99 lines
2.7 KiB
Ruby
99 lines
2.7 KiB
Ruby
|
#
|
||
|
# Cookbook Name:: sudo_rules
|
||
|
# Recipe:: default
|
||
|
#
|
||
|
# Copyright 2015, Linux-Help.org
|
||
|
#
|
||
|
# All rights reserved - Do Not Redistribute
|
||
|
#
|
||
|
|
||
|
include_recipe "sudo"
|
||
|
|
||
|
node.override['authorization']['sudo']['include_sudoers_d'] = true
|
||
|
search_node = node['fqdn']
|
||
|
|
||
|
if Chef::Config[:solo] and nod chef_solo_search_installed?
|
||
|
Chef::Log.warn("This recipe uses search. Chef Solo does not support search unless you install the chef-solo-search cookbook.")
|
||
|
else
|
||
|
search(node['sudo_rules']['data_bag'], "hosts:#{search_node}").each do |rule|
|
||
|
# Name
|
||
|
if rule["name"].kind_of?(String)
|
||
|
rule_name = rule["name"]
|
||
|
else
|
||
|
rule_name = rule["id"]
|
||
|
end
|
||
|
|
||
|
# Action Create/Remove
|
||
|
if rule["action"].kind_of?(String)
|
||
|
if rule["action"] == "create" or rule["action"] == "remove"
|
||
|
rule_action = rule["action"]
|
||
|
else
|
||
|
rule_action = "create"
|
||
|
end
|
||
|
else
|
||
|
rule_action = "create"
|
||
|
end
|
||
|
|
||
|
# Username or Group
|
||
|
if rule['user'].kind_of?(String)
|
||
|
rule_user = rule['user']
|
||
|
else
|
||
|
Chef::Log.warn("data_bag #{rule['id']} has no user entry and is required. Skipped.")
|
||
|
next
|
||
|
end
|
||
|
|
||
|
# Pasword or NoPassword
|
||
|
if rule['nopasswd'].kind_of?(TrueClass)
|
||
|
rule_nopasswd = rule['nopasswd']
|
||
|
else
|
||
|
rule_nopasswd = false
|
||
|
end
|
||
|
|
||
|
# RunAS
|
||
|
if rule['runas'].kind_of?(String)
|
||
|
rule_runas = rule['runas']
|
||
|
else
|
||
|
rule_runas = 'ALL'
|
||
|
end
|
||
|
|
||
|
# Commands
|
||
|
if rule['commands'].kind_of?(Array)
|
||
|
rule_commands = rule['commands']
|
||
|
elsif rule['rules'].kind_of?(String)
|
||
|
rule_commands = [ rule['commands'] ]
|
||
|
else
|
||
|
Chef::Log.warn("data_bag #{rule['id']} has no commands is required. Skipped.")
|
||
|
next
|
||
|
end
|
||
|
|
||
|
# Defaults
|
||
|
if rule['defaults'].kind_of?(Array)
|
||
|
rule_defaults = rule['defaults']
|
||
|
elsif rule['defaults'].kind_of?(String)
|
||
|
rule_defaults = [ rule['defaults'] ]
|
||
|
else
|
||
|
rule_defaults = []
|
||
|
end
|
||
|
|
||
|
sudo rule["id"] do
|
||
|
name rule_name
|
||
|
user rule_user
|
||
|
runas rule_runas
|
||
|
nopasswd rule_nopasswd
|
||
|
commands rule_commands
|
||
|
defaults rule_defaults
|
||
|
end
|
||
|
|
||
|
#puts "ID: #{rule["id"]}"
|
||
|
#puts "Name: #{rule_name}"
|
||
|
#puts "Action: #{rule_action}"
|
||
|
#puts "User: #{rule_user}"
|
||
|
#puts "Runas: #{rule_runas}"
|
||
|
#puts "Nopasswd #{rule_nopasswd}"
|
||
|
#puts "Commands: #{rule_commands}"
|
||
|
#puts "Defaults: #{rule_defaults}"
|
||
|
#puts "--"
|
||
|
end
|
||
|
end
|
||
|
|