From 7d4624ce6214f1831af69250ebcf95f55766a732 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sun, 25 Feb 2024 15:29:10 +0100 Subject: [PATCH] remove users/$user/is_admin metadata, directly write sudo_commands instead --- bundles/sudo/files/bwusers | 8 ++------ bundles/users/metadata.py | 2 +- bundles/vmhost/metadata.py | 2 +- nodes/home/router.py | 12 ++---------- nodes/htz-cloud/miniserver.py | 3 --- nodes/htz-hel/backup-sophie.py | 6 +----- nodes/voc/infobeamer-cms.py | 1 + 7 files changed, 8 insertions(+), 26 deletions(-) diff --git a/bundles/sudo/files/bwusers b/bundles/sudo/files/bwusers index 6c47ecd..00dfafa 100644 --- a/bundles/sudo/files/bwusers +++ b/bundles/sudo/files/bwusers @@ -1,9 +1,5 @@ % for user, config in sorted(node.metadata['users'].items()): -% if config.get('is_admin', False): -${user} ALL=(ALL) NOPASSWD:ALL -% else: -% for p in sorted(config.get('sudo_commands', [])): +% for p in sorted(config.get('sudo_commands', [])): ${user} ALL=(ALL) NOPASSWD:${p} -% endfor -% endif +% endfor % endfor diff --git a/bundles/users/metadata.py b/bundles/users/metadata.py index fc3cb0c..48a8b72 100644 --- a/bundles/users/metadata.py +++ b/bundles/users/metadata.py @@ -36,7 +36,7 @@ def add_users_from_json(metadata): if config.get('is_admin', False) or uname in metadata_users: users[uname] = { 'ssh_pubkey': set(config['ssh_pubkey']), - 'is_admin': config.get('is_admin', False), + 'sudo_commands': ['ALL'], } # Then, run again to get all 'to be deleted' users diff --git a/bundles/vmhost/metadata.py b/bundles/vmhost/metadata.py index 9c4cd5e..3aaa10e 100644 --- a/bundles/vmhost/metadata.py +++ b/bundles/vmhost/metadata.py @@ -52,7 +52,7 @@ if node.has_bundle('arch-with-gui'): def libvirt_group_for_admins(metadata): result = {} for user, config in metadata.get('users', {}).items(): - if config.get('is_admin', False): + if 'ALL' in config.get('sudo_commands', set()): result[user] = { 'groups': { 'libvirt', diff --git a/nodes/home/router.py b/nodes/home/router.py index 26e8f45..ff03ba1 100644 --- a/nodes/home/router.py +++ b/nodes/home/router.py @@ -137,16 +137,8 @@ nodes['home.router'] = { 'f2k1de': { 'delete': True, }, - 'fkunsmann': { - 'sudo_commands': { - 'ALL', - }, - }, - 'sophie': { - 'sudo_commands': { - 'ALL', - }, - }, + 'fkunsmann': {}, + 'sophie': {}, }, 'vnstat': { 'interface': 'enp1s0.7', diff --git a/nodes/htz-cloud/miniserver.py b/nodes/htz-cloud/miniserver.py index 0714b6c..320b35f 100644 --- a/nodes/htz-cloud/miniserver.py +++ b/nodes/htz-cloud/miniserver.py @@ -234,9 +234,6 @@ nodes['htz-cloud.miniserver'] = { 'ssh_pubkey': [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDILcYrMQNRVXAm5L+7No1ZumqfCyRc1QZmTY3O7Q8hsE4+fCAvwsWm2aSMfLL3NnIl8Nm1Rixzic5jdYKYNIY3SlX1wvTB+MhGb2eyVSd7c/Y98aCLSlDkQ2sebjpdA1FoJOeGD3qxqDwj0+KckXU2ZaSSQY7CxVsjH65UxCHqVAg+6uLdNbj7j850s1B9NXVXef+sBQ5jUngXxnqQWwNh2Mn8auwumkeEG4SYf96wyFkLvmBitOng/GyLWl9YPnXXHHDnatcVipy7y34qw4CQ4P84anecbA+Bqr9IcxBW6qYmYgRKEnAcmEfjQd+BI1gCLB1BBEmb/qp+mVLd4tOh sophie@carbon" ], - 'sudo_commands': { - 'ALL', - }, }, }, 'zfs': { diff --git a/nodes/htz-hel/backup-sophie.py b/nodes/htz-hel/backup-sophie.py index 77cabe3..c9de769 100644 --- a/nodes/htz-hel/backup-sophie.py +++ b/nodes/htz-hel/backup-sophie.py @@ -49,11 +49,7 @@ nodes['htz-hel.backup-sophie'] = { }, }, 'users': { - 'sophie': { - 'sudo_commands': { - 'ALL', - }, - }, + 'sophie': {}, }, 'zfs': { 'datasets': { diff --git a/nodes/voc/infobeamer-cms.py b/nodes/voc/infobeamer-cms.py index d379b90..5e2adeb 100644 --- a/nodes/voc/infobeamer-cms.py +++ b/nodes/voc/infobeamer-cms.py @@ -99,6 +99,7 @@ nodes['voc.infobeamer-cms'] = { }, 'sudo_commands': {'ALL'}, }, + 'sophie': {}, }, }, }