From 63b31de2b841eb0212499a2d8b846425cb3fe405 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 28 May 2021 13:58:03 -0400 Subject: [PATCH] add additional users - manage file if user name isnt returned from grepping the file --- salt/elasticsearch/auth.sls | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/salt/elasticsearch/auth.sls b/salt/elasticsearch/auth.sls index e8ab1e378..187922d6e 100644 --- a/salt/elasticsearch/auth.sls +++ b/salt/elasticsearch/auth.sls @@ -5,8 +5,27 @@ elastic_auth_pillar: elasticsearch: auth: enabled: False - user: so_elastic - pass: {{ salt['random.get_str'](20) }} + users: + so_elastic_user: + user: so_elastic + pass: {{ salt['random.get_str'](20) }} + so_kibana_user: + user: so_kibana + pass: {{ salt['random.get_str'](20) }} + so_logstash_user: + user: so_logstash + pass: {{ salt['random.get_str'](20) }} + so_beats_user: + user: so_beats + pass: {{ salt['random.get_str'](20) }} + so_monitor_user: + user: so_monitor + pass: {{ salt['random.get_str'](20) }} # since we are generating a random password, and we don't want that to happen everytime - # a highstate runs, we only manage the file if it doesn't exist - - unless: ls /opt/so/saltstack/local/pillar/elasticsearch/auth.sls + # a highstate runs, we only manage the file each user isn't present in the file. if the + # pillar file doesn't exists, then the default vault provided to pillar.get should not + # be within the file either, so it should then be created + - unless: + {% for so_app_user in salt['pillar.get']('elasticsearch:auth:users', {'so_noapp_user': {'user': 'r@NDumu53Rd0NtDOoP'}}) %} + - grep {{ so_app_user.user }} /opt/so/saltstack/local/pillar/elasticsearch/auth.sls + {% endfor%}