Untitled

formulas/accounts/users.sls:
{% import '_grains/map.jinja' as grain %}
{% from 'accounts/map.jinja' import accounts with context %}

{% for username, details in accounts.get('users', {}).items() %}
{% if (details.get('components') is not none and grain.component in details.get('components')) or (details.get('environments') is not none and grain.env in details.get('environments')) or (details.get('environments') is not none and 'all' in details.get('environments')) %}
{{ username }}:
{% if details.get('enabled') == True %}
  group.present:
    - name: {{ username }}
    - gid: {{ details.get('uid') }}
  user.present:
    - fullname: {{ details.get('fullname') }}
    - name: {{ username }}
    - shell: {{ details.get('shell','/bin/bash') }}
    - home: /home/{{ username }}
    - uid: {{ details.get('uid') }}
    - gid: {{ details.get('uid') }}
    {% if 'groups' in details or details.get('sudo') == True %}
    - groups:
      {% for group in details.get('groups', []) %}
      - {{ group }}
      {% endfor %}
      {% if details.get('sudo') == True %}
      - {{ accounts.sudo.group }}
      {% endif %}
    {% endif %}

{% if 'pubkey' in details %}
  file.directory:
    - name: /home/{{ username }}/.ssh
    - user: {{ username }}
    - group: {{ username }}
    - mode: 0700
{% endif %}
{% if 'pubkey' in details %}
{{ username }}_authorized_keys_file:
  file.managed:
    - name: /home/{{ username }}/.ssh/authorized_keys
    - user: {{ username }}
    - group: {{ username }}
    - contents: "{{ details.get('pubkey') }}"
    - mode: 0600
{% endif %}
{% else %}
  user.absent:
    - name: {{ username }}
{% endif %}
{% endif %}
{% endfor %}


pillars/accounts/init.sls:
accounts:
  groups:
    admin:
      gid: 200
    dashboards:
      gid: 303
    dev:
      gid: 301
  users:
    jsmith:
      fullname: John Smith
      shell: /bin/bash
      uid: 1000
      groups:
        - admin
      pubkey: ssh-rsa <ssh public key> jsmith@acme.com
      sudo: True
      enabled: True
      environments:
        - all