-
-
Save duk3luk3/4be7edf0d68eb15aa742 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {% set id = salt['grains.get']('id') %} | |
| {% if not id in salt['pillar.get']('rbgusers:blacklist', []) %} | |
| {% for user in salt['pillar.get']('rbgusers:absent-users') %} | |
| 'user-absent-{{ user }}': | |
| 'user.absent': | |
| - { 'name': '{{ user }}'} | |
| {% endfor %} | |
| {% endif %} | |
| {% for user in salt['pillar.get']('rbgusers:present-users') %} | |
| {% set pwd = '*' %} | |
| {% for access in user.access|reverse %} | |
| {% if salt['regex.match'](access.mask, id) %} | |
| {% set pwd = access.password %} | |
| {% endif %} | |
| {% endfor %} | |
| 'user-present-{{ user.username }}': | |
| 'user.present': | |
| - { 'name': '{{ user.username }}' } | |
| - { 'fullname': '{{ user.realname }}' } | |
| - { 'uid': '{{ user.uid }}' } | |
| - { 'gid': '{{ user.gid }}' } | |
| - { 'groups': {{ user.groups }} } | |
| - { 'password': '{{ pwd }}' } | |
| {% endfor %} | |
| {% for key in salt['cp.list_master'](prefix='rbgusers/sshkeys/') %} | |
| {% set keyname = key.split('/')[2].replace('@', '.').split('.') %} | |
| 'sshkey-present-{{ keyname[0] }}@{{ keyname[1] }}': | |
| 'ssh_auth.present': | |
| - {'user': '{{ keyname[0] }}'} | |
| - {'source': 'salt://{{ key }}'} | |
| - 'require': | |
| - {'user': '{{ keyname[0] }}'} | |
| {% endfor %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!py | |
| import os | |
| import re | |
| import pprint | |
| def run(): | |
| config = {} | |
| # Check blacklist first | |
| for mask in __salt__['pillar.get']('rbgusers:blacklist', []): | |
| if re.search(mask, __grains__['id']) or re.search(mask, __grains__['host']): | |
| return {} | |
| # find ssh keys in salt://rbgusers/sshkeys (filename format: <user>@<host>.pub) | |
| files = __salt__['cp.list_master'](prefix='rbgusers/sshkeys/') | |
| sshfiledict = {} | |
| for f in files: | |
| fname = os.path.basename(f) | |
| split = fname.split('.') | |
| base = split[0].split('@') | |
| if not base[0] in sshfiledict: | |
| sshfiledict[base[0]] = [] | |
| sshfiledict[base[0]] = sshfiledict[base[0]] + [(f, base[1])] if base[0] in sshfiledict else [(f, base[1])] | |
| # find users with access to this node | |
| access_users = [] | |
| for user in __salt__['pillar.get']('rbgusers:present-users', []): | |
| for access in user.get('access', []): | |
| if re.search(access['mask'], __grains__['id']) or re.search(access['mask'], __grains__['host']): | |
| access_users.append((user, access['password'])) | |
| break | |
| for user in access_users: | |
| config['user-present-' + user[0]['username']] = { | |
| 'user.present': [ | |
| { 'name': user[0]['username'] }, | |
| { 'fullname': user[0]['realname'] }, | |
| { 'uid': user[0]['uid'] }, | |
| { 'gid': user[0]['gid'] }, | |
| { 'groups': user[0]['groups'] }, | |
| # { 'home': '/home/' + user[0]['username'] }, | |
| { 'password': user[1] } | |
| ] | |
| } | |
| for sshkey in sshfiledict.get(user[0]['username'], []): | |
| config['sshkey-present-' + sshkey[1]] = { | |
| 'ssh_auth.present': [ | |
| { 'user': user[0]['username'] }, | |
| { 'source': 'salt://' + sshkey[0] }, | |
| { 'require': [ | |
| { 'user': user[0]['username'] } | |
| ] | |
| } | |
| ] | |
| } | |
| for user in __salt__['pillar.get']('rbgusers:absent-users', []): | |
| config['user-absent-' + user] = { | |
| 'user.absent': [ | |
| { 'name': user } | |
| ] | |
| } | |
| print(">>>") | |
| print(pprint.pprint(config)) | |
| print(">>>") | |
| return config |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment