bundles/sudo: use sudoers.d
All checks were successful
bundlewrap/pipeline/head This commit looks good

This commit is contained in:
Franzi 2020-11-09 20:39:35 +01:00
parent c7362df6c4
commit 6ca0d863b1
Signed by: kunsi
GPG key ID: 12E3D2136B818350
4 changed files with 17 additions and 16 deletions

View file

@ -0,0 +1,5 @@
% for user, config in sorted(node.metadata['users'].items()):
% for p in sorted(config.get('sudo_commands', [])):
${user} ALL=(ALL) NOPASSWD:${p}
% endfor
% endfor

View file

@ -6,8 +6,4 @@ Defaults secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bi
root ALL=(ALL) ALL root ALL=(ALL) ALL
% for user, permissions in sorted(node.metadata['sudo'].items()): #includedir /etc/sudoers.d
% for p in sorted(permissions):
${user} ALL=(ALL) NOPASSWD:${p}
% endfor
% endfor

View file

@ -2,8 +2,19 @@ groups = {
'sudo': {}, 'sudo': {},
} }
directories = {
'/etc/sudoers.d': {
'purge': True,
},
}
files = { files = {
'/etc/sudoers': { '/etc/sudoers': {
'needs': {
'file:/etc/sudoers.d/bwusers',
},
},
'/etc/sudoers.d/bwusers': {
'content_type': 'mako', 'content_type': 'mako',
}, },
} }

View file

@ -1,11 +0,0 @@
@metadata_reactor
def sudo_users(metadata):
sudoers = {}
for username, config in metadata.get('users', {}).items():
if 'sudo_commands' in config:
sudoers[username] = config['sudo_commands']
return {
'sudo': sudoers,
}