bundles/sudo: use sudoers.d

2020-11-09 20:39:35 +01:00 · 2020-11-09 20:39:35 +01:00 · 6ca0d863b1
parent c7362df6c4
commit 6ca0d863b1
4 changed files with 17 additions and 16 deletions
--- a/bundles/sudo/files/bwusers
+++ b/bundles/sudo/files/bwusers
@ -0,0 +1,5 @@
+% for user, config in sorted(node.metadata['users'].items()):
+%     for p in sorted(config.get('sudo_commands', [])):
+${user} ALL=(ALL) NOPASSWD:${p}
+%     endfor
+% endfor
--- a/bundles/sudo/files/sudoers
+++ b/bundles/sudo/files/sudoers
@ -6,8 +6,4 @@ Defaults secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bi

 root ALL=(ALL) ALL

-% for user, permissions in sorted(node.metadata['sudo'].items()):
-%     for p in sorted(permissions):
-${user} ALL=(ALL) NOPASSWD:${p}
-%     endfor
-% endfor
+#includedir /etc/sudoers.d
--- a/bundles/sudo/items.py
+++ b/bundles/sudo/items.py
@ -2,8 +2,19 @@ groups = {
    'sudo': {},
 }

+directories = {
+    '/etc/sudoers.d': {
+        'purge': True,
+    },
+}
+
 files = {
    '/etc/sudoers': {
+        'needs': {
+            'file:/etc/sudoers.d/bwusers',
+        },
+    },
+    '/etc/sudoers.d/bwusers': {
        'content_type': 'mako',
    },
 }
--- a/bundles/sudo/metadata.py
+++ b/bundles/sudo/metadata.py
@ -1,11 +0,0 @@
-@metadata_reactor
-def sudo_users(metadata):
-    sudoers = {}
-
-    for username, config in metadata.get('users', {}).items():
-        if 'sudo_commands' in config:
-            sudoers[username] = config['sudo_commands']
-
-    return {
-        'sudo': sudoers,
-    }