2015-05-13 00:08:15 -04:00
|
|
|
#
|
|
|
|
# Cookbook Name:: sudo_rules
|
|
|
|
# Recipe:: default
|
|
|
|
#
|
|
|
|
# Copyright 2015, Linux-Help.org
|
|
|
|
#
|
|
|
|
# All rights reserved - Do Not Redistribute
|
|
|
|
#
|
|
|
|
|
|
|
|
include_recipe "sudo"
|
|
|
|
|
|
|
|
node.override['authorization']['sudo']['include_sudoers_d'] = true
|
|
|
|
search_node = node['fqdn']
|
|
|
|
|
2015-05-18 10:36:51 -04:00
|
|
|
if node['sudo_rules'].key?('search_query') && node['sudo_rules']['search_query'] != ''
|
|
|
|
search_query = node['sudo_rules']['search_query']
|
|
|
|
else
|
|
|
|
search_query = "hosts:#{search_node}"
|
|
|
|
end
|
|
|
|
|
2015-05-13 00:08:15 -04:00
|
|
|
if Chef::Config[:solo] and nod chef_solo_search_installed?
|
|
|
|
Chef::Log.warn("This recipe uses search. Chef Solo does not support search unless you install the chef-solo-search cookbook.")
|
|
|
|
else
|
2015-05-18 10:36:51 -04:00
|
|
|
search(node['sudo_rules']['data_bag'], search_query).each do |rule|
|
2015-05-13 00:08:15 -04:00
|
|
|
# Name
|
|
|
|
if rule["name"].kind_of?(String)
|
|
|
|
rule_name = rule["name"]
|
|
|
|
else
|
|
|
|
rule_name = rule["id"]
|
|
|
|
end
|
|
|
|
|
|
|
|
# Action Create/Remove
|
|
|
|
if rule["action"].kind_of?(String)
|
|
|
|
if rule["action"] == "create" or rule["action"] == "remove"
|
|
|
|
rule_action = rule["action"]
|
|
|
|
else
|
|
|
|
rule_action = "create"
|
|
|
|
end
|
|
|
|
else
|
|
|
|
rule_action = "create"
|
|
|
|
end
|
|
|
|
|
|
|
|
# Username or Group
|
|
|
|
if rule['user'].kind_of?(String)
|
|
|
|
rule_user = rule['user']
|
|
|
|
else
|
|
|
|
Chef::Log.warn("data_bag #{rule['id']} has no user entry and is required. Skipped.")
|
|
|
|
next
|
|
|
|
end
|
|
|
|
|
|
|
|
# Pasword or NoPassword
|
|
|
|
if rule['nopasswd'].kind_of?(TrueClass)
|
|
|
|
rule_nopasswd = rule['nopasswd']
|
|
|
|
else
|
|
|
|
rule_nopasswd = false
|
|
|
|
end
|
|
|
|
|
|
|
|
# RunAS
|
|
|
|
if rule['runas'].kind_of?(String)
|
|
|
|
rule_runas = rule['runas']
|
|
|
|
else
|
|
|
|
rule_runas = 'ALL'
|
|
|
|
end
|
|
|
|
|
|
|
|
# Commands
|
|
|
|
if rule['commands'].kind_of?(Array)
|
|
|
|
rule_commands = rule['commands']
|
|
|
|
elsif rule['rules'].kind_of?(String)
|
|
|
|
rule_commands = [ rule['commands'] ]
|
|
|
|
else
|
|
|
|
Chef::Log.warn("data_bag #{rule['id']} has no commands is required. Skipped.")
|
|
|
|
next
|
|
|
|
end
|
|
|
|
|
|
|
|
# Defaults
|
|
|
|
if rule['defaults'].kind_of?(Array)
|
|
|
|
rule_defaults = rule['defaults']
|
|
|
|
elsif rule['defaults'].kind_of?(String)
|
|
|
|
rule_defaults = [ rule['defaults'] ]
|
|
|
|
else
|
|
|
|
rule_defaults = []
|
|
|
|
end
|
|
|
|
|
|
|
|
sudo rule["id"] do
|
|
|
|
name rule_name
|
|
|
|
user rule_user
|
|
|
|
runas rule_runas
|
|
|
|
nopasswd rule_nopasswd
|
|
|
|
commands rule_commands
|
|
|
|
defaults rule_defaults
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|