Blame - openssh/server/team/support.yml - salt-models/reclass-system

blob: 83ca4cedd2d4ec0e3b42d1b6856cbc337a607c8f [file] [log] [blame]

Petr Michalec	6e6ead4	2017-08-01 11:10:46 +0200	[diff] [blame]	1	classes:
				2	- system.linux.system.sudo
				3	# L1
				4	- system.openssh.server.team.members.aleksandrdobdin
				5	- system.openssh.server.team.members.aleksandrrubtsov
				6	- system.openssh.server.team.members.anatoliineliubin
				7	- system.openssh.server.team.members.antonrodionov
				8	- system.openssh.server.team.members.collinmay
				9	- system.openssh.server.team.members.danilakhmetov
				10	- system.openssh.server.team.members.deniskostriukov
				11	- system.openssh.server.team.members.dmitrygoloshubov
				12	- system.openssh.server.team.members.javierdiaz
				13	- system.openssh.server.team.members.josuepalmerin
				14	- system.openssh.server.team.members.krzysztoffranckowski
				15	- system.openssh.server.team.members.matthewroark
				16	- system.openssh.server.team.members.maximefimov
				17	- system.openssh.server.team.members.mikhailkraynov
				18	- system.openssh.server.team.members.nadezhdakabanova
				19	- system.openssh.server.team.members.renesoto
				20	- system.openssh.server.team.members.rsafonov
				21	- system.openssh.server.team.members.scottmachtmes
				22	- system.openssh.server.team.members.zahedkhurasani
				23	# L2OPS
				24	- system.openssh.server.team.members.aepifanov
				25	- system.openssh.server.team.members.apetrenko
				26	- system.openssh.server.team.members.atarasov
				27	- system.openssh.server.team.members.dklepikov
				28	- system.openssh.server.team.members.dsutyagin
				29	- system.openssh.server.team.members.ekozhemyakin
				30	- system.openssh.server.team.members.enikanorov
				31	- system.openssh.server.team.members.fsoppelsa
				32	- system.openssh.server.team.members.manashkin
				33	- system.openssh.server.team.members.nkondra
				34	- system.openssh.server.team.members.obryndzii
				35	- system.openssh.server.team.members.oliemieshko
				36	- system.openssh.server.team.members.sovsianikov
				37	# L2OPS SRE Team
				38	- system.openssh.server.team.members.cade
				39	- system.openssh.server.team.members.jmosher
				40	- system.openssh.server.team.members.ecantwell
				41	- system.openssh.server.team.members.lmercl
Petr Michalec	6e6ead4	2017-08-01 11:10:46 +0200	[diff] [blame]	42	- system.openssh.server.team.members.osmola
				43	- system.openssh.server.team.members.pcizinsky
				44	- system.openssh.server.team.members.pmathews
				45	- system.openssh.server.team.members.pmichalec
				46	parameters:
				47	_param:
				48	linux_system_user_sudo: false
				49	linux:
				50	system:
				51	group:
				52	supportl1:
				53	enabled: false
				54	supportl2:
				55	enabled: false
				56	support0:
				57	enabled: true
				58	name: support0
				59	support1:
				60	enabled: true
				61	name: support1
				62	addusers:
				63	# L1
				64	- ${linux:system:users:ardobdin:name}
				65	- ${linux:system:users:arubtsov:name}
				66	- ${linux:system:users:aneliubin:name}
				67	- ${linux:system:users:arodionov:name}
				68	- ${linux:system:users:cmay:name}
				69	- ${linux:system:users:dakhmetov:name}
				70	- ${linux:system:users:dkostriukov:name}
				71	- ${linux:system:users:dgoloshubov:name}
				72	- ${linux:system:users:jdiaz:name}
				73	- ${linux:system:users:jpalmerin:name}
				74	- ${linux:system:users:kfranckowski:name}
				75	- ${linux:system:users:mroark:name}
				76	- ${linux:system:users:mefimov:name}
				77	- ${linux:system:users:mkraynov:name}
				78	- ${linux:system:users:nkabanova:name}
				79	- ${linux:system:users:rsoto:name}
				80	- ${linux:system:users:rsafonov:name}
