Salt/users-formula
0
0
Fork 0
mirror of https://github.com/saltstack-formulas/users-formula.git synced 2025-10-31 09:01:33 +01:00
Code Issues Activity

Merge pull request #133 from luitzifa/multiple-key-support

Browse Source 
add support for multiple private and public keys
This commit is contained in:
Niels Abspoel 2017-09-28 12:50:56 +02:00 committed by GitHub
commit a4c1e98a55
2 changed files with 21 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pillar.example
View File

@ -57,6 +57,10 @@ users:
ssh_keys: ssh_keys:
privkey: PRIVATEKEY privkey: PRIVATEKEY
pubkey: PUBLICKEY pubkey: PUBLICKEY
# you can provide multiple keys, the keyname is taken as filename
# make sure your public keys suffix is .pub
foobar: PRIVATEKEY
foobar.pub: PUBLICKEY
# ... or you can pull them from a different pillar, # ... or you can pull them from a different pillar,
# for example one called "ssh_keys": # for example one called "ssh_keys":
ssh_keys_pillar: ssh_keys_pillar:

32
users/init.sls
View File

@ -175,35 +175,35 @@ user_keydir_{{ name }}:
{% endif %} {% endif %}
{% if 'ssh_keys' in user %} {% if 'ssh_keys' in user %}
{% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %} {% for _key in user.ssh_keys.keys() %}
users_user_{{ name }}_private_key: {% if _key == 'privkey' %}
{% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') %}
{% elif _key == 'pubkey' %}
{% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') + '.pub' %}
{% else %}
{% set key_name = _key %}
{% endif %}
users_{{ name }}_{{ key_name }}_key:
file.managed: file.managed:
- name: {{ home }}/.ssh/{{ key_type }} - name: {{ home }}/.ssh/{{ key_name }}
- user: {{ name }} - user: {{ name }}
- group: {{ user_group }} - group: {{ user_group }}
{% if key_name.endswith(".pub") %}
- mode: 644
{% else %}
- mode: 600 - mode: 600
{% endif %}
- show_diff: False - show_diff: False
- contents_pillar: users:{{ name }}:ssh_keys:privkey - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }}
- require: - require:
- user: users_{{ name }}_user - user: users_{{ name }}_user
{% for group in user.get('groups', []) %} {% for group in user.get('groups', []) %}
- group: users_{{ name }}_{{ group }}_group - group: users_{{ name }}_{{ group }}_group
{% endfor %} {% endfor %}
users_user_{{ name }}_public_key:
file.managed:
- name: {{ home }}/.ssh/{{ key_type }}.pub
- user: {{ name }}
- group: {{ user_group }}
- mode: 644
- show_diff: False
- contents_pillar: users:{{ name }}:ssh_keys:pubkey
- require:
- user: users_{{ name }}_user
{% for group in user.get('groups', []) %}
- group: users_{{ name }}_{{ group }}_group
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %} {% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %}
users_authorized_keys_{{ name }}: users_authorized_keys_{{ name }}:
file.managed: file.managed: