saltstack-formulas/users-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
118 Commits 3 Branches 13 Tags 690 KiB
29ce431151
Commit Graph

48 Commits

Author SHA1 Message Date
Sander Klein
3a8d72b947 Add "Do Not Edit" part 2015-05-16 09:56:20 +02:00
Sander Klein
57c82f3324 Add ~/.ssh/config management 
This adds the ability to manage the ~/.ssh/config file for users.
 2015-05-15 21:47:40 +02:00
Florian Bittner
701326e23f Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user). 2015-05-07 00:07:06 +02:00
Alex Ciobica
031d6ce81f Add pulling keys from other pillar. 
Example pillar:

ssh_keys:
  id_rsa:
    privkey: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY
      U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy
      B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+
      GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI
      -----END RSA PRIVATE KEY-----
    pubkey: |
      ssh-rsa MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2H....
 2015-05-01 18:48:28 +03:00
tiger-seo
1546e2d186 possibility to define user-specific Defaults 2015-04-06 22:34:59 +03:00
Andrew Vant
1f80412da8 Added option to source ssh public keys from files. 2015-04-02 13:01:30 -04:00
root
d416b6d839 Move ssh_auth_file key processing to before ssh_auth key to extend instead of overwrite functionality. 2015-03-13 13:32:39 +01:00
root
fdc2fc2dfc Add 'ssh_auth_file' pillar key to generate an authorized_keys file from given ssh public keys. 2015-02-12 23:09:56 +01:00
Bohdan Kmit
89d6672887 google auth package and config installation 2015-01-14 17:25:17 +00:00
Thomas Juberg
7aa32881b7 Clean up logic check to remove redundant check. 2014-12-31 09:46:03 +01:00
Thomas Juberg
518b06281a If createhome is set to false, don't touch the home directory or its 
permissions.
 2014-12-22 14:32:41 +01:00
Thomas Juberg
e35045801c Add support for setting user expire 2014-12-22 14:22:46 +01:00
Tim Jones
add153e060 Allow '!' prefix in password for locked\disabled accounts. 
Signed-off-by: Tim Jones <me@prototim.com>
 2014-12-17 22:57:54 +01:00
Scott Reeves
ea76d0d84f Remove trailing slash from sudoers_dir 2014-10-24 22:57:44 -04:00
Jason Wolfe
9a71d78d2b Sorry for the spam, simplify this remove_groups rule a bit 2014-10-14 19:05:50 -07:00
Jason Wolfe
a899ee85ec Make sure the logic stands after the default in salt is changed 2014-10-14 17:53:12 -07:00
Jason Wolfe
2a464d3dc3 By default, Salt will remove any groups not listed, so a users groups matches exactly the list you pass. This was added here: 
https://github.com/saltstack/salt/issues/2142

This has been causing issues for many people, as the remove_groups options is undocumented.  In the 2014.7 release this is changing, and remove_groups will default to false:
https://github.com/saltstack/salt/issues/13276

I'm going with false by default, as it's our use case and it will soon be the default.  If people believe this module should default to true and remove groups not listed, I think that's open for discussion, but we should at least add the option.
 2014-10-14 17:22:38 -07:00
Wolodja Wentland
13d7c271f2 Change default shell to /bin/csh on FreeBSD 
This also made it necessary to introduce an additional entry 'shell' into the
users lookup table as the formula previously conflated the shell used for
running the visudo command and the default shell to be used for user accounts.

