google auth package and config installation

This commit is contained in:
Bohdan Kmit 2015-01-14 17:25:17 +00:00
parent a57f81a378
commit 89d6672887
2 changed files with 47 additions and 6 deletions

View File

@ -1,6 +1,29 @@
# vim: sts=2 ts=2 sw=2 et ai
{% from "users/map.jinja" import users with context %}
{% set used_sudo = False %}
{% set used_sudo = [] %}
{% set used_googleauth = [] %}
{%- for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %}
{%- if user == None -%}
{%- set user = {} -%}
{%- endif -%}
{%- if 'sudouser' in user and user['sudouser'] %}
{%- do used_sudo.append(1) %}
{%- endif %}
{%- if 'google_auth' in user %}
{%- do used_googleauth.append(1) %}
{%- endif %}
{%- endfor %}
{%- if used_sudo or used_googleauth %}
include:
{%- if used_sudo %}
- users.sudo
{%- endif %}
{%- if used_googleauth %}
- users.googleauth
{%- endif %}
{%- endif %}
{% for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %}
{%- if user == None -%}
@ -145,11 +168,6 @@ ssh_auth_delete_{{ name }}_{{ loop.index0 }}:
{% endif %}
{% if 'sudouser' in user and user['sudouser'] %}
{% if not used_sudo %}
{% set used_sudo = True %}
include:
- users.sudo
{% endif %}
sudoer-{{ name }}:
file.managed:
@ -187,6 +205,21 @@ sudoer-{{ name }}:
- name: {{ users.sudoers_dir }}/{{ name }}
{% endif %}
{%- if 'google_auth' in user %}
{%- for svc in user['google_auth'] %}
googleauth-{{ svc }}-{{ name }}:
file.managed:
- replace: false
- name: {{ users.googleauth_dir }}/{{ name }}_{{ svc }}
- contents_pillar: 'users:{{ name }}:google_auth:{{ svc }}'
- user: root
- group: {{ users.root_group }}
- mode: 600
- require:
- pkg: googleauth-package
{%- endfor %}
{%- endif %}
{% endfor %}
{% for name, user in pillar.get('users', {}).items() if user.absent is defined and user.absent %}

View File

@ -3,37 +3,45 @@
'Debian': {
'sudoers_dir': '/etc/sudoers.d',
'sudoers_file': '/etc/sudoers',
'googleauth_dir': '/etc/google_authenticator.d',
'root_group': 'root',
'shell': '/bin/bash',
'visudo_shell': '/bin/bash',
'bash_package': 'bash',
'sudo_package': 'sudo',
'googleauth_package': 'libpam-google-authenticator',
},
'Gentoo': {
'sudoers_dir': '/etc/sudoers.d',
'sudoers_file': '/etc/sudoers',
'googleauth_dir': '/etc/google_authenticator.d',
'root_group': 'root',
'shell': '/bin/bash',
'visudo_shell': '/bin/bash',
'bash_package': 'app-shells/bash',
'sudo_package': 'app-admin/sudo',
'googleauth_package': 'libpam-google-authenticator',
},
'FreeBSD': {
'sudoers_dir': '/usr/local/etc/sudoers.d',
'sudoers_file': '/usr/local/etc/sudoers',
'googleauth_dir': '/usr/local/etc/google_authenticator.d',
'root_group': 'wheel',
'shell': '/bin/csh',
'visudo_shell': '/usr/local/bin/bash',
'bash_package': 'bash',
'sudo_package': 'sudo',
'googleauth_package': 'pam_google_authenticator',
},
'default': {
'sudoers_dir': '/etc/sudoers.d',
'sudoers_file': '/etc/sudoers',
'googleauth_dir': '/etc/google_authenticator.d',
'root_group': 'root',
'shell': '/bin/bash',
'visudo_shell': '/bin/bash',
'bash_package': 'bash',
'sudo_package': 'sudo',
'googleauth_package': 'libpam-google-authenticator',
},
}, merge=salt['pillar.get']('users:lookup')) %}