} {{ entry }}"
- require_in:
- file: {{ users.sudoers_dir }}/{{ name }}
- file: users_{{ users.sudoers_dir }}/{{ name }}
{% endfor %}
{% endif %}
{{ users.sudoers_dir }}/{{ name }}:
users_{{ users.sudoers_dir }}/{{ name }}:
file.managed:
- name: {{ users.sudoers_dir }}/{{ name }}
- contents: |
{%- if 'sudo_defaults' in user %}
{%- for entry in user['sudo_defaults'] %}
@ -259,18 +261,18 @@ sudoer-{{ name }}:
{%- endfor %}
{%- endif %}
- require:
- file: sudoer-defaults
- file: sudoer-{{ name }}
- file: users_sudoer-defaults
- file: users_sudoer-{{ name }}
{% endif %}
{% else %}
{{ users.sudoers_dir }}/{{ name }}:
users_{{ users.sudoers_dir }}/{{ name }}:
file.absent:
- name: {{ users.sudoers_dir }}/{{ name }}
{% endif %}
{%- if 'google_auth' in user %}
{%- for svc in user['google_auth'] %}
googleauth-{{ svc }}-{{ name }}:
users_googleauth-{{ svc }}-{{ name }}:
file.managed:
- replace: false
- name: {{ users.googleauth_dir }}/{{ name }}_{{ svc }}
@ -279,16 +281,17 @@ googleauth-{{ svc }}-{{ name }}:
- group: {{ users.root_group }}
- mode: 600
- require:
- pkg: googleauth-package
- pkg: users_googleauth-package
{%- endfor %}
{%- endif %}
{% endfor %}
{% for name, user in pillar.get('users', {}).items() if user.absent is defined and user.absent %}
{{ name }}:
users_absent_user_{{ name }}:
{% if 'purge' in user or 'force' in user %}
user.absent:
- name: {{ name }}
{% if 'purge' in user %}
- purge: {{ user['purge'] }}
{% endif %}
@ -296,23 +299,25 @@ googleauth-{{ svc }}-{{ name }}:
- force: {{ user['force'] }}
{% endif %}
{% else %}
user.absent
user.absent:
- name: {{ name }}
{% endif -%}
{{ users.sudoers_dir }}/{{ name }}:
users_{{ users.sudoers_dir }}/{{ name }}:
file.absent:
- name: {{ users.sudoers_dir }}/{{ name }}
{% endfor %}
{% for user in pillar.get('absent_users', []) %}
{{ user }}:
users_absent_user_2_{{ user }}:
user.absent
{{ users.sudoers_dir }}/{{ user }}:
users_2_{{ users.sudoers_dir }}/{{ user }}:
file.absent:
- name: {{ users.sudoers_dir }}/{{ user }}
{% endfor %}
{% for group in pillar.get('absent_groups', []) %}
{{ group }}:
group.absent
users_absent_group_{{ group }}:
group.absent:
- name: {{ group }}
{% endfor %}

18
users/sudo.sls
View File

@ -2,31 +2,31 @@
{% from "users/map.jinja" import users with context %}
# Ensure availability of bash
bash-package:
users_bash-package:
pkg.installed:
- name: {{ users.bash_package }}
sudo-group:
users_sudo-group:
group.present:
- name: sudo
- system: True
sudo-package:
users_sudo-package:
pkg.installed:
- name: {{ users.sudo_package }}
- require:
- group: sudo-group
- group: users_sudo-group
- file: {{ users.sudoers_dir }}
{{ users.sudoers_dir }}:
file:
- directory
users_{{ users.sudoers_dir }}:
file.directory:
- name: {{ users.sudoers_dir }}
sudoer-defaults:
users_sudoer-defaults:
file.append:
- name: {{ users.sudoers_file }}
- require:
- pkg: sudo-package
- pkg: users_sudo-package
- text:
- Defaults env_reset
- Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"