Merge pull request #501 from M2mobi/cloud_permission

Ensure correct permissions for salt-cloud generated files
This commit is contained in:
N 2021-12-27 17:53:40 +00:00 committed by GitHub
commit 8e56990126
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 78 additions and 2 deletions

View File

@ -78,7 +78,7 @@ salt-minion:
{%- endif %} {%- endif %}
{% endif %} {% endif %}
file.recurse: file.recurse:
- name: {{ salt_settings.config_path }}/minion.d - name: {{ salt_settings.config_path | path_join('minion.d') }}
{%- if salt_settings.minion_config_use_TOFS %} {%- if salt_settings.minion_config_use_TOFS %}
- template: '' - template: ''
- source: {{ files_switch(['minion.d'], - source: {{ files_switch(['minion.d'],
@ -183,7 +183,7 @@ remove-default-minion-conf-file:
# clean up old _defaults.conf file if they have it around # clean up old _defaults.conf file if they have it around
remove-old-minion-conf-file: remove-old-minion-conf-file:
file.absent: file.absent:
- name: {{ salt_settings.config_path }}/minion.d/_defaults.conf - name: {{ salt_settings.config_path | path_join('minion.d', '_defaults.conf') }}
{% if grains.os == 'MacOS' %} {% if grains.os == 'MacOS' %}
remove-macpackage-salt: remove-macpackage-salt:
@ -191,3 +191,79 @@ remove-macpackage-salt:
- name: /tmp/salt.pkg - name: /tmp/salt.pkg
- force: True - force: True
{% endif %} {% endif %}
permissions-minion-config:
file.managed:
- name: {{ salt_settings.config_path | path_join('minion') }}
- user: {{ salt_settings.rootuser }}
- group:
{%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
wheel
{%- else %}
root
{%- endif %}
{%- if grains['kernel'] != 'Windows' %}
- mode: 640
{% endif %}
- replace: False
salt-minion-pki-dir:
file.directory:
{% if 'pki_dir' in salt_settings.minion %}
- name: {{ salt_settings.minion.pki_dir }}
{% else %}
- name: {{ salt_settings.config_path | path_join('pki', 'minion') }}
{% endif %}
- user: {{ salt_settings.rootuser }}
- group:
{%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
wheel
{%- else %}
root
{%- endif %}
{%- if grains['kernel'] != 'Windows' %}
- mode: 700
{% endif %}
- makedirs: True
permissions-minion.pem:
file.managed:
{% if 'pki_dir' in salt_settings.minion %}
- name: {{ salt_settings.minion.pki_dir | path_join('minion.pem') }}
{% else %}
- name: {{ salt_settings.config_path | path_join('pki', 'minion', 'minion.pem') }}
{% endif %}
- user: {{ salt_settings.rootuser }}
- group:
{%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
wheel
{%- else %}
root
{%- endif %}
{%- if grains['kernel'] != 'Windows' %}
- mode: 400
{% endif %}
- replace: False
- require:
- file: salt-minion-pki-dir
permissions-minion.pub:
file.managed:
{% if 'pki_dir' in salt_settings.minion %}
- name: {{ salt_settings.minion.pki_dir | path_join('minion.pub') }}
{% else %}
- name: {{ salt_settings.config_path | path_join('pki', 'minion', 'minion.pub') }}
{% endif %}
- user: {{ salt_settings.rootuser }}
- group:
{%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
wheel
{%- else %}
root
{%- endif %}
{%- if grains['kernel'] != 'Windows' %}
- mode: 644
{% endif %}
- replace: False
- require:
- file: salt-minion-pki-dir