commit 6330cd46fa22fff82a59b68eea71f400c78b9dec
author Ivan Berezovskiy <iberezovskiy@mirantis.com> Wed Sep 25 12:09:46 2019 +0000
committer Gerrit Code Review <mail@domain.com> Wed Sep 25 12:09:46 2019 +0000
tree 9d3df3ab11f9a264dc8793eea8def8d42fcf01ae
parent 6839f54ec382b82fdf7a50518dacd4e33cc4eb43
parent 58ffd36b114603a6cc8e08b2a4d7012a5d402978

Merge "Don't create default user group by default"

linux/map.jinja

diff --git a/linux/map.jinja b/linux/map.jinja
index f9b9ea0..44cacc1 100644
--- a/linux/map.jinja
+++ b/linux/map.jinja
@@ -32,6 +32,7 @@
         'utc': true,
         'user': {},
         'group': {},
+        'create_default_group_for_user': false,
         'job': {},
         'limit': {},
         'locale': {},

linux/system/user.sls

diff --git a/linux/system/user.sls b/linux/system/user.sls
index a166a45..0eb7cb4 100644
--- a/linux/system/user.sls
+++ b/linux/system/user.sls
@@ -1,6 +1,8 @@
 {%- from "linux/map.jinja" import system with context %}
 {%- if system.enabled %}
 
+{%- set existing_groups = salt['group.getent']() %}
+
 include:
   - linux.system.group
 
@@ -28,11 +30,13 @@
       {%- endfor %}
 
       {%- if user.gid is not defined %}
+        {%- if name not in existing_groups|map(attribute="name") and system.get('create_default_group_for_user', False) %}
 system_group_{{ name }}:
   group.present:
   - name: {{ name }}
   - require_in:
     - user: system_user_{{ name }}
+        {%- endif %}
       {%- endif %}
 
 system_user_{{ name }}:
@@ -51,8 +55,10 @@
       {% endif %}
       {%- if user.gid is defined and user.gid %}
   - gid: {{ user.gid }}
-      {%- else %}
+      {%- elif name in existing_groups|map(attribute="name") or system.get('create_default_group_for_user', False) %}
   - gid_from_name: true
+      {%- else %}
+  - gid: 65534
       {%- endif %}
       {%- if user.groups is defined %}
   - groups: {{ user.groups }}
@@ -133,3 +139,4 @@
     {%- endif %}
   {%- endfor %}
 {%- endif %}
+                                               
\ No newline at end of file