Commit Graph

194 Commits

Author SHA1 Message Date
Roman c2abcabb7e Merge pull request #6 from hatifnatt/master
Pull changes from main repo.
2015-12-25 00:52:54 +03:00
Roman 6e3c771b52 Merge pull request #5 from saltstack-formulas/master
Pull changes from main repo.
2015-12-25 00:50:58 +03:00
Leif Ringstad 90021bf848 Use the primary group for the user when creating authorized_keys
If a primary group is set on the user, and a authorized_keys is provied in ssh_auth_file, the formula fails. This solves that by using the user_group set earlier in the formula
2015-12-15 21:21:00 +01:00
root 3760fea1f5 Mitigate Salt issue #29004, fixes "expire" on *BSD
Unreasonable values for 'expire' (after 9999-12-31
on Linux, before 1975-01-01 on *BSD) get divided
by 86400 (number of seconds in a day) when too big
or multiplied by 86400 when too small.

Tested on CentOS 6 (Salt 2015.5.5) and FreeBSD 10.2
(Salt 2015.8.0) with following values:

  - 24854 (2038-01-18 in days since epoch)
  - 157766400 (1975-01-01 00:00:00 UTC in seconds since epoch)
  - 3313526400 (2075-01-01 00:00:00 UTC in seconds since epoch)
  - 16000 (2013-10-22 in days since epoch)
  - 18000 (2019-04-14 in days since epoch)

(Sponsored by av.tu-berlin.de and fokus.fraunhofer.de)
2015-11-18 16:13:55 +01:00
Forrest 76f646ec06 Merge pull request #87 from smlloyd/master
Don't add sudo group by default.
2015-11-13 12:35:08 -08:00
Roman c05d2e635b Update user_files.sls
Default path for home folder in user_files.sls if home omitted in pillar.
2015-11-12 20:53:07 +03:00
Roman 2763338abe Update user_files.sls
Fix for:
Rendering SLS 'base:users.user_files' failed: Jinja variable 'dict object' has no attribute 'home'
2015-11-09 02:31:45 +03:00
outime 965372d0d2 Changed 'empty_password' key retrieval method 2015-09-27 18:59:09 +02:00
outime 441d3cb635 Fixed typo and 'empty_password' key check 2015-09-27 17:46:29 +02:00
outime 851a59e952 Adds 'empty_password' statement for states.user.present 2015-09-27 16:20:45 +02:00
Serg Kand 819d73a596 changing visudo checking to avoid wrong reporting when launched with test=true 2015-09-20 16:21:34 +03:00
Heinz Wiesinger 221f1ccef4 Fix minor bug for ssh known_hosts management with salt >= 2015.5.5.
This version complains that "argument port can not be used in
conjunction with argument hash_hostname", so add hash_hostname
to the fields we handle in the formula so we can override it
if needed.
2015-09-17 10:04:38 +02:00
maschinetheist f087f165f3 Added ability to specify room number, home phone, and work phone as per https://docs.saltstack.com/en/develop/ref/states/all/salt.states.user.html 2015-09-12 16:22:42 -05:00
Heinz Wiesinger 452b8ee8cf Add possibility to manage the user's global git configuration. 2015-09-11 13:25:19 +02:00
Heinz Wiesinger 74d5f6cc3c Add possibility to manage ssh's known_hosts file. 2015-08-28 11:49:38 +02:00
Shane Poage b986e1e7f2 Skips user if it's enabled without a specified source, and their directory does not exist. 2015-08-21 20:03:20 -05:00
Shane Poage cdb862e968 Added feature to allow syncing arbitrary sets of files per user. 2015-08-21 15:42:25 -05:00
Shane Poage a0d7d9fa6e Fixed indentation in key contents for authorized_keys 2015-08-21 11:20:07 -05:00
Shane Poage ff189c1613 Added ability to provide pillar path for ssh_auth. 2015-08-21 05:17:49 -05:00
Florian Ermisch 99a1a66010 break some of those horribly long lines
sry, could not resist.
2015-08-18 16:27:25 +02:00
Florian Ermisch 17cc04c041 iteritems() -> items() for python3 2015-08-18 16:12:36 +02:00
Simon Lloyd 60e94564d1 Don't add sudo group by default.
This formula doesn't really require the sudo group (unless
there are actually users in that group). Moreover, on FreeBSD
the 'admin' group would be wheel and not sudo.
2015-08-13 23:57:09 +02:00
Andres Montalban 750f2e6345 Add support for .profile file 2015-08-09 13:59:51 -03:00
Thibault Cohen 3df9d8ae21 Add missing ssh_config test to create .ssh folder 2015-08-04 01:08:28 -04:00
puneet kandhari ba11c68c24 Revert "@XenophonF made me do it"
This reverts commit a0392693e3.
2015-07-27 12:50:49 -05:00
puneet kandhari a0392693e3 @XenophonF made me do it 2015-07-27 12:45:56 -05:00
Matthew X. Economou c201269d1d Do not escape value of `enforce_password`
Fixes #82.
2015-07-27 11:13:11 -04:00
puneet kandhari 0e72cc20b9 Merge pull request #77 from irtnog/add-managed-file-permissions-to-ssh_keys_pillar-states
Rework ssh_keys_pillar-related states
2015-07-25 15:32:33 -05:00
Seth Miller 7dca1ebfd2 Adding support for the enforce_password option.
This will allow users change their passwords after the initial setting in Salt.
2015-07-17 10:18:38 -05:00
Cole Kowalski 7dda5571db the user's .ssh directory should be created if ssh_auth_file is supplied 2015-07-16 15:23:43 -04:00
Matthew X. Economou 2f4c088e5d Rework ssh_keys_pillar-related states
SSH key pairs deployed via the user's ssh_keys_pillar dict aren't
handled the same as the user's ssh_keys, e.g., file ownership and
permissions aren't specified, and the keying material gets copied
directly into the SLS file.  This change rewrites the two templated
file.managed states to behave as follows:

