0
0
mirror of https://github.com/saltstack-formulas/openssh-formula.git synced 2025-01-20 11:54:31 +01:00
openssh-formula/openssh/auth_map.sls
Daniel Dehennin df477b25c2 feat(map): update to v4 “map.jinja”
The `map.jinja` now exports a single variable called `mapdata`.

We extract the `openssh`, `sshd_config` and `ssh_config` from it to
minimize the changes to `.sls` files.
2020-07-31 10:54:40 +02:00

35 lines
1.1 KiB
Plaintext

include:
- openssh
{% from "openssh/map.jinja" import mapdata with context -%}
{%- set openssh = mapdata.openssh %}
{%- set sshd_config = mapdata.sshd_config %}
{%- set authorized_keys_file = sshd_config.get("AuthorizedKeysFile", None) %}
{%- for store, config in openssh.get("auth_map", {}).items() %}
{%- set store_base = config["source"] %}
# SSH store openssh:auth_map:{{ store }}
{%- for user, keys in config.get("users", {}).items() %}
{%- for key, key_cfg in keys.items() %}
"ssh_auth--{{ store }}--{{ user }}--{{ key }}":
{%- set present = key_cfg.get("present", True) %}
{%- set options = key_cfg.get("options", []) %}
{%- if present %}
ssh_auth.present:
- require:
- service: {{ openssh.service }}
{%- else %}
ssh_auth.absent:
{%- endif %}
- user: {{ user }}
- source: {{ store_base }}/{{ key }}.pub
{%- if authorized_keys_file %}
- config: "{{ authorized_keys_file }}"
{%- endif %}
{%- if options %}
- options: "{{ options }}"
{%- endif %}
{%- endfor %}
{%- endfor %}
{%- endfor %}