add additional users - manage file if user name isnt returned from grepping the file

2025-12-06 09:12:45 +01:00 · 2021-05-28 13:58:03 -04:00
parent 18926009d3
commit 63b31de2b8
1 changed files with 23 additions and 4 deletions
--- a/salt/elasticsearch/auth.sls
+++ b/salt/elasticsearch/auth.sls
@@ -5,8 +5,27 @@ elastic_auth_pillar:
        elasticsearch:
          auth:
            enabled: False
-            user: so_elastic
-            pass: {{ salt['random.get_str'](20) }}
+            users:
+              so_elastic_user:
+                user: so_elastic
+                pass: {{ salt['random.get_str'](20) }}
+              so_kibana_user:
+                user: so_kibana
+                pass: {{ salt['random.get_str'](20) }}
+              so_logstash_user:
+                user: so_logstash
+                pass: {{ salt['random.get_str'](20) }}
+              so_beats_user:
+                user: so_beats
+                pass: {{ salt['random.get_str'](20) }}
+              so_monitor_user:
+                user: so_monitor
+                pass: {{ salt['random.get_str'](20) }}
    # since we are generating a random password, and we don't want that to happen everytime
-    # a highstate runs, we only manage the file if it doesn't exist
-    - unless: ls /opt/so/saltstack/local/pillar/elasticsearch/auth.sls
+    # a highstate runs, we only manage the file each user isn't present in the file. if the
+    # pillar file doesn't exists, then the default vault provided to pillar.get should not
+    # be within the file either, so it should then be created
+    - unless:
+    {% for so_app_user in salt['pillar.get']('elasticsearch:auth:users', {'so_noapp_user': {'user': 'r@NDumu53Rd0NtDOoP'}}) %}
+      - grep {{ so_app_user.user }} /opt/so/saltstack/local/pillar/elasticsearch/auth.sls
+    {% endfor%}