salt.master: configure publisher_acl

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
author: Georg Pfuetzenreuter 2023-01-22 15:33:30 +0100
committer: Georg Pfuetzenreuter 2023-01-22 15:41:23 +0100
commit: 06a36e62ae783600a98115258ab4a3c6095888d1 (patch)
tree: 15f5e93704d68e1da49bf3a7f78c372f8bb13e37 /salt
parent: 4f633d8d4e510f5c25e2d07ea240479d2a64448a (diff)
download: salt-06a36e62ae783600a98115258ab4a3c6095888d1.tar.gz
salt-06a36e62ae783600a98115258ab4a3c6095888d1.tar.bz2
salt-06a36e62ae783600a98115258ab4a3c6095888d1.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/salt/profile/salt/master.sls b/salt/profile/salt/master.sls
index a1ef840..ae2aee4 100644
--- a/salt/profile/salt/master.sls
+++ b/salt/profile/salt/master.sls
@@ -101,3 +101,15 @@ salt_redis_service_start:
       - pkg: redis
     - watch:
       - file: {{ redis_config }}
+
+{%- if pillar['secret_salt'] is defined %}
+admin_salt_membership:
+  group.present:
+    - name: salt
+    - addusers:
+      {%- for user in master_pillar['publisher_acl'] %}
+      - {{ user }}
+      {%- endfor %}
+    - require:
+      - pkg: salt-master
+{%- endif %}
author	Georg Pfuetzenreuter	2023-01-22 15:33:30 +0100
committer	Georg Pfuetzenreuter	2023-01-22 15:41:23 +0100
commit	06a36e62ae783600a98115258ab4a3c6095888d1 (patch)
tree	15f5e93704d68e1da49bf3a7f78c372f8bb13e37 /salt
parent	4f633d8d4e510f5c25e2d07ea240479d2a64448a (diff)
download	salt-06a36e62ae783600a98115258ab4a3c6095888d1.tar.gz salt-06a36e62ae783600a98115258ab4a3c6095888d1.tar.bz2 salt-06a36e62ae783600a98115258ab4a3c6095888d1.zip