  - set the files' owner to be the user

  - set the files' group to be the user's primary group

  - for the public key, set the mode to 644 (u=rw,go=r)

  - for the private key, set the mode to 600 (u=rw,g=)

  - pull the files' contents directly from pillar
2015-07-13 15:22:45 -04:00
René Jochum a1d6591447 Fix users/init.sls.
Signed-off-by: René Jochum <rene@jochums.at>
2015-07-13 13:51:02 +02:00
René Jochum 2c4ed3edc9 Merge branch 'master' of github.com:pcdummy/saltstack-users-formula
Signed-off-by: René Jochum <rene@jochums.at>

Conflicts:
	pillar.example
	users/init.sls
2015-07-13 13:27:27 +02:00
René Jochum 00cc889683 Fix some smaller bugs.
Signed-off-by: René Jochum <rene@jochums.at>
2015-07-11 10:35:15 +02:00
Bohdan Kmit d0bbbda8aa readd 2fa pam enforcement 2015-07-01 19:15:31 +03:00
Bohdan Kmit a467d2a80f fix permission of GA config file 2015-07-01 18:39:53 +03:00
Niels Abspoel 622b846d7f Enable/disable bashrc/vimrc per user
Made both states configurable per user in pillar data
Had to drop extend, for this otherwise the extend would be empty if manage is
False
2015-06-11 23:34:16 +02:00
Niels Abspoel b4acac9de7 Added vimrc extension to users-formula
This will ensure that a given vimrc file in a users home dir is managed
Default it will search for a vimrc in salt://users/files/vimrc/{{ username
}}/vimrc
If this isn't found it will install salt://users/files/vimrc/vimrc
2015-06-10 22:56:57 +02:00
Niels Abspoel eac091bf66 fix sources to source 2015-06-10 22:03:26 +02:00
Niels Abspoel 29ce431151 Added bashrc extension to users-formula
This will ensure a given bashrc file in a users home dir.
Default it will search for a bashrc in salt://users/files/bashrc/{{ username }}/bashrc
If no file is found it will install the default from
salt://users/files/bashrc/bashrc
2015-06-10 21:40:52 +02:00
Sander Klein 3a8d72b947 Add "Do Not Edit" part 2015-05-16 09:56:20 +02:00
Sander Klein 57c82f3324 Add ~/.ssh/config management
This adds the ability to manage the ~/.ssh/config file for users.
2015-05-15 21:47:40 +02:00
Florian Bittner 701326e23f Add prefix 'users_' to all first level keys to prevent duplicate ids (e.g. in combination with zabbix-formula and key zabbis_user). 2015-05-07 00:07:06 +02:00
Alex Ciobica 031d6ce81f Add pulling keys from other pillar.
Example pillar:

