99 lines
2.7 KiB
Ruby
99 lines
2.7 KiB
Ruby
#
|
|
# Cookbook Name:: sudo_rules
|
|
# Recipe:: default
|
|
#
|
|
# Copyright 2015, Linux-Help.org
|
|
#
|
|
# All rights reserved - Do Not Redistribute
|
|
#
|
|
|
|
include_recipe "sudo"
|
|
|
|
node.override['authorization']['sudo']['include_sudoers_d'] = true
|
|
search_node = node['fqdn']
|
|
|
|
if Chef::Config[:solo] and nod chef_solo_search_installed?
|
|
Chef::Log.warn("This recipe uses search. Chef Solo does not support search unless you install the chef-solo-search cookbook.")
|
|
else
|
|
search(node['sudo_rules']['data_bag'], "hosts:#{search_node}").each do |rule|
|
|
# Name
|
|
if rule["name"].kind_of?(String)
|
|
rule_name = rule["name"]
|
|
else
|
|
rule_name = rule["id"]
|
|
end
|
|
|
|
# Action Create/Remove
|
|
if rule["action"].kind_of?(String)
|
|
if rule["action"] == "create" or rule["action"] == "remove"
|
|
rule_action = rule["action"]
|
|
else
|
|
rule_action = "create"
|
|
end
|
|
else
|
|
rule_action = "create"
|
|
end
|
|
|
|
# Username or Group
|
|
if rule['user'].kind_of?(String)
|
|
rule_user = rule['user']
|
|
else
|
|
Chef::Log.warn("data_bag #{rule['id']} has no user entry and is required. Skipped.")
|
|
next
|
|
end
|
|
|
|
# Pasword or NoPassword
|
|
if rule['nopasswd'].kind_of?(TrueClass)
|
|
rule_nopasswd = rule['nopasswd']
|
|
else
|
|
rule_nopasswd = false
|
|
end
|
|
|
|
# RunAS
|
|
if rule['runas'].kind_of?(String)
|
|
rule_runas = rule['runas']
|
|
else
|
|
rule_runas = 'ALL'
|
|
end
|
|
|
|
# Commands
|
|
if rule['commands'].kind_of?(Array)
|
|
rule_commands = rule['commands']
|
|
elsif rule['rules'].kind_of?(String)
|
|
rule_commands = [ rule['commands'] ]
|
|
else
|
|
Chef::Log.warn("data_bag #{rule['id']} has no commands is required. Skipped.")
|
|
next
|
|
end
|
|
|
|
# Defaults
|
|
if rule['defaults'].kind_of?(Array)
|
|
rule_defaults = rule['defaults']
|
|
elsif rule['defaults'].kind_of?(String)
|
|
rule_defaults = [ rule['defaults'] ]
|
|
else
|
|
rule_defaults = []
|
|
end
|
|
|
|
sudo rule["id"] do
|
|
name rule_name
|
|
user rule_user
|
|
runas rule_runas
|
|
nopasswd rule_nopasswd
|
|
commands rule_commands
|
|
defaults rule_defaults
|
|
end
|
|
|
|
#puts "ID: #{rule["id"]}"
|
|
#puts "Name: #{rule_name}"
|
|
#puts "Action: #{rule_action}"
|
|
#puts "User: #{rule_user}"
|
|
#puts "Runas: #{rule_runas}"
|
|
#puts "Nopasswd #{rule_nopasswd}"
|
|
#puts "Commands: #{rule_commands}"
|
|
#puts "Defaults: #{rule_defaults}"
|
|
#puts "--"
|
|
end
|
|
end
|
|
|