Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / linux / 4e45a705926f31437a801d97853cb1ef718d012b / . / linux / system / user.sls
blob: 0eb7cb479a41323c9a121220de7140a9132f184c [file] [log] [blame]
{%- from "linux/map.jinja" import system with context %}
{%- if system.enabled %}
{%- set existing_groups = salt['group.getent']() %}
include:
- linux.system.group
{%- set defaults = system.get('defaults', {}).get('user', {}) %}
{%- if defaults %}
etc_default_useradd:
file.managed:
- name: /etc/default/useradd
- source: salt://linux/files/etc_default_useradd.jinja
- template: jinja
- user: root
- group: root
- mode: 644
- defaults:
defaults: {{ defaults|yaml }}
{%- endif %}
{%- for name, user in system.user.items() %}
{%- if user.enabled %}
{%- set requires = [] %}
{%- for group in user.get('groups', []) %}
{%- if group in system.get('group', {}).keys() %}
{%- do requires.append({'group': 'system_group_'+group}) %}
{%- endif %}
{%- endfor %}
{%- if user.gid is not defined %}
{%- if name not in existing_groups|map(attribute="name") and system.get('create_default_group_for_user', False) %}
system_group_{{ name }}:
group.present:
- name: {{ name }}
- require_in:
- user: system_user_{{ name }}
{%- endif %}
{%- endif %}
system_user_{{ name }}:
user.present:
- name: {{ name }}
- home: {{ user.home }}
{% if user.get('password') == False %}
- enforce_password: false
{% elif user.get('password') == None %}
- enforce_password: true
- password: '*'
{% elif user.get('password') %}
- enforce_password: true
- password: {{ user.password }}
- hash_password: {{ user.get('hash_password', False) }}
{% endif %}
{%- if user.gid is defined and user.gid %}
- gid: {{ user.gid }}
{%- elif name in existing_groups|map(attribute="name") or system.get('create_default_group_for_user', False) %}
- gid_from_name: true
{%- else %}
- gid: 65534
{%- endif %}
{%- if user.groups is defined %}
- groups: {{ user.groups }}
{%- endif %}
{%- if user.optional_groups is defined %}
- optional_groups: {{ user.optional_groups }}
{%- endif %}
{%- if user.system is defined and user.system %}
- system: True
- shell: {{ user.get('shell', '/bin/false') }}
{%- else %}
- shell: {{ user.get('shell', '/bin/bash') }}
{%- endif %}
{%- if user.uid is defined and user.uid %}
- uid: {{ user.uid }}
{%- endif %}
{%- if user.unique is defined %}
- unique: {{ user.unique }}
{%- endif %}
{%- if user.maxdays is defined %}
- maxdays: {{ user.maxdays }}
{%- endif %}
{%- if user.mindays is defined %}
- mindays: {{ user.mindays }}
{%- endif %}
{%- if user.warndays is defined %}
- warndays: {{ user.warndays }}
{%- endif %}
{%- if user.inactdays is defined %}
- inactdays: {{ user.inactdays }}
{%- endif %}
- require: {{ requires|yaml }}
system_user_home_{{ user.home }}:
file.directory:
- name: {{ user.home }}
- user: {{ name }}
- mode: {{ user.get('home_dir_mode', 700) }}
- makedirs: true
- require:
- user: system_user_{{ name }}
{%- if user.get('sudo', False) %}
/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
file.managed:
- source: salt://linux/files/sudoer
- template: jinja
- user: root
- group: root
- mode: 440
- defaults:
user_name: {{ name }}
- require:
- user: system_user_{{ name }}
- check_cmd: /usr/sbin/visudo -c -f
{%- else %}
/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
file.absent
{%- endif %}
{%- else %}
system_user_{{ name }}:
user.absent:
- name: {{ name }}
- force: {{ user.get('force_delete', 'False') }}
system_user_home_{{ user.home }}:
file.absent:
- name: {{ user.home }}
/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
file.absent
{%- endif %}
{%- endfor %}
{%- endif %}