From 34328aff1cbb626d4e76893415e205054211c871 Mon Sep 17 00:00:00 2001 From: Daniel Kraemer Date: Tue, 4 Oct 2016 20:53:01 +0200 Subject: [PATCH 1/9] add support for multiple private and public keys --- users/init.sls | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/users/init.sls b/users/init.sls index b8dbf9a..099a8f0 100644 --- a/users/init.sls +++ b/users/init.sls @@ -170,35 +170,44 @@ user_keydir_{{ name }}: {% endif %} {% if 'ssh_keys' in user %} - {% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %} -users_user_{{ name }}_private_key: + {% for _key in user.ssh_keys.keys() %} + {% if _key == 'privkey' %} + {% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') %} + {% elif _key == 'pubkey' %} + {% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') + '.pub' %} + {% else %} + {% set key_name = _key %} + {% endif %} +users_{{ name }}_{{ key_name }}_private_key: file.managed: - - name: {{ home }}/.ssh/{{ key_type }} + - name: {{ home }}/.ssh/{{ key_name }} - user: {{ name }} - group: {{ user_group }} - mode: 600 - show_diff: False - - contents_pillar: users:{{ name }}:ssh_keys:privkey + - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }} - require: - user: users_{{ name }}_user {% for group in user.get('groups', []) %} - group: users_{{ name }}_{{ group }}_group {% endfor %} -users_user_{{ name }}_public_key: +users_{{ name }}_{{ key_name }}_public_key: file.managed: - - name: {{ home }}/.ssh/{{ key_type }}.pub + - name: {{ home }}/.ssh/{{ key_name }} - user: {{ name }} - group: {{ user_group }} - mode: 644 - show_diff: False - - contents_pillar: users:{{ name }}:ssh_keys:pubkey + - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }} - require: - user: users_{{ name }}_user {% for group in user.get('groups', []) %} - group: users_{{ name }}_{{ group }}_group {% endfor %} + {% endfor %} {% endif %} + {% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %} users_authorized_keys_{{ name }}: file.managed: From c98aa35392419d5c3089620e398a8b190dd030a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Kr=C3=A4mer?= Date: Sat, 8 Apr 2017 16:45:17 +0200 Subject: [PATCH 2/9] provide pillar example --- pillar.example | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pillar.example b/pillar.example index 220badc..6f65d95 100644 --- a/pillar.example +++ b/pillar.example @@ -50,6 +50,9 @@ users: ssh_keys: privkey: PRIVATEKEY pubkey: PUBLICKEY + # you can provide multiple keys, the keyname is takes as filename + foobar: PRIVATEKEY + foobar.pub: PUBLICKEY # ... or you can pull them from a different pillar, # for example one called "ssh_keys": ssh_keys_pillar: From 23c5df213046ba29af544ad5c690f75d3737c158 Mon Sep 17 00:00:00 2001 From: Silvio Kunaschk Date: Sun, 9 Jul 2017 16:06:17 +0200 Subject: [PATCH 3/9] fixed insertion of multiple authorized keys via ssh_auth_pillar --- users/init.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/users/init.sls b/users/init.sls index 3d31967..0e5d413 100644 --- a/users/init.sls +++ b/users/init.sls @@ -217,8 +217,9 @@ users_authorized_keys_{{ name }}: {{ auth }} {% endfor -%} {% else %} + - contents: | {%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %} - - contents_pillar: {{ pillar_name }}:{{ key_name }}:pubkey + {{ salt['pillar.get'](pillar_name + ':' + key_name + ':pubkey', '') }} {%- endfor %} {% endif %} {% endif %} From 4da9b00e75bed2ef5a7a371e62620df5934493aa Mon Sep 17 00:00:00 2001 From: Jerry van Leeuwen Date: Thu, 21 Sep 2017 20:30:29 -0700 Subject: [PATCH 4/9] Add 'template' support to 'user_files' (#159) * Add support for 'template' in 'user_files' * Fix-up wrong nesting level for template value * Small quality improvement for push upstream. * Consistency improvement for variable name --- pillar.example | 1 + users/user_files.sls | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/pillar.example b/pillar.example index db93f1f..95de009 100644 --- a/pillar.example +++ b/pillar.example @@ -125,6 +125,7 @@ users: # should be a salt fileserver path either with or without 'salt://' # if not present, it defaults to 'salt://users/files/user/ source: users/files/default + template: jinja # You can specify octal mode for files and symlinks that will be copied. Since version 2016.11.0 # it's possible to use 'keep' for file_mode, to preserve file original mode, thus you can save # execution bit for example. diff --git a/users/user_files.sls b/users/user_files.sls index dc654fe..874f0c2 100644 --- a/users/user_files.sls +++ b/users/user_files.sls @@ -9,6 +9,7 @@ include: {%- set user_files = salt['pillar.get'](('users:' ~ username ~ ':user_files'), {'enabled': False}) -%} {%- set user_group = salt['pillar.get'](('users:' ~ username ~ ':prime_group:name'), username) -%} {%- set user_home = salt['pillar.get'](('users:' ~ username ~ ':home'), current.get('home', '/home/' ~ username )) -%} +{%- set user_files_template = salt['pillar.get'](('users:' ~ username ~ ':user_files:template'), None) -%} {%- set user_files_file_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:file_mode'), False) -%} {%- set user_files_sym_mode = salt['pillar.get'](('users:' ~ username ~ ':user_files:sym_mode'), False) -%} {%- if user_files.enabled -%} @@ -36,6 +37,9 @@ users_userfiles_{{ username }}_recursive: - source: {{ file_source }} - user: {{ username }} - group: {{ user_group }} + {%- if user_files_template is not None -%} + - template: {{ user_files_template }} + {%- endif -%} - clean: False {% if user_files_file_mode -%} - file_mode: {{ user_files_file_mode }} From 6993e2398fd1d9a92cc9618428e6a1a203c4d68d Mon Sep 17 00:00:00 2001 From: Jerry van Leeuwen Date: Fri, 22 Sep 2017 15:01:25 -0700 Subject: [PATCH 5/9] Broken conditional and lack of line spacing --- users/user_files.