Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / linux / 11a65ad9c8b9dda17216bbe2af25f80ae158e7d5 / . / linux / system / user.sls
blob: 64636f38f3b377a982375e136127f2d39ec1c4f3 [file] [log] [blame]
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]1{%- from "linux/map.jinja" import system with context %}
2{%- if system.enabled %}
3
Filip Pytloun54cb3632017-06-14 11:56:59 +0200[diff] [blame]4include:
5 - linux.system.group
6
Michael Fladischer1e41e302018-02-23 18:31:25 +0100[diff] [blame]7{%- for name, user in system.user.items() %}
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]8
9{%- if user.enabled %}
10
Filip Pytlound281d292017-05-30 15:55:37 +0200[diff] [blame]11{%- set requires = [] %}
12{%- for group in user.get('groups', []) %}
13 {%- if group in system.get('group', {}).keys() %}
14 {%- do requires.append({'group': 'system_group_'+group}) %}
15 {%- endif %}
16{%- endfor %}
17
Ondrej Smola7f5087d2018-04-19 20:04:05 +0200[diff] [blame]18{%- if user.gid is not defined %}
19system_group_{{ name }}:
20 group.present:
21 - name: {{ name }}
22 - require_in:
23 - user: system_user_{{ name }}
24{%- endif %}
25
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]26system_user_{{ name }}:
27 user.present:
28 - name: {{ name }}
29 - home: {{ user.home }}
azvyagintsev967af132017-06-12 12:25:24 +0300[diff] [blame]30 {% if user.get('password') == False %}
31 - enforce_password: false
32 {% elif user.get('password') == None %}
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]33 - enforce_password: true
azvyagintsev967af132017-06-12 12:25:24 +0300[diff] [blame]34 - password: '*'
35 {% elif user.get('password') %}
36 - enforce_password: true
37 - password: {{ user.password }}
38 - hash_password: {{ user.get('hash_password', False) }}
39 {% endif %}
Jaroslav Steinhaisleb04f1e2018-10-26 13:40:32 +0200[diff] [blame]40 {%- if user.gid is defined and user.gid %}
41 - gid: {{ user.gid }}
42 {%- else %}
Ondrej Smola7f5087d2018-04-19 20:04:05 +0200[diff] [blame]43 - gid_from_name: true
Jaroslav Steinhaisleb04f1e2018-10-26 13:40:32 +0200[diff] [blame]44 {%- endif %}
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]45 {%- if user.groups is defined %}
46 - groups: {{ user.groups }}
47 {%- endif %}
Dzmitry Stremkouskifae59fb2018-11-21 10:10:10 +0100[diff] [blame]48 {%- if user.optional_groups is defined %}
49 - optional_groups: {{ user.optional_groups }}
50 {%- endif %}
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]51 {%- if user.system is defined and user.system %}
52 - system: True
Dmitry Teselkin48374642018-09-04 11:04:02 +0300[diff] [blame]53 - shell: {{ user.get('shell', '/bin/false') }}
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]54 {%- else %}
55 - shell: {{ user.get('shell', '/bin/bash') }}
56 {%- endif %}
57 {%- if user.uid is defined and user.uid %}
58 - uid: {{ user.uid }}
59 {%- endif %}
Dzmitry Stremkouskia0d8b2d2018-10-22 14:12:05 +0200[diff] [blame]60 {%- if user.unique is defined %}
61 - unique: {{ user.unique }}
62 {%- endif %}
Dmitry Teselkin47e41f42018-09-27 14:10:09 +0300[diff] [blame]63 {%- if user.maxdays is defined %}
64 - maxdays: {{ user.maxdays }}
65 {%- endif %}
66 {%- if user.mindays is defined %}
67 - mindays: {{ user.mindays }}
68 {%- endif %}
69 {%- if user.warndays is defined %}
70 - warndays: {{ user.warndays }}
71 {%- endif %}
72 {%- if user.inactdays is defined %}
73 - inactdays: {{ user.inactdays }}
74 {%- endif %}
Filip Pytlound281d292017-05-30 15:55:37 +0200[diff] [blame]75 - require: {{ requires|yaml }}
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]76
77system_user_home_{{ user.home }}:
78 file.directory:
79 - name: {{ user.home }}
80 - user: {{ name }}
Martin Polreich4fcd5c02018-07-16 09:41:51 +0200[diff] [blame]81 - mode: {{ user.get('home_dir_mode', 700) }}
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]82 - makedirs: true
83 - require:
84 - user: system_user_{{ name }}
85
86{%- if user.get('sudo', False) %}
87
Jakub Pavlikc8608662016-01-08 10:45:01 +0100[diff] [blame]88/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]89 file.managed:
90 - source: salt://linux/files/sudoer
91 - template: jinja
92 - user: root
93 - group: root
94 - mode: 440
95 - defaults:
96 user_name: {{ name }}
97 - require:
98 - user: system_user_{{ name }}
Petr Michalec1c4c8d82017-02-28 19:09:21 +0100[diff] [blame]99 - check_cmd: /usr/sbin/visudo -c -f
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]100
slimakczf39cb112017-05-08 18:39:37 +0200[diff] [blame]101{%- else %}
102
103/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
104 file.absent
Ondrej Smola7f5087d2018-04-19 20:04:05 +0200[diff] [blame]105
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]106{%- endif %}
107
108{%- else %}
109
110system_user_{{ name }}:
111 user.absent:
112 - name: {{ name }}
113
114system_user_home_{{ user.home }}:
115 file.absent:
116 - name: {{ user.home }}
117
Jakub Pavlikc8608662016-01-08 10:45:01 +0100[diff] [blame]118/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]119 file.absent
120
121{%- endif %}
122
123{%- endfor %}
124
125{%- endif %}