reuse sshd_config from map (#160)

chenmen · aboe76 · commit 463ad69d92ca · 2019-04-27T09:13:48.000+02:00
remove duplicated 'pillar.get' calls to retrieve the sshd_config and ssh_config pillars.
diff --git a/openssh/config.sls b/openssh/config.sls
@@ -1,11 +1,9 @@
-{% from "openssh/map.jinja" import openssh with context %}
-
-{%- set manage_sshd_config = salt['pillar.get']('sshd_config', False) %}
+{% from "openssh/map.jinja" import openssh, ssh_config, sshd_config with context %}
 
 include:
   - openssh
 
-{% if manage_sshd_config %}
+{% if sshd_config %}
 sshd_config:
   file.managed:
     - name: {{ openssh.sshd_config }}
@@ -22,7 +20,7 @@ sshd_config:
       - service: {{ openssh.service }}
 {% endif %}
 
-{% if salt['pillar.get']('ssh_config', False) %}
+{% if ssh_config %}
 ssh_config:
   file.managed:
     - name: {{ openssh.ssh_config }}
@@ -38,15 +36,15 @@ ssh_config:
 
 {%- for keyType in openssh['host_key_algos'].split(',') %}
 {%-   set keyFile = "/etc/ssh/ssh_host_" ~ keyType ~ "_key" %}
-{%-   set keySize = salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', False) %}
-{%-   if salt['pillar.get']('openssh:provide_' ~ keyType ~ '_keys', False) %}
+{%-   set keySize = openssh.get('generate_' ~ keyType ~ '_size', False) %}
+{%-   if openssh.get('provide_' ~ keyType ~ '_keys', False) %}
 ssh_host_{{ keyType }}_key:
   file.managed:
     - name: {{ keyFile }}
     - contents_pillar: 'openssh:{{ keyType }}:private_key'
     - user: root
     - mode: 600
-    {%- if manage_sshd_config %}
+    {%- if sshd_config %}
     - require_in:
       - file: sshd_config
     {%- endif %}
@@ -59,14 +57,14 @@ ssh_host_{{ keyType }}_key.pub:
     - contents_pillar: 'openssh:{{ keyType }}:public_key'
     - user: root
     - mode: 600
-    {%- if manage_sshd_config %}
+    {%- if sshd_config %}
     - require_in:
       - file: sshd_config
     {%- endif %}
     - watch_in:
       - service: {{ openssh.service }}
-{%-   elif salt['pillar.get']('openssh:generate_' ~ keyType ~ '_keys', False) %}
-{%-     if keySize and salt['pillar.get']('openssh:enforce_' ~ keyType ~ '_size', False) %}
+{%-   elif openssh.get('generate_' ~ keyType ~ '_keys', False) %}
+{%-     if keySize and openssh.get('enforce_' ~ keyType ~ '_size', False) %}
 ssh_remove_short_{{ keyType }}_key:
   cmd.run:
     - name: "rm -f {{ keyFile }} {{ keyFile }}.pub"
@@ -80,7 +78,7 @@ ssh_generate_host_{{ keyType }}_key:
     - name: "rm {{ keyFile }}*; ssh-keygen -t {{ keyType }} {{ keySizePart }} -N '' -f {{ keyFile }}"
     - unless: "test -s {{ keyFile }}"
     - runas: root
-    {%- if manage_sshd_config %}
+    {%- if sshd_config %}
     - require_in:
       - file: sshd_config
     {%- endif %}
@@ -94,12 +92,12 @@ ssh_host_{{ keyType }}_key:  # set permissions
     - mode: 0600
     - require:
       - cmd: ssh_generate_host_{{ keyType }}_key
-    {%- if manage_sshd_config %}
+    {%- if sshd_config %}
     - require_in:
       - file: sshd_config
     {%- endif %}
 
-{%-   elif salt['pillar.get']('openssh:absent_' ~ keyType ~ '_keys', False) %}
+{%-   elif openssh.get('absent_' ~ keyType ~ '_keys', False) %}
 ssh_host_{{ keyType }}_key:
   file.absent:
     - name: {{ keyFile }}
@@ -114,7 +112,7 @@ ssh_host_{{ keyType }}_key.pub:
 {%-   endif %}
 {%- endfor %}
 
-{%- if salt['pillar.get']('sshd_config:UsePrivilegeSeparation', '')|lower == 'yes' %}
+{%- if sshd_config.get('UsePrivilegeSeparation', '')|lower == 'yes' %}
 /var/run/sshd:
   file.directory:
     - user: root
