fix polkit settings to write all users in one file

2025-03-03 03:34:44 +01:00 · 2017-01-22 12:43:38 +01:00 · 2017-01-22 12:43:38 +01:00 · 6e3a507ac3
commit 6e3a507ac3
parent 110e83b9c3
2 changed files with 33 additions and 27 deletions
--- a/users/init.sls
+++ b/users/init.sls
@ -22,6 +22,7 @@

 {%- if used_sudo or used_googleauth or used_user_files %}
 include:
+  - users.polkit
 {%- if used_sudo %}
  - users.sudo
 {%- endif %}
@ -417,27 +418,6 @@ users_{{ users.sudoers_dir }}/{{ name }}:
    - name: {{ users.sudoers_dir }}/{{ name }}
 {% endif %}

-# Policykit AdminIdentities Logik
-{%- if 'polkitadmin' in user and user['polkitadmin'] %}
-users_{{ users.polkit_dir }}/{{ name }}:
-  file.managed:
-    - replace: True
-    - onlyif: 'test -d {{ users.polkit_dir }}'
-    - name: {{ users.polkit_dir }}/{{ name }}.conf
-    - contents: |
-        ########################################################################
-        # File managed by Salt (users-formula).
-        # Your changes will be overwritten.
-        ########################################################################
-        #
-        [Configuration]
-        AdminIdentities=unix-user:{{ name }}
-{%- else %}
-users_{{ users.polkit_dir }}/{{ name }}:
-  file.absent:
-    - name: {{ users.polkit_dir }}/{{ name }}.conf
-{%- endif %}
-
 {%- if 'google_auth' in user %}
 {%- for svc in user['google_auth'] %}
 users_googleauth-{{ svc }}-{{ name }}:
@ -507,9 +487,6 @@ users_absent_user_{{ name }}:
 users_{{ users.sudoers_dir }}/{{ name }}:
  file.absent:
    - name: {{ users.sudoers_dir }}/{{ name }}
-users_{{ users.polkit_dir }}/{{ name }}:
-  file.absent:
-    - name: {{ users.polkit_dir }}/{{ name }}.conf
 {% endfor %}

 {% for user in pillar.get('absent_users', []) %}
@ -519,9 +496,6 @@ users_absent_user_2_{{ user }}:
 users_2_{{ users.sudoers_dir }}/{{ user }}:
  file.absent:
    - name: {{ users.sudoers_dir }}/{{ user }}
-users_2_{{ users.polkit_dir }}/{{ name }}:
-  file.absent:
-    - name: {{ users.polkit_dir }}/{{ name }}.conf
 {% endfor %}

 {% for group in pillar.get('absent_groups', []) %}
--- a/users/polkit.sls
+++ b/users/polkit.sls
@ -0,0 +1,32 @@
+{% from "users/map.jinja" import users with context %}
+{% set polkitusers = {} %}
+{% set polkitusers = {'value': ''} %}
+
+{% for name, user in pillar.get('users', {}).items() %}
+  {% if user.absent is not defined or not user.absent %}
+    {% if 'polkitadmin' in user and user['polkitadmin'] %}
+      {% if polkitusers.update({'value': polkitusers.value + 'unix-user:' + name + ';'}) %}
+      {% endif %}
+    {% endif %}
+  {% endif %}
+{% endfor %}
+
+{% if polkitusers.value != '' %}
+users_{{ users.polkit_dir }}/99salt-users-formula.conf:
+  file.managed:
+    - replace: True
+    - onlyif: 'test -d {{ users.polkit_dir }}'
+    - name: {{ users.polkit_dir }}/99salt-users-formula.conf
+    - contents: |
+        ########################################################################
+        # File managed by Salt (users-formula).
+        # Your changes will be overwritten.
+        ########################################################################
+        #
+        [Configuration]
+        AdminIdentities={{ polkitusers.value }}
+{% else %}
+users_{{ users.polkit_dir }}/99salt-users-formula.conf_delete:
+  file.absent:
+    - name: {{ users.polkit_dir }}/99salt-users-formula.conf
+{% endif %}