remove users/$user/is_admin metadata, directly write sudo_commands instead

2024-02-25 15:29:10 +01:00 · 2024-02-25 15:29:10 +01:00 · 7d4624ce62
commit 7d4624ce62
parent 02e25f89ff
7 changed files with 8 additions and 26 deletions
--- a/bundles/sudo/files/bwusers
+++ b/bundles/sudo/files/bwusers
@ -1,9 +1,5 @@
 % for user, config in sorted(node.metadata['users'].items()):
-%   if config.get('is_admin', False):
-${user} ALL=(ALL) NOPASSWD:ALL
-%   else:
-%     for p in sorted(config.get('sudo_commands', [])):
+%  for p in sorted(config.get('sudo_commands', [])):
 ${user} ALL=(ALL) NOPASSWD:${p}
-%     endfor
-%   endif
+%  endfor
 % endfor
--- a/bundles/users/metadata.py
+++ b/bundles/users/metadata.py
@ -36,7 +36,7 @@ def add_users_from_json(metadata):
        if config.get('is_admin', False) or uname in metadata_users:
            users[uname] = {
                'ssh_pubkey': set(config['ssh_pubkey']),
-                'is_admin': config.get('is_admin', False),
+                'sudo_commands': ['ALL'],
            }

    # Then, run again to get all 'to be deleted' users
--- a/bundles/vmhost/metadata.py
+++ b/bundles/vmhost/metadata.py
@ -52,7 +52,7 @@ if node.has_bundle('arch-with-gui'):
 def libvirt_group_for_admins(metadata):
    result = {}
    for user, config in metadata.get('users', {}).items():
-        if config.get('is_admin', False):
+        if 'ALL' in config.get('sudo_commands', set()):
            result[user] = {
                'groups': {
                    'libvirt',