From 89d66728871e2defde8f3b95223169aef214120c Mon Sep 17 00:00:00 2001 From: Bohdan Kmit Date: Wed, 14 Jan 2015 17:25:17 +0000 Subject: [PATCH] google auth package and config installation --- users/init.sls | 45 +++++++++++++++++++++++++++++++++++++++------ users/map.jinja | 8 ++++++++ 2 files changed, 47 insertions(+), 6 deletions(-) diff --git a/users/init.sls b/users/init.sls index e325686..41877c7 100644 --- a/users/init.sls +++ b/users/init.sls @@ -1,6 +1,29 @@ # vim: sts=2 ts=2 sw=2 et ai {% from "users/map.jinja" import users with context %} -{% set used_sudo = False %} +{% set used_sudo = [] %} +{% set used_googleauth = [] %} + +{%- for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %} +{%- if user == None -%} +{%- set user = {} -%} +{%- endif -%} +{%- if 'sudouser' in user and user['sudouser'] %} +{%- do used_sudo.append(1) %} +{%- endif %} +{%- if 'google_auth' in user %} +{%- do used_googleauth.append(1) %} +{%- endif %} +{%- endfor %} + +{%- if used_sudo or used_googleauth %} +include: +{%- if used_sudo %} + - users.sudo +{%- endif %} +{%- if used_googleauth %} + - users.googleauth +{%- endif %} +{%- endif %} {% for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %} {%- if user == None -%} @@ -145,11 +168,6 @@ ssh_auth_delete_{{ name }}_{{ loop.index0 }}: {% endif %} {% if 'sudouser' in user and user['sudouser'] %} -{% if not used_sudo %} -{% set used_sudo = True %} -include: - - users.sudo -{% endif %} sudoer-{{ name }}: file.managed: @@ -187,6 +205,21 @@ sudoer-{{ name }}: - name: {{ users.sudoers_dir }}/{{ name }} {% endif %} +{%- if 'google_auth' in user %} +{%- for svc in user['google_auth'] %} +googleauth-{{ svc }}-{{ name }}: + file.managed: + - replace: false + - name: {{ users.googleauth_dir }}/{{ name }}_{{ svc }} + - contents_pillar: 'users:{{ name }}:google_auth:{{ svc }}' + - user: root + - group: {{ users.root_group }} + - mode: 600 + - require: + - pkg: googleauth-package +{%- endfor %} +{%- endif %} + {% endfor %} {% for name, user in pillar.get('users', {}).items() if user.absent is defined and user.absent %} diff --git a/users/map.jinja b/users/map.jinja index 0779fd4..f81acc4 100644 --- a/users/map.jinja +++ b/users/map.jinja @@ -3,37 +3,45 @@ 'Debian': { 'sudoers_dir': '/etc/sudoers.d', 'sudoers_file': '/etc/sudoers', + 'googleauth_dir': '/etc/google_authenticator.d', 'root_group': 'root', 'shell': '/bin/bash', 'visudo_shell': '/bin/bash', 'bash_package': 'bash', 'sudo_package': 'sudo', + 'googleauth_package': 'libpam-google-authenticator', }, 'Gentoo': { 'sudoers_dir': '/etc/sudoers.d', 'sudoers_file': '/etc/sudoers', + 'googleauth_dir': '/etc/google_authenticator.d', 'root_group': 'root', 'shell': '/bin/bash', 'visudo_shell': '/bin/bash', 'bash_package': 'app-shells/bash', 'sudo_package': 'app-admin/sudo', + 'googleauth_package': 'libpam-google-authenticator', }, 'FreeBSD': { 'sudoers_dir': '/usr/local/etc/sudoers.d', 'sudoers_file': '/usr/local/etc/sudoers', + 'googleauth_dir': '/usr/local/etc/google_authenticator.d', 'root_group': 'wheel', 'shell': '/bin/csh', 'visudo_shell': '/usr/local/bin/bash', 'bash_package': 'bash', 'sudo_package': 'sudo', + 'googleauth_package': 'pam_google_authenticator', }, 'default': { 'sudoers_dir': '/etc/sudoers.d', 'sudoers_file': '/etc/sudoers', + 'googleauth_dir': '/etc/google_authenticator.d', 'root_group': 'root', 'shell': '/bin/bash', 'visudo_shell': '/bin/bash', 'bash_package': 'bash', 'sudo_package': 'sudo', + 'googleauth_package': 'libpam-google-authenticator', }, }, merge=salt['pillar.get']('users:lookup')) %}