From 72ef35fdfa38bc0d930c5ab64bc8e101953fdc7d Mon Sep 17 00:00:00 2001
From: Jerzy Drozdz <root@salt.hypervisor1.internal>
Date: Mon, 7 Aug 2017 00:14:53 +0200
Subject: [PATCH] Added sudoonly switch. Usage implies setting sudouser to True

---
 users/init.sls | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/users/init.sls b/users/init.sls
index 0f3cd70..488e533 100644
--- a/users/init.sls
+++ b/users/init.sls
@@ -9,6 +9,9 @@
 {%- if user == None -%}
 {%- set user = {} -%}
 {%- endif -%}
+{%- if 'sudoonly' in user and user['sudoonly'] %}
+{%- set _dummy=user.update({'sudouser': True}) %}
+{%- endif %}
 {%- if 'sudouser' in user and user['sudouser'] %}
 {%- do used_sudo.append(1) %}
 {%- endif %}
@@ -47,6 +50,7 @@ include:
 {%- set user_group = name -%}
 {%- endif %}
 
+{%- if not ( 'sudoonly' in user and user['sudoonly'] ) %}
 {% for group in user.get('groups', []) %}
 users_{{ name }}_{{ group }}_group:
   group.present:
@@ -353,6 +357,7 @@ users_ssh_known_hosts_delete_{{ name }}_{{ loop.index0 }}:
     - name: {{ host }}
 {% endfor %}
 {% endif %}
+{% endif %}
 
 {% set sudoers_d_filename = name|replace('.','_') %}
 {% if 'sudouser' in user and user['sudouser'] %}