Chef Cookbook: Sudo Rules
Find a file
2015-05-13 12:31:49 -04:00
attributes Initial release 0.1.0 2015-05-13 00:08:15 -04:00
recipes Initial release 0.1.0 2015-05-13 00:08:15 -04:00
.gitignore Added gitignore and Gemfile 2015-05-13 11:51:45 -04:00
Berksfile Initial release 0.1.0 2015-05-13 00:08:15 -04:00
CHANGELOG.md Fixed typos and version bump 2015-05-13 12:14:32 -04:00
Gemfile Added gitignore and Gemfile 2015-05-13 11:51:45 -04:00
metadata.rb Fixed typos and version bump 2015-05-13 12:14:32 -04:00
README.md Added table for JSON data bag attributes 2015-05-13 12:31:49 -04:00

sudo_rules Cookbook

Reads through a special data bag of sudo rules to compile a list of sudoers.d rules to create/remove.

Requirements

packages

  • sudo

Attributes

sudo_rules::default

Key Type Description Default
['sudo_rules'] String Name of data bag to use for entries. sudo_rules

Usage

sudo_rules::default

Include sudo_rules in your node's run_list:

{
  "name":"my_node",
  "run_list": [
    "recipe[sudo_rules]"
  ]
}

And provide properly formatted data bag:

{
    "id": "Data Bag unique name, default value for name below",
    "name": "Name of the sudoers.d file",
    "hosts": [
        "fqdn1",
        "fqdn2",
        ...
    ],
    "action": "create",
    "user": "someuser",
    "runas": "ALL",
    "commands": [
        "/usr/sbin/somecommand args",
        "/usr/sbin/anothercommand",
        ...
    ],
    "defaults": [
        "env_reset"
    ]
}
Key Type Description Default Required?
Id String Name of Data Bag item, and sudoers.d/Id filename. None Yes
Name String Instead of using Id, you can choose the name of the file for sudoers.d/Name instead. Same as Id No
Hosts Array List of hosts to apply this rule to by fqdn, can be wildcard matched. None Yes
Action String create or remove Sets whether to create or remove the entry. create No
User String Username or %Groupname to use for the sudo rule. None Yes
Runas String Allowed colon-separated list of users for sudoers runas. ALL No
Commands Array List of commands (and arguments) this rule adds for the user/group. [] Yes
Defaults Array List of defaults this user has. [] No

Contributing

  1. Fork the repository on Github
  2. Create a named feature branch (like add_component_x)
  3. Write your change
  4. Write tests for your change (if applicable)
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request using Github

License and Authors

Authors: Eric Renfro erenfro@linux-help.org