-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsetup-linux-user-passwords.sls
62 lines (59 loc) · 2.11 KB
/
setup-linux-user-passwords.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
## Set Linux Accounts to passwords defined hashes.
## Hashes are generated via the command python -c "import crypt; print crypt.crypt('myPasswordHere', '\$6\$SALTsalt')"
##
## Pillar variables
##
## Name | Type | Default Value | Description
## -------------------------------------------------------------------------------------
## root_pw_hash | String | None | The hashed value to use for the root password
## t128_pw_hash | String | None | The hashed value to use for the t128 password
##
## TO DO - Look into verifying a valid hash is provided
Linux_root_password_hash_check:
{%- set root_pw = pillar.get('root_pw_hash') %}
{%- set current_root = salt['shadow.info']('root').passwd %}
{%- if root_pw %}
{%- if root_pw == current_root %}
test.configurable_test_state:
- name: shadow.set_password
- changes: False
- result: True
- comment: "root password Already Set to Configured Hash"
{%- else %}
module.run:
- name: shadow.set_password
- m_name: root
- password: {{ root_pw }}
{%- endif %}
{%- else %}
{%- do salt.log.warning("Salt pillar value root_pw_hash is not defined or is an invalid password hash") %}
test.configurable_test_state:
- name: shadow.set_password
- changes: False
- result: False
- comment: "Pillar root_pw_hash is not set"
{%- endif %}
Set_Linux_t128_password_hash_from_pillar:
{%- set t128_pw = pillar.get('t128_pw_hash') %}
{%- set current_t128 = salt['shadow.info']('t128').passwd %}
{%- if t128_pw %}
{%- if t128_pw == current_t128 %}
test.configurable_test_state:
- name: shadow.set_password
- changes: False
- result: True
- comment: "t128 password already set to configured hash"
{%- else %}
module.run:
- name: shadow.set_password
- m_name: t128
- password: {{ pillar.get('t128_pw_hash') }}
{%- endif %}
{%- else %}
{%- do salt.log.warning("Salt pillar value t128_pw_hash is not defined or is an invalid password hash") %}
test.configurable_test_state:
- name: shadow.set_password
- changes: False
- result: False
- comment: "Pillar t128_pw_hash is not set"
{%- endif %}