Fixes: #48
 2014-09-11 16:06:43 +01:00
Alan Pearce
0c3b8ff765 Re-add ability to set shell per-user 2014-09-07 12:30:09 +01:00
Adam Wright
8e1d91b3f1 Add 'createhome' option for 'user.present' state 2014-09-07 13:23:06 +08:00
nike38rus
2cdb73927f Fix issue with bash binary location in FreeBSD 2014-08-13 17:57:01 +09:00
tiger-seo
fda8708ecd added option to specify user home directory mode 2014-08-06 19:22:16 +03:00
7oku
4a8393dca9 added option to remove ssh public keys from auth (ssh_auth.absent) 2014-08-03 01:40:27 +02:00
7oku
94d53d5ee7 modified visudo to only report change in salt when there is an error. 2014-08-03 01:06:02 +02:00
Tim Jones
8a07ab1332 Only include users.sudo when a user with sudouser is declared. 2014-07-28 16:48:08 +00:00
root
8417c6c888 Add support FreeBSD using map.jinja (Tested on Freebsd10) 2014-05-30 12:20:13 +09:00
Ash Berlin
d5923d82e6 Specify bash shell when validating sudo snippet 
Since we are using bash specific features and sometimes you can end up getting /bin/sh - see https://github.com/saltstack-formulas/users-formula/pull/30#issuecomment-44224106
 2014-05-27 22:52:41 +01:00
Seth House
2032369f0b Merge pull request #32 from bsundsrud/sudoer_consistency 
Overwrite a sudoer file rather than append to fix #21
 2014-05-13 11:04:07 -06:00
Benn Sundsrud
e9cc0b29cb Do not echo Public/Private keys to stdout when running the state 2014-05-13 11:37:38 -05:00
Benn Sundsrud
a8b6207265 Overwrite a sudoer file rather than append to fix #21 2014-05-13 11:36:49 -05:00
Ash Berlin
192edba9c5 Validate user sudo rules before applying them 2014-04-28 15:52:43 +01:00
Eric Edgar
757e79c9d2 Add Password capabilities 2014-04-24 21:45:04 -05:00
Slawomir Pucia
07aeb2c4f8 New format of user.absent support introduced. Old format still supported. 2014-04-23 14:49:10 +02:00
Johannes
2416374d2b Fix pubkey privkey typo 
Fixes #22
 2014-03-30 15:00:17 +00:00
Diego Woitasen
0e76454a16 Add absent_groups pillar to remove groups. 2014-03-14 20:07:22 -03:00
Adam Wright
2c58a76ce6 Check for sudo_rules before text.append state. 
Since ebe5198f, if a user's pillar dict didn't contain sudo_rules, a broken
file.append state would be rendered (since some text is required). With
this patch, the file is still created/managed by the previous state, but
will be empty by default if created fresh. This seems a more sensible
default than assuming a default sudoer policy.

Further, since the first word on each rule line should be the user's
name, that is now assumed.
 2014-02-22 08:43:52 +00:00
Greg Shikhman
097b814f67 Changed 'contents' to 'contents_pillar' to correctly parse newlines for private/public SSH keys. 2014-02-16 23:34:47 -05:00
Wolodja Wentland
9636530169 Change .ssh permissions to 700 2014-02-14 14:13:17 +01:00
Steffen Roegner
0f83ab7008 Add and support ssh_key_type attribute to allow for dsa ssh key pairs 2014-01-31 14:44:41 -05:00
madflojo
7284ece745 change pub key to use user_group 
if you set an alternate prime_group this would break, replaced {{ name
}} with {{ user_group }}
 2014-01-29 21:00:03 -07:00
madflojo
ebe5198f9d Modified Private Keys and Sudoers 
Changed Private keys to have content within pillar rather than the salt
file repository.

Changes sudoers entry to get values from pillar rather than assuming
all sudo users want root.
 2014-01-29 19:53:09 -07:00
Tomáš Fejfar
7d1793cf00 SLS no longer fails for multiple groups 2014-01-14 16:49:45 +01:00
tiger-seo
5ce8d7d2c5 possibility to define alternate user`s prime group 2014-01-13 18:20:15 +02:00
Ryan Billington
547db95d62 Fix Undefined jinja variable error with Salt 0.17.1 
Ran into an error with Salt version 0.17.1:
Rendering SLS users failed, render error: Undefined jinja variable; line 32

After finding https://github.com/saltstack/salt/issues/8245, and working on
line 32, I surmised that line 28 might be the actual cause of the issue.

I just added a quick check to see if uid exists in user, just as the user uid
line does.
 2013-11-14 10:13:45 -06:00
Shawn Butts
f25cec613a better sudoers support & default gid 
add support for sudouser being False.
change to adding sudoers config to /etc/sudoers.d/<user>
adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
 2013-10-28 16:39:55 -04:00
J. Random Hacker
b07d21f4c6 Fixed user default shell source 
Pulling 'shell' from pillar globally makes no sense, probably a mistake; pulling it from user instead.
 2013-09-04 21:30:32 +02:00
J. Random Hacker
7b7ee3f2f8 Fix requisites for user state 
group requisites were wrong. They required {{ group }}_group, while {{ group }} was the actually added group.
 2013-08-08 13:42:55 +02:00
Ari Lerner
e00fdb22fd Initial commit 2013-06-19 12:53:46 -07:00