ssh_keys:
  id_rsa:
    privkey: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY
      U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy
      B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+
      GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI
      -----END RSA PRIVATE KEY-----
    pubkey: |
      ssh-rsa MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2H....
2015-05-01 18:48:28 +03:00
tiger-seo 1546e2d186 possibility to define user-specific Defaults 2015-04-06 22:34:59 +03:00
Andrew Vant 1f80412da8 Added option to source ssh public keys from files. 2015-04-02 13:01:30 -04:00
root d416b6d839 Move ssh_auth_file key processing to before ssh_auth key to extend instead of overwrite functionality. 2015-03-13 13:32:39 +01:00
René Jochum c1b383d78b Add ability to create system users. 2015-03-12 23:27:31 +01:00
root fdc2fc2dfc Add 'ssh_auth_file' pillar key to generate an authorized_keys file from given ssh public keys. 2015-02-12 23:09:56 +01:00
René Jochum 6ca7aa0078 Remove leading whitespaces. 2015-01-23 20:52:14 +01:00
Bohdan Kmit c3b5b87fb2 google auth example pillar config add; forgotten gauth state file add 2015-01-15 13:28:51 +00:00
Bohdan Kmit 89d6672887 google auth package and config installation 2015-01-14 17:25:17 +00:00
Thomas Juberg 7aa32881b7 Clean up logic check to remove redundant check. 2014-12-31 09:46:03 +01:00
Thomas Juberg 518b06281a If createhome is set to false, don't touch the home directory or its
permissions.
2014-12-22 14:32:41 +01:00
Thomas Juberg e35045801c Add support for setting user expire 2014-12-22 14:22:46 +01:00
Tim Jones add153e060 Allow '!' prefix in password for locked\disabled accounts.
Signed-off-by: Tim Jones <me@prototim.com>
2014-12-17 22:57:54 +01:00
Scott Reeves ea76d0d84f Remove trailing slash from sudoers_dir 2014-10-24 22:57:44 -04:00
Jason Wolfe 9a71d78d2b Sorry for the spam, simplify this remove_groups rule a bit 2014-10-14 19:05:50 -07:00
Jason Wolfe a899ee85ec Make sure the logic stands after the default in salt is changed 2014-10-14 17:53:12 -07:00
Jason Wolfe 2a464d3dc3 By default, Salt will remove any groups not listed, so a users groups matches exactly the list you pass. This was added here:
https://github.com/saltstack/salt/issues/2142

This has been causing issues for many people, as the remove_groups options is undocumented.  In the 2014.7 release this is changing, and remove_groups will default to false:
https://github.com/saltstack/salt/issues/13276

I'm going with false by default, as it's our use case and it will soon be the default.  If people believe this module should default to true and remove groups not listed, I think that's open for discussion, but we should at least add the option.
2014-10-14 17:22:38 -07:00
Wolodja Wentland 13d7c271f2 Change default shell to /bin/csh on FreeBSD
This also made it necessary to introduce an additional entry 'shell' into the
users lookup table as the formula previously conflated the shell used for
running the visudo command and the default shell to be used for user accounts.

