Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / linux / 483746480ae014bc18fb826052ff224305918789 / . / linux / system / user.sls
blob: 7a0c98b187f561ec99286a325718838644da0ef2 [file] [log] [blame]
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]1{%- from "linux/map.jinja" import system with context %}
2{%- if system.enabled %}
3
Filip Pytloun54cb3632017-06-14 11:56:59 +0200[diff] [blame]4include:
5 - linux.system.group
6
Michael Fladischer1e41e302018-02-23 18:31:25 +0100[diff] [blame]7{%- for name, user in system.user.items() %}
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]8
9{%- if user.enabled %}
10
Filip Pytlound281d292017-05-30 15:55:37 +0200[diff] [blame]11{%- set requires = [] %}
12{%- for group in user.get('groups', []) %}
13 {%- if group in system.get('group', {}).keys() %}
14 {%- do requires.append({'group': 'system_group_'+group}) %}
15 {%- endif %}
16{%- endfor %}
17
Ondrej Smola7f5087d2018-04-19 20:04:05 +0200[diff] [blame]18{%- if user.gid is not defined %}
19system_group_{{ name }}:
20 group.present:
21 - name: {{ name }}
22 - require_in:
23 - user: system_user_{{ name }}
24{%- endif %}
25
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]26system_user_{{ name }}:
27 user.present:
28 - name: {{ name }}
29 - home: {{ user.home }}
azvyagintsev967af132017-06-12 12:25:24 +0300[diff] [blame]30 {% if user.get('password') == False %}
31 - enforce_password: false
32 {% elif user.get('password') == None %}
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]33 - enforce_password: true
azvyagintsev967af132017-06-12 12:25:24 +0300[diff] [blame]34 - password: '*'
35 {% elif user.get('password') %}
36 - enforce_password: true
37 - password: {{ user.password }}
38 - hash_password: {{ user.get('hash_password', False) }}
39 {% endif %}
Ondrej Smola7f5087d2018-04-19 20:04:05 +0200[diff] [blame]40 - gid_from_name: true
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]41 {%- if user.groups is defined %}
42 - groups: {{ user.groups }}
43 {%- endif %}
44 {%- if user.system is defined and user.system %}
45 - system: True
Dmitry Teselkin48374642018-09-04 11:04:02 +0300[diff] [blame^]46 - shell: {{ user.get('shell', '/bin/false') }}
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]47 {%- else %}
48 - shell: {{ user.get('shell', '/bin/bash') }}
49 {%- endif %}
50 {%- if user.uid is defined and user.uid %}
51 - uid: {{ user.uid }}
52 {%- endif %}
Filip Pytlound281d292017-05-30 15:55:37 +0200[diff] [blame]53 - require: {{ requires|yaml }}
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]54
55system_user_home_{{ user.home }}:
56 file.directory:
57 - name: {{ user.home }}
58 - user: {{ name }}
Martin Polreich4fcd5c02018-07-16 09:41:51 +0200[diff] [blame]59 - mode: {{ user.get('home_dir_mode', 700) }}
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]60 - makedirs: true
61 - require:
62 - user: system_user_{{ name }}
63
64{%- if user.get('sudo', False) %}
65
Jakub Pavlikc8608662016-01-08 10:45:01 +0100[diff] [blame]66/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]67 file.managed:
68 - source: salt://linux/files/sudoer
69 - template: jinja
70 - user: root
71 - group: root
72 - mode: 440
73 - defaults:
74 user_name: {{ name }}
75 - require:
76 - user: system_user_{{ name }}
Petr Michalec1c4c8d82017-02-28 19:09:21 +0100[diff] [blame]77 - check_cmd: /usr/sbin/visudo -c -f
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]78
slimakczf39cb112017-05-08 18:39:37 +0200[diff] [blame]79{%- else %}
80
81/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
82 file.absent
Ondrej Smola7f5087d2018-04-19 20:04:05 +0200[diff] [blame]83
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]84{%- endif %}
85
86{%- else %}
87
88system_user_{{ name }}:
89 user.absent:
90 - name: {{ name }}
91
92system_user_home_{{ user.home }}:
93 file.absent:
94 - name: {{ user.home }}
95
Jakub Pavlikc8608662016-01-08 10:45:01 +0100[diff] [blame]96/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
Filip Pytlounf5383a42015-10-06 16:28:32 +0200[diff] [blame]97 file.absent
98
99{%- endif %}
100
101{%- endfor %}
102
103{%- endif %}