From 94d53d5ee771fda3e09c0418847a4c338e60b3b4 Mon Sep 17 00:00:00 2001 From: 7oku Date: Sun, 3 Aug 2014 01:06:02 +0200 Subject: [PATCH 1/2] modified visudo to only report change in salt when there is an error. --- users/init.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/users/init.sls b/users/init.sls index e34e244..8732fca 100644 --- a/users/init.sls +++ b/users/init.sls @@ -141,7 +141,8 @@ sudoer-{{ name }}: {% for rule in user['sudo_rules'] %} "validate {{ name }} sudo rule {{ loop.index0 }} {{ name }} {{ rule }}": cmd.run: - - name: 'visudo -cf - <<<"$rule"' + - name: 'visudo -cf - <<<"$rule" | { read output; if [[ $output != "stdin: parsed OK" ]] ; then echo $output ; fi }' + - stateful: True - shell: {{ users.visudo_shell }} - env: # Specify the rule via an env var to avoid shell quoting issues. From 4a8393dca9fe96cbb8bcb5045fcb85c87a889f25 Mon Sep 17 00:00:00 2001 From: 7oku Date: Sun, 3 Aug 2014 01:40:27 +0200 Subject: [PATCH 2/2] added option to remove ssh public keys from auth (ssh_auth.absent) --- pillar.example | 2 ++ users/init.sls | 11 +++++++++++ 2 files changed, 13 insertions(+) diff --git a/pillar.example b/pillar.example index bc045fb..13e25e5 100644 --- a/pillar.example +++ b/pillar.example @@ -24,6 +24,8 @@ users: pubkey: PUBLICKEY ssh_auth: - PUBLICKEY + ssh_auth.absent: + - PUBLICKEY_TO_BE_REMOVED ## Absent user cuser: diff --git a/users/init.sls b/users/init.sls index 8732fca..a958fb5 100644 --- a/users/init.sls +++ b/users/init.sls @@ -123,6 +123,17 @@ ssh_auth_{{ name }}_{{ loop.index0 }}: {% endfor %} {% endif %} +{% if 'ssh_auth.absent' in user %} +{% for auth in user['ssh_auth.absent'] %} +ssh_auth_delete_{{ name }}_{{ loop.index0 }}: + ssh_auth.absent: + - user: {{ name }} + - name: {{ auth }} + - require: + - file: {{ name }}_user + - user: {{ name }}_user +{% endfor %} +{% endif %} {% if 'sudouser' in user and user['sudouser'] %} {% if not used_sudo %}