bundles/users: get default user data from users.json

2020-11-10 13:12:36 +01:00 · 2020-11-10 13:12:36 +01:00 · cca4fec761
parent c090a9c2c2
commit cca4fec761
5 changed files with 52 additions and 19 deletions
--- a/bundles/sudo/files/bwusers
+++ b/bundles/sudo/files/bwusers
@ -1,5 +1,9 @@
 % for user, config in sorted(node.metadata['users'].items()):
+%   if config.get('is_admin', False):
+${user} ALL=(ALL) NOPASSWD:ALL
+%   else:
 %     for p in sorted(config.get('sudo_commands', [])):
 ${user} ALL=(ALL) NOPASSWD:${p}
 %     endfor
+%   endif
 % endfor
--- a/bundles/users/items.py
+++ b/bundles/users/items.py
@ -30,7 +30,11 @@ for username, attrs in node.metadata['users'].items():

        user['home'] = home
        user['shell'] = '/bin/bash'
-        user['password_hash'] = 'x'
+
+        if 'password' in attrs:
+            user['password'] = attrs['password']
+        else:
+            user['password_hash'] = 'x' if node.use_shadow_passwords else '*'

        if 'groups' in attrs:
            user['groups'] = attrs['groups']
--- a/bundles/users/metadata.py
+++ b/bundles/users/metadata.py
@ -1,3 +1,6 @@
+from json import loads
+from os.path import join
+
 defaults = {
    'apt': {
        'packages': {
@ -13,3 +16,29 @@ defaults = {
        },
    },
 }
+
+
+@metadata_reactor
+def add_users_from_json(metadata):
+    with open(join(repo.path, 'users.json'), 'r') as f:
+        json = loads(f.read())
+
+    users = {}
+    # First, add all admin users
+    for uname, config in json.items():
+        if config.get('is_admin', False):
+            users[uname] = {
+                'ssh_pubkey': set(config['ssh_pubkey']),
+                'is_admin': True,
+            }
+
+    # Then, run again to get all 'to be deleted' users
+    for uname, config in json.items():
+        if uname not in metadata.get('users', {}):
+            users.setdefault(uname, {
+                'delete': True,
+            })
+
+    return {
+        'users': users,
+    }
--- a/groups/all.py
+++ b/groups/all.py
@ -19,24 +19,6 @@ groups['all'] = {
                'mail': 'hostmaster@kunsmann.eu',
            },
        },
-        'users': {
-            'kunsi': {
-                'ssh_pubkey': [
-                    'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+ja1z5VRQzaKCCePsUM14qMr9QR94qlWc7Je5Poki9UmC1t/TyxRVzcCBL1ZdIfBGx6QKtfkEbvhgb3nxVt3PvXjoJrc6wwGLmNrVsU6B88y35g7nzupQiPKYJwkNzJ9j6Dmkgj1F5Q+aY2SitDaX6vqICLJ4Al/ZFw2IQxVJfC7JXRJ9jRMG5o9gWoE3gWDYEAmw+HU2mNzyeuaD12qJw9DHUimAlgkOWzll3gh9WclsYnnXGrCCn5fyHFUCJl+XXAIy519z7YTpKih02rsIOw5dnaGClBZD/YQu2ZKVFZiwIVH7aBiqHOmtgRyWTQgjbh/fMpIN0ar2f/iZsWYUjd6et48TOmXZYIPCQ5FivXNvxt9oo1XZfq76UHBwlmypLJIWROMbz375n2M6hr3hECuxuPjKEUXAv05KiC1aJ4xc6pFoVhqwAR99hvHw5U4o7/ko2NVjNpTu6Jr5DT5VaQLIdDDjC/93kUjMpdD/8P72bEn7454+WexU6OE6uvNiHj1fetrptr2UAuzVfnCoaV8pBqY7X95gk+lnSENdpr8ltJYMg8s0Z7Pzz0OxsZtzzDY5VmWfC9TCdJkN5lT8IbnaixsYlWdjQl1lMmZGElmelfU3K7YQLAbZiHmHKe4hTl9ZoCcWdTQ3d4y2t1DBos+N2HZNdtFCyOS8esDdMw== cardno:000609506971',
-                ],
-                'sudo_commands': {
-                    'ALL',
-                },
-            },
-            'sophie': {
-                'ssh_pubkey': [
-                    'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDU7XmpX4w+rGQDi+dF6M0q65K2iHVgD1wHBoHREjyqCzmPGZgrnLIv6EN9WWJXjCgRdLEUXgPn7PNJnAgBs3U8G8MsF55yrPNUIsEeg6v+Y6zibEujMrwmeDSk0XAn8iSZcy+4cnqykIMk9Hd5WXW7ZhSHGs4MftWn3Z/q15qPHl/w9OyaKDJAjk8yEsD1sZoAQMhomKliKjJ5a6jNyf7otS3HdbZx4KXABJNuWn/IvmwkcaIU8ljyuPkPkiMn5JWhcUK2kE81Y4a5zJxxusSXSF6Ip7W2Rhv+4gnScTjhTPsG70HlSF/LAB2ytKo0F0N/ZB2hJk+Jq6cAwNBzuST7 sophie@ejgwmobile',
-                ],
-                'sudo_commands': {
-                    'ALL',
-                },
-            },
-        },
    },
    'pip_command': 'pip3',
 }
--- a/users.json
+++ b/users.json
@ -0,0 +1,14 @@
+{
+    "kunsi": {
+        "ssh_pubkey": [
+            "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+ja1z5VRQzaKCCePsUM14qMr9QR94qlWc7Je5Poki9UmC1t/TyxRVzcCBL1ZdIfBGx6QKtfkEbvhgb3nxVt3PvXjoJrc6wwGLmNrVsU6B88y35g7nzupQiPKYJwkNzJ9j6Dmkgj1F5Q+aY2SitDaX6vqICLJ4Al/ZFw2IQxVJfC7JXRJ9jRMG5o9gWoE3gWDYEAmw+HU2mNzyeuaD12qJw9DHUimAlgkOWzll3gh9WclsYnnXGrCCn5fyHFUCJl+XXAIy519z7YTpKih02rsIOw5dnaGClBZD/YQu2ZKVFZiwIVH7aBiqHOmtgRyWTQgjbh/fMpIN0ar2f/iZsWYUjd6et48TOmXZYIPCQ5FivXNvxt9oo1XZfq76UHBwlmypLJIWROMbz375n2M6hr3hECuxuPjKEUXAv05KiC1aJ4xc6pFoVhqwAR99hvHw5U4o7/ko2NVjNpTu6Jr5DT5VaQLIdDDjC/93kUjMpdD/8P72bEn7454+WexU6OE6uvNiHj1fetrptr2UAuzVfnCoaV8pBqY7X95gk+lnSENdpr8ltJYMg8s0Z7Pzz0OxsZtzzDY5VmWfC9TCdJkN5lT8IbnaixsYlWdjQl1lMmZGElmelfU3K7YQLAbZiHmHKe4hTl9ZoCcWdTQ3d4y2t1DBos+N2HZNdtFCyOS8esDdMw== cardno:000609506971"
+        ],
+        "is_admin": true
+    },
+    "sophie": {
+        "ssh_pubkey": [
+            "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDU7XmpX4w+rGQDi+dF6M0q65K2iHVgD1wHBoHREjyqCzmPGZgrnLIv6EN9WWJXjCgRdLEUXgPn7PNJnAgBs3U8G8MsF55yrPNUIsEeg6v+Y6zibEujMrwmeDSk0XAn8iSZcy+4cnqykIMk9Hd5WXW7ZhSHGs4MftWn3Z/q15qPHl/w9OyaKDJAjk8yEsD1sZoAQMhomKliKjJ5a6jNyf7otS3HdbZx4KXABJNuWn/IvmwkcaIU8ljyuPkPkiMn5JWhcUK2kE81Y4a5zJxxusSXSF6Ip7W2Rhv+4gnScTjhTPsG70HlSF/LAB2ytKo0F0N/ZB2hJk+Jq6cAwNBzuST7 sophie@ejgwmobile"
+        ],
+        "is_admin": true
+    }
+}