From 3a798a20d77e691a6d5c92ca42f1a82e133f1266 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Thu, 26 Sep 2024 17:11:08 +1000 Subject: [PATCH] feat: implement nested groups - use includegroups feature to nest groups - remove the trailing ',' from includegroups --- hieradata/roles/infra/auth/glauth.yaml | 58 ++++++++------------------ modules/glauth/templates/obj/group.epp | 2 +- 2 files changed, 18 insertions(+), 42 deletions(-) diff --git a/hieradata/roles/infra/auth/glauth.yaml b/hieradata/roles/infra/auth/glauth.yaml index cabeaa2..c0d976a 100644 --- a/hieradata/roles/infra/auth/glauth.yaml +++ b/hieradata/roles/infra/auth/glauth.yaml @@ -52,16 +52,10 @@ glauth::users: uidnumber: 20000 primarygroup: 20000 othergroups: - - 20010 - - 20011 - - 20012 - - 20013 - - 20014 - - 20015 - - 20016 - - 20017 - - 20018 - - 20023 + - 20025 # media_admin + - 20017 # rundeck_access + - 20018 # rundeck_globaladmin + - 20023 # vault_access loginshell: '/bin/bash' homedir: '/home/benvin' passsha256: 'd2434f6b4764ef75d5b7b96a876a32deedbd6aa726a109c3f32e823ca66f604a' @@ -75,13 +69,7 @@ glauth::users: uidnumber: 20001 primarygroup: 20000 othergroups: - - 20010 - - 20011 - - 20012 - - 20013 - - 20014 - - 20015 - - 20016 + - 20025 # media_admin loginshell: '/bin/bash' homedir: '/home/matsol' passsha256: '369263e2455a57c8c21388860c417b640fcf045a303cfc88def18c5197493600' @@ -93,12 +81,7 @@ glauth::users: uidnumber: 20002 primarygroup: 20000 othergroups: - - 20010 # jelly - - 20011 # sonarr - - 20012 # radarr - - 20013 # lidarr - - 20014 # readarr - - 20016 # nzbget + - 20024 # media_access loginshell: '/bin/bash' homedir: '/home/seablo' passsha256: '2db12484b2b5fdae7f3a1f9f870143c363af14bf2c31a415a9a7afcb02520df2' @@ -110,12 +93,7 @@ glauth::users: uidnumber: 20003 primarygroup: 20000 othergroups: - - 20010 # jelly - - 20011 # sonarr - - 20012 # radarr - - 20013 # lidarr - - 20014 # readarr - - 20016 # nzbget + - 20024 # media_access loginshell: '/bin/bash' homedir: '/home/marbal' passsha256: 'cc20cee6269b9970a76549c66b51d0c543352796180d4122260a47f0f7a442a9' @@ -127,12 +105,7 @@ glauth::users: uidnumber: 20004 primarygroup: 20000 othergroups: - - 20010 # jelly - - 20011 # sonarr - - 20012 # radarr - - 20013 # lidarr - - 20014 # readarr - - 20016 # nzbget + - 20024 # media_access loginshell: '/bin/bash' homedir: '/home/kelren' passsha256: '5b01659bca1ecb27847d2f746fab03eb169879ebcc86547024753dac7cb184c4' @@ -144,12 +117,7 @@ glauth::users: uidnumber: 20005 primarygroup: 20000 othergroups: - - 20010 # jelly - - 20011 # sonarr - - 20012 # radarr - - 20013 # lidarr - - 20014 # readarr - - 20016 # nzbget + - 20024 # media_access loginshell: '/bin/bash' homedir: '/home/ryadun' passsha256: 'ee17174d49545f6f7257ae79eb173de4acf2b2edf55e181de90decd0e4b4e617' @@ -273,3 +241,11 @@ glauth::groups: vault_access: group_name: 'vault_access' gidnumber: 20023 + media_access: + group_name: 'media_access' + gidnumber: 20024 + includegroups: [20010, 20011, 20012, 20013, 20014, 20016] + media_admin: + group_name: 'media_admin' + gidnumber: 20025 + includegroups: [20024, 20015] diff --git a/modules/glauth/templates/obj/group.epp b/modules/glauth/templates/obj/group.epp index c037cd7..dbf9fb4 100644 --- a/modules/glauth/templates/obj/group.epp +++ b/modules/glauth/templates/obj/group.epp @@ -1,5 +1,5 @@ [[groups]] name = "<%= $name %>" gidnumber = <%= $gidnumber %> - <% if $includegroups.length > 0 { %>includegroups = [<% $includegroups.each |Integer $group| { %><%= $group %>, <% } %>]<% } %> + <% if $includegroups.length > 0 { %>includegroups = [<%= $includegroups.join(', ') %>]<% } %>