Fixes: #48
2014-09-11 16:06:43 +01:00
Alan Pearce 0c3b8ff765 Re-add ability to set shell per-user 2014-09-07 12:30:09 +01:00
Adam Wright 8e1d91b3f1 Add 'createhome' option for 'user.present' state 2014-09-07 13:23:06 +08:00
nike38rus 2cdb73927f Fix issue with bash binary location in FreeBSD 2014-08-13 17:57:01 +09:00
tiger-seo fda8708ecd added option to specify user home directory mode 2014-08-06 19:22:16 +03:00
7oku 4a8393dca9 added option to remove ssh public keys from auth (ssh_auth.absent) 2014-08-03 01:40:27 +02:00
7oku 94d53d5ee7 modified visudo to only report change in salt when there is an error. 2014-08-03 01:06:02 +02:00
Tim Jones 8a07ab1332 Only include users.sudo when a user with sudouser is declared. 2014-07-28 16:48:08 +00:00
Wang Xuerui 6d0baa244a Add Gentoo support 2014-05-31 19:15:03 +08:00
Wang Xuerui 22c8f7e106 Specify package names of bash and sudo according to grains 2014-05-31 19:14:00 +08:00
root 8417c6c888 Add support FreeBSD using map.jinja (Tested on Freebsd10) 2014-05-30 12:20:13 +09:00
Ash Berlin d5923d82e6 Specify bash shell when validating sudo snippet
Since we are using bash specific features and sometimes you can end up getting /bin/sh - see https://github.com/saltstack-formulas/users-formula/pull/30#issuecomment-44224106
2014-05-27 22:52:41 +01:00
Seth House 2032369f0b Merge pull request #32 from bsundsrud/sudoer_consistency
Overwrite a sudoer file rather than append to fix #21
2014-05-13 11:04:07 -06:00
Benn Sundsrud e9cc0b29cb Do not echo Public/Private keys to stdout when running the state 2014-05-13 11:37:38 -05:00
Benn Sundsrud a8b6207265 Overwrite a sudoer file rather than append to fix #21 2014-05-13 11:36:49 -05:00
Ash Berlin 99d7b92b06 Ensure that we are sudo includes /etc/sudoers.d
It doesn't by default everywhere - without this the sudo_rules option won't work
2014-04-28 17:39:45 +01:00
Ash Berlin 192edba9c5 Validate user sudo rules before applying them 2014-04-28 15:52:43 +01:00
Eric Edgar 757e79c9d2 Add Password capabilities 2014-04-24 21:45:04 -05:00
Slawomir Pucia 07aeb2c4f8 New format of user.absent support introduced. Old format still supported. 2014-04-23 14:49:10 +02:00
Johannes 2416374d2b Fix pubkey privkey typo
Fixes #22
2014-03-30 15:00:17 +00:00
Diego Woitasen 0e76454a16 Add absent_groups pillar to remove groups. 2014-03-14 20:07:22 -03:00
Adam Wright 2c58a76ce6 Check for sudo_rules before text.append state.
Since ebe5198f, if a user's pillar dict didn't contain sudo_rules, a broken
file.append state would be rendered (since some text is required). With
this patch, the file is still created/managed by the previous state, but
will be empty by default if created fresh. This seems a more sensible
default than assuming a default sudoer policy.

Further, since the first word on each rule line should be the user's
name, that is now assumed.
2014-02-22 08:43:52 +00:00
Greg Shikhman 097b814f67 Changed 'contents' to 'contents_pillar' to correctly parse newlines for private/public SSH keys. 2014-02-16 23:34:47 -05:00
Wolodja Wentland 9636530169 Change .ssh permissions to 700 2014-02-14 14:13:17 +01:00
Steffen Roegner 0f83ab7008 Add and support ssh_key_type attribute to allow for dsa ssh key pairs 2014-01-31 14:44:41 -05:00
madflojo 7284ece745 change pub key to use user_group
if you set an alternate prime_group this would break, replaced {{ name
}} with {{ user_group }}
2014-01-29 21:00:03 -07:00
madflojo ebe5198f9d Modified Private Keys and Sudoers
Changed Private keys to have content within pillar rather than the salt
file repository.

Changes sudoers entry to get values from pillar rather than assuming
all sudo users want root.
2014-01-29 19:53:09 -07:00
Tomáš Fejfar 7d1793cf00 SLS no longer fails for multiple groups 2014-01-14 16:49:45 +01:00
tiger-seo 5ce8d7d2c5 possibility to define alternate user`s prime group 2014-01-13 18:20:15 +02:00
Ryan Billington 547db95d62 Fix Undefined jinja variable error with Salt 0.17.1
Ran into an error with Salt version 0.17.1:
Rendering SLS users failed, render error: Undefined jinja variable; line 32

After finding https://github.com/saltstack/salt/issues/8245, and working on
line 32, I surmised that line 28 might be the actual cause of the issue.

I just added a quick check to see if uid exists in user, just as the user uid
line does.
2013-11-14 10:13:45 -06:00
Shawn Butts f25cec613a better sudoers support & default gid
add support for sudouser being False.
change to adding sudoers config to /etc/sudoers.d/<user>
adding the removal of /etc/sudoers.d/<user> on user removal or switching to sudouser being removed or set to false
2013-10-28 16:39:55 -04:00
J. Random Hacker b07d21f4c6 Fixed user default shell source
Pulling 'shell' from pillar globally makes no sense, probably a mistake; pulling it from user instead.
2013-09-04 21:30:32 +02:00
J. Random Hacker 7b7ee3f2f8 Fix requisites for user state
group requisites were wrong. They required {{ group }}_group, while {{ group }} was the actually added group.
2013-08-08 13:42:55 +02:00
Ari Lerner e00fdb22fd Initial commit 2013-06-19 12:53:46 -07:00