Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Defaults options #37

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Defaults options #37

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e5f2dc4
Added Alias configuration
tobiicerb Jan 4, 2022
692afb7
Added additional Default configuration options
tobiicerb Jan 5, 2022
7177b55
Fixed check if aliases definitions are dictionaries.
tobiicerb Jan 10, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,17 @@ Here is a list of all the default variables for this role, which are also availa

```yaml
---
# sudo_sudoers_user_aliases:
# WEBADMINS:
# - webadmin1
# - webadmin2
# sudo_sudoers_cmnd_aliases:
# WEBCOMMANDS:
# - /bin/systemctl status nginx
# - /bin/systemctl start nginx
# - /bin/systemctl stop nginx
# - /bin/systemctl restart nginx
# PACKAGECOMMANDS: '/bin/apt, /bin/yum'
# sudo_defaults:
# - defaults: env_reset
# - name: user1
Expand Down Expand Up @@ -89,13 +100,33 @@ This is an example playbook:
roles:
- weareinteractive.sudo
vars:
sudo_sudoers_user_aliases:
WEBADMINS:
- webadmin1
- webadmin2
sudo_sudoers_runas_aliases:
WEBUSERS: 'www-data, www'
sudo_sudoers_cmnd_aliases:
WEBCOMMANDS:
- /bin/systemctl status nginx
- /bin/systemctl start nginx
- /bin/systemctl stop nginx
- /bin/systemctl restart nginx
PACKAGECOMMANDS: '/bin/apt, /bin/yum'
sudo_defaults:
- defaults: env_reset
- defaults: secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
- name: 'user1'
defaults: 'requiretty'
#type: user
- name: '%group1'
defaults: '!requiretty'
- name: PAGER
defaults: noexec
type: cmnd
- name: root
defaults: '!set_logname'
type: runas
sudo_users:
- name: 'user1'
- name: 'user2'
Expand All @@ -112,6 +143,10 @@ This is an example playbook:
- name: '%group4'
users: 'user1,user2'
groups: 'group1,group2'
- name: WEBADMINS
commands: WEBCOMMANDS
users: WEBUSERS
groups: WEBUSERS
purge_other_sudoers_files: yes

```
Expand Down
23 changes: 23 additions & 0 deletions defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,17 @@
---
# sudo_sudoers_user_aliases:
# WEBADMINS:
# - webadmin1
# - webadmin2
# sudo_sudoers_cmnd_aliases:
# WEBCOMMANDS:
# - /bin/systemctl status nginx
# - /bin/systemctl start nginx
# - /bin/systemctl stop nginx
# - /bin/systemctl restart nginx
# PACKAGECOMMANDS: '/bin/apt, /bin/yum'
# sudo_sudoers_runas_aliases:
# WEBUSERS: 'www-data, www'
# sudo_defaults:
# - defaults: env_reset
# - name: user1
Expand All @@ -15,13 +28,23 @@
# - /bin/df
# - name: '%group4'
# hosts: 127.0.0.1
# - name: WEBADMINS
# commands: WEBCOMMANDS
# users: WEBUSERS
# groups: WEBUSERS

# package name (version)
sudo_package: sudo
# list of username or %groupname
sudo_users: []
# list of username or %groupname and their defaults
sudo_defaults: []
# dictionary of user alias definition
sudo_sudoers_user_aliases: []
# dictionary of cmnd alias definition
sudo_sudoers_cmnd_aliases: []
# dictionary of runas alias definition
sudo_sudoers_runas_aliases: []
# default sudoers file
sudo_sudoers_file: ansible
# path of the sudoers.d directory
Expand Down
30 changes: 29 additions & 1 deletion templates/etc/sudoers.d/ansible.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,35 @@
{{ ansible_managed | comment }}

{{ sudo_aliases_comment | comment }}
{% if sudo_sudoers_users_aliases is mapping %}
{% for key, value in sudo_sudoers_user_aliases.items() %}
User_Alias {{ key }} = {{ value if value is string else value | join(', ') }}
{% endfor %}
{% endif %}
{% if sudo_sudoers_runas_aliases is mapping %}
{% for key, value in sudo_sudoers_runas_aliases.items() %}
Runas_Alias {{ key }} = {{ value if value is string else value | join(', ') }}
{% endfor %}
{% endif %}
{% if sudo_sudoers_cmnd_aliases is mapping %}
{% for key, value in sudo_sudoers_cmnd_aliases.items() %}
Cmnd_Alias {{ key }} = {{ value if value is string else value | join(', ') }}
{% endfor %}
{% endif %}

{% for item in sudo_defaults %}
Defaults{{ ":" ~ item.name if item.name is defined else "" }} {{ item.defaults }}
{% if item.name is defined %}
{% set defaulttype = item.type|default('user') %}
{% if defaulttype == 'user' %}
Defaults:{{ item.name }} {{ item.defaults }}
{% elif defaulttype == 'cmnd' %}
Defaults!{{ item.name }} {{ item.defaults }}
{% elif defaulttype == 'runas' %}
Defaults>{{ item.name }} {{ item.defaults }}
{% endif %}
{% else %}
Defaults {{ item.defaults }}
{% endif %}
{% endfor %}

{% for item in sudo_users %}
Expand Down
21 changes: 21 additions & 0 deletions tests/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,30 @@
roles:
- weareinteractive.sudo
vars:
sudo_sudoers_user_aliases:
WEBADMINS:
- webadmin1
- webadmin2
sudo_sudoers_cmnd_aliases:
WEBCOMMANDS:
- /bin/systemctl status nginx
- /bin/systemctl start nginx
- /bin/systemctl stop nginx
- /bin/systemctl restart nginx
PACKAGECOMMANDS: '/bin/apt, /bin/yum'
sudo_defaults:
- defaults: env_reset
- defaults: secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
- name: 'user1'
defaults: 'requiretty'
- name: '%group1'
defaults: '!requiretty'
- name: PAGER
defaults: noexec
type: cmnd
- name: root
defaults: '!set_logname'
type: runas
sudo_users:
- name: 'user1'
- name: 'user2'
Expand All @@ -28,4 +45,8 @@
- name: '%group4'
users: 'user1,user2'
groups: 'group1,group2'
- name: WEBADMINS
commands: WEBCOMMANDS
users: WEBUSERS
groups: WEBUSERS
purge_other_sudoers_files: yes
1 change: 1 addition & 0 deletions vars/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@
sudo_pkg_mgr_opts: update_cache=yes
sudo_sudoers_group: root
sudo_visudo: '/usr/sbin/visudo'
sudo_aliases_comment: 'Aliases definitions'