				81	- ${linux:system:users:smachtmes:name}
				82	- ${linux:system:users:zkhurasani:name}
				83	support2:
				84	enabled: true
				85	name: support2
				86	addusers:
				87	# L2OPS
				88	- ${linux:system:users:aepifanov:name}
				89	- ${linux:system:users:apetrenko:name}
				90	- ${linux:system:users:atarasov:name}
				91	- ${linux:system:users:dklepikov:name}
				92	- ${linux:system:users:dsutyagin:name}
				93	- ${linux:system:users:ekozhemyaki:name}
				94	- ${linux:system:users:enikanorov:name}
				95	- ${linux:system:users:fsoppelsa:name}
				96	- ${linux:system:users:manashkin:name}
				97	- ${linux:system:users:nkondra:name}
				98	- ${linux:system:users:obryndzii:name}
				99	- ${linux:system:users:oliemieshko:name}
				100	- ${linux:system:users:sovsianikov:name}
				101	# L2OPS SRE
				102	- ${linux:system:users:pmichalec:name}
				103	- ${linux:system:users:pmathews:name}
				104	- ${linux:system:users:pcizinsky:name}
				105	- ${linux:system:users:osmola:name}
				106	- ${linux:system:users:cade:name}
				107	- ${linux:system:users:jmosher:name}
				108	- ${linux:system:users:ecantwell:name}
				109	- ${linux:system:users:lmercl:name}
Petr Michalec	6e6ead4	2017-08-01 11:10:46 +0200	[diff] [blame]	110	support3:
				111	enabled: false
				112	name: support3
				113	addusers:
				114	- ${linux:system:users:pmichalec:name}
				115	- ${linux:system:users:pmathews:name}
				116	- ${linux:system:users:pcizinsky:name}
				117	- ${linux:system:users:osmola:name}
				118	- ${linux:system:users:cade:name}
				119	- ${linux:system:users:jmosher:name}
				120	- ${linux:system:users:ecantwell:name}
				121	- ${linux:system:users:lmercl:name}
				122	- ${linux:system:users:mrelewicz:name}
				123	sudo:
				124	enabled: true
				125	aliases:
				126	command:
				127	SUPPORT_SALT: ${_param:sudo_salt_safe}
				128	SUPPORT_SALT_TRUSTED: ${_param:sudo_salt_trusted}
				129	SUPPORT_RESTRICTED_SHELLS: ${_param:sudo_shells}
				130	SUPPORT_RESTRICTED_SU: ${_param:sudo_restricted_su}
				131	SUPPORT_COREUTILS: ${_param:sudo_coreutils_safe}
				132	SUPPORT_RABBITMQ: ${_param:sudo_rabbitmq_safe}
				133	SUPPORT_SALT_TRUSTED: ${_param:sudo_salt_trusted}
				134	SUPPORT_NETWORKING: ${_param:sudo_networking}
				135	SUPPORT_CONTRAIL: ${_param:sudo_contrail_utilities}
				136	SUPPORT_STORAGE: ${_param:sudo_storage_utilities}
				137	SUPPORT_OPENSTACK_CLIENTS: ${_param:sudo_openstack_clients}
				138	groups:
				139	support0:
				140	# This group should have only RO access to non-sensitive data and commands
				141	# assumed usage: common operations, non experienced, non technical users.
				142	commands:
				143	- SUPPORT_SALT
				144	- '!SUPPORT_RESTRICTED_SHELLS'
				145	- '!SUPPORT_RESTRICTED_SU'
				146	support1:
				147	# This group should have access to safe, trusted, commands
				148	commands:
				149	- SUPPORT_SALT
				150	- SUPPORT_COREUTILS
				151	- SUPPORT_RABBITMQ
				152	- SUPPORT_NETWORKING
				153	- SUPPORT_CONTRAIL
				154	- SUPPORT_STORAGE
				155	- SUPPORT_OPENSTACK_CLIENTS
				156	- '!SUPPORT_RESTRICTED_SHELLS'
				157	- '!SUPPORT_RESTRICTED_SU'
				158	support2:
				159	# This group should have access to any command using sudo
				160	commands:
				161	- SUPPORT_SALT
				162	- SUPPORT_SALT_TRUSTED
				163	- SUPPORT_COREUTILS
				164	- SUPPORT_RABBITMQ
				165	- SUPPORT_NETWORKING
				166	- SUPPORT_CONTRAIL
				167	- SUPPORT_STORAGE
				168	- SUPPORT_OPENSTACK_CLIENTS
				169	- '!SUPPORT_RESTRICTED_SHELLS'
				170	- '!SUPPORT_RESTRICTED_SU'
				171	support3:
				172	# It's never safe to run unlimited number of commands with sudo.
				173	# Use with caution.
				174	commands:
				175	- ALL
				176	- '!SUPPORT_RESTRICTED_SHELLS'
				177	- '!SUPPORT_RESTRICTED_SU'