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/users/user_files.sls b/users/user_files.sls index 874f0c2..af81e96 100644 --- a/users/user_files.sls +++ b/users/user_files.sls @@ -37,9 +37,9 @@ users_userfiles_{{ username }}_recursive: - source: {{ file_source }} - user: {{ username }} - group: {{ user_group }} - {%- if user_files_template is not None -%} + {% if user_files_template -%} - template: {{ user_files_template }} - {%- endif -%} + {% endif -%} - clean: False {% if user_files_file_mode -%} - file_mode: {{ user_files_file_mode }} From ac1f334a43178744734b9961f6c690dd9fea9730 Mon Sep 17 00:00:00 2001 From: Silvio Kunaschk Date: Sun, 24 Sep 2017 12:16:43 +0200 Subject: [PATCH 6/9] corrected saltversioninfo check expression --- users/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/users/init.sls b/users/init.sls index f910ea3..9b6f1ac 100644 --- a/users/init.sls +++ b/users/init.sls @@ -462,7 +462,7 @@ users_googleauth-{{ svc }}-{{ name }}: {% if 'gitconfig' in user %} {% for key, value in user['gitconfig'].items() %} users_{{ name }}_user_gitconfig_{{ loop.index0 }}: - {% if grains['saltversioninfo'] >= (2015, 8, 0, 0) %} + {% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %} git.config_set: {% else %} git.config: @@ -470,7 +470,7 @@ users_{{ name }}_user_gitconfig_{{ loop.index0 }}: - name: {{ key }} - value: "{{ value }}" - user: {{ name }} - {% if grains['saltversioninfo'] >= (2015, 8, 0, 0) %} + {% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %} - global: True {% else %} - is_global: True From c78516f8e0db042e3c09a5cc39e3a31113ad882c Mon Sep 17 00:00:00 2001 From: Daniel Kraemer Date: Tue, 26 Sep 2017 14:49:45 +0200 Subject: [PATCH 7/9] i don't know what made me do this, maybe brainlag --- users/init.sls | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/users/init.sls b/users/init.sls index 099a8f0..a1bb4a0 100644 --- a/users/init.sls +++ b/users/init.sls @@ -178,7 +178,7 @@ user_keydir_{{ name }}: {% else %} {% set key_name = _key %} {% endif %} -users_{{ name }}_{{ key_name }}_private_key: +users_{{ name }}_{{ key_name }}_key: file.managed: - name: {{ home }}/.ssh/{{ key_name }} - user: {{ name }} @@ -191,19 +191,6 @@ users_{{ name }}_{{ key_name }}_private_key: {% for group in user.get('groups', []) %} - group: users_{{ name }}_{{ group }}_group {% endfor %} -users_{{ name }}_{{ key_name }}_public_key: - file.managed: - - name: {{ home }}/.ssh/{{ key_name }} - - user: {{ name }} - - group: {{ user_group }} - - mode: 644 - - show_diff: False - - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }} - - require: - - user: users_{{ name }}_user - {% for group in user.get('groups', []) %} - - group: users_{{ name }}_{{ group }}_group - {% endfor %} {% endfor %} {% endif %} From d8d20176295f88489a50d8b5091582ac4e5006ab Mon Sep 17 00:00:00 2001 From: Daniel Kraemer Date: Thu, 28 Sep 2017 08:22:25 +0200 Subject: [PATCH 8/9] adjust file permissions of public ssh-keys --- pillar.example | 3 ++- users/init.sls | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/pillar.example b/pillar.example index 6f65d95..b0024d2 100644 --- a/pillar.example +++ b/pillar.example @@ -50,7 +50,8 @@ users: ssh_keys: privkey: PRIVATEKEY pubkey: PUBLICKEY - # you can provide multiple keys, the keyname is takes as filename + # you can provide multiple keys, the keyname is taken as filename + # make sure your public keys suffix is .pub foobar: PRIVATEKEY foobar.pub: PUBLICKEY # ... or you can pull them from a different pillar, diff --git a/users/init.sls b/users/init.sls index a1bb4a0..96d733e 100644 --- a/users/init.sls +++ b/users/init.sls @@ -183,7 +183,11 @@ users_{{ name }}_{{ key_name }}_key: - name: {{ home }}/.ssh/{{ key_name }} - user: {{ name }} - group: {{ user_group }} + {% if key_name.endswith(".pub") %} + - mode: 644 + {% else %} - mode: 600 + {% endif %} - show_diff: False - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }} - require: From fdc5ceae2c074c0b381eed5fe456f72d83771d91 Mon Sep 17 00:00:00 2001 From: Karsten Kosmala Date: Sun, 3 Dec 2017 14:46:52 +0100 Subject: [PATCH 9/9] Use correct pillar to set users homephone --- users/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/init.sls b/users/init.sls index a33d206..0206ba3 100644 --- a/users/init.sls +++ b/users/init.sls @@ -116,7 +116,7 @@ users_{{ name }}_user: - workphone: {{ user['workphone'] }} {% endif %} {% if 'homephone' in user %} - - homephone: {{ user['workphone'] }} + - homephone: {{ user['homephone'] }} {% endif %} {% if not user.get('createhome', True) %} - createhome: False