remove users/$user/is_admin metadata, directly write sudo_commands instead
This commit is contained in:
parent
02e25f89ff
commit
7d4624ce62
7 changed files with 8 additions and 26 deletions
|
@ -1,9 +1,5 @@
|
||||||
% for user, config in sorted(node.metadata['users'].items()):
|
% for user, config in sorted(node.metadata['users'].items()):
|
||||||
% if config.get('is_admin', False):
|
|
||||||
${user} ALL=(ALL) NOPASSWD:ALL
|
|
||||||
% else:
|
|
||||||
% for p in sorted(config.get('sudo_commands', [])):
|
% for p in sorted(config.get('sudo_commands', [])):
|
||||||
${user} ALL=(ALL) NOPASSWD:${p}
|
${user} ALL=(ALL) NOPASSWD:${p}
|
||||||
% endfor
|
% endfor
|
||||||
% endif
|
|
||||||
% endfor
|
% endfor
|
||||||
|
|
|
@ -36,7 +36,7 @@ def add_users_from_json(metadata):
|
||||||
if config.get('is_admin', False) or uname in metadata_users:
|
if config.get('is_admin', False) or uname in metadata_users:
|
||||||
users[uname] = {
|
users[uname] = {
|
||||||
'ssh_pubkey': set(config['ssh_pubkey']),
|
'ssh_pubkey': set(config['ssh_pubkey']),
|
||||||
'is_admin': config.get('is_admin', False),
|
'sudo_commands': ['ALL'],
|
||||||
}
|
}
|
||||||
|
|
||||||
# Then, run again to get all 'to be deleted' users
|
# Then, run again to get all 'to be deleted' users
|
||||||
|
|
|
@ -52,7 +52,7 @@ if node.has_bundle('arch-with-gui'):
|
||||||
def libvirt_group_for_admins(metadata):
|
def libvirt_group_for_admins(metadata):
|
||||||
result = {}
|
result = {}
|
||||||
for user, config in metadata.get('users', {}).items():
|
for user, config in metadata.get('users', {}).items():
|
||||||
if config.get('is_admin', False):
|
if 'ALL' in config.get('sudo_commands', set()):
|
||||||
result[user] = {
|
result[user] = {
|
||||||
'groups': {
|
'groups': {
|
||||||
'libvirt',
|
'libvirt',
|
||||||
|
|
|
@ -137,16 +137,8 @@ nodes['home.router'] = {
|
||||||
'f2k1de': {
|
'f2k1de': {
|
||||||
'delete': True,
|
'delete': True,
|
||||||
},
|
},
|
||||||
'fkunsmann': {
|
'fkunsmann': {},
|
||||||
'sudo_commands': {
|
'sophie': {},
|
||||||
'ALL',
|
|
||||||
},
|
|
||||||
},
|
|
||||||
'sophie': {
|
|
||||||
'sudo_commands': {
|
|
||||||
'ALL',
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
'vnstat': {
|
'vnstat': {
|
||||||
'interface': 'enp1s0.7',
|
'interface': 'enp1s0.7',
|
||||||
|
|
|
@ -234,9 +234,6 @@ nodes['htz-cloud.miniserver'] = {
|
||||||
'ssh_pubkey': [
|
'ssh_pubkey': [
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDILcYrMQNRVXAm5L+7No1ZumqfCyRc1QZmTY3O7Q8hsE4+fCAvwsWm2aSMfLL3NnIl8Nm1Rixzic5jdYKYNIY3SlX1wvTB+MhGb2eyVSd7c/Y98aCLSlDkQ2sebjpdA1FoJOeGD3qxqDwj0+KckXU2ZaSSQY7CxVsjH65UxCHqVAg+6uLdNbj7j850s1B9NXVXef+sBQ5jUngXxnqQWwNh2Mn8auwumkeEG4SYf96wyFkLvmBitOng/GyLWl9YPnXXHHDnatcVipy7y34qw4CQ4P84anecbA+Bqr9IcxBW6qYmYgRKEnAcmEfjQd+BI1gCLB1BBEmb/qp+mVLd4tOh sophie@carbon"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDILcYrMQNRVXAm5L+7No1ZumqfCyRc1QZmTY3O7Q8hsE4+fCAvwsWm2aSMfLL3NnIl8Nm1Rixzic5jdYKYNIY3SlX1wvTB+MhGb2eyVSd7c/Y98aCLSlDkQ2sebjpdA1FoJOeGD3qxqDwj0+KckXU2ZaSSQY7CxVsjH65UxCHqVAg+6uLdNbj7j850s1B9NXVXef+sBQ5jUngXxnqQWwNh2Mn8auwumkeEG4SYf96wyFkLvmBitOng/GyLWl9YPnXXHHDnatcVipy7y34qw4CQ4P84anecbA+Bqr9IcxBW6qYmYgRKEnAcmEfjQd+BI1gCLB1BBEmb/qp+mVLd4tOh sophie@carbon"
|
||||||
],
|
],
|
||||||
'sudo_commands': {
|
|
||||||
'ALL',
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'zfs': {
|
'zfs': {
|
||||||
|
|
|
@ -49,11 +49,7 @@ nodes['htz-hel.backup-sophie'] = {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
'users': {
|
'users': {
|
||||||
'sophie': {
|
'sophie': {},
|
||||||
'sudo_commands': {
|
|
||||||
'ALL',
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
'zfs': {
|
'zfs': {
|
||||||
'datasets': {
|
'datasets': {
|
||||||
|
|
|
@ -99,6 +99,7 @@ nodes['voc.infobeamer-cms'] = {
|
||||||
},
|
},
|
||||||
'sudo_commands': {'ALL'},
|
'sudo_commands': {'ALL'},
|
||||||
},
|
},
|
||||||
|
'sophie': {},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue