Added ability to provide pillar path for ssh_auth.

2015-08-21 05:17:49 -05:00 · 2015-08-21 05:17:49 -05:00 · ff189c1613
commit ff189c1613
parent 23ede3ac67
2 changed files with 11 additions and 1 deletions
--- a/pillar.example
+++ b/pillar.example
@ -51,6 +51,9 @@ users:
    # with the given keys
    ssh_auth_file:
      - PUBLICKEY
+    # ... or you can pull them from a different pillar similar to ssh_keys_pillar
+    ssh_auth_pillar:
+      id_rsa: "ssh_keys"
    # If you prefer to keep public keys as files rather
    # than inline in pillar, this works.
    ssh_auth_sources:
--- a/users/init.sls
+++ b/users/init.sls
@ -159,17 +159,24 @@ users_user_{{ name }}_public_key:
      {% endfor %}
  {% endif %}

-{% if 'ssh_auth_file' in user %}
+{% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %}
 users_authorized_keys_{{ name }}:
  file.managed:
    - name: {{ home }}/.ssh/authorized_keys
    - user: {{ name }}
    - group: {{ name }}
    - mode: 600
+{% if 'ssh_auth_file' in user %}
    - contents: |
        {% for auth in user.ssh_auth_file -%}
        {{ auth }}
        {% endfor -%}
+{% else %}
+    - contents: |
+      {%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %}
+      {{ salt['pillar.get'](pillar_name + ':' + key_name + ':pubkey', '') }}
+      {%- endfor %}
+{% endif %}
 {% endif %}

 {% if 'ssh_auth' in user %}