1
0
Fork 0
mirror of synced 2025-01-05 12:42:55 -05:00

Merge pull request from PLOS-Formulas/ITP-1245-auto-sudoers-groups

Itp 1245 auto sudoers groups
This commit is contained in:
mel 2017-02-16 11:32:54 -08:00 committed by GitHub
commit 0de2ca42db
3 changed files with 24 additions and 0 deletions

View file

@ -1,3 +1,4 @@
{% from "sudoers/map.jinja" import ad_group_maps with context %}
{%- if (not included) %} {%- if (not included) %}
{%- set sudoers = pillar.get('sudoers', {}) %} {%- set sudoers = pillar.get('sudoers', {}) %}
{%- if grains['os_family'] == 'Debian' %} {%- if grains['os_family'] == 'Debian' %}
@ -94,6 +95,13 @@ Runas_Alias {{ name }} = {{ ",".join(runas) }}
%{{ group }} {{ spec }} %{{ group }} {{ spec }}
{%- endfor %} {%- endfor %}
{%- endfor %} {%- endfor %}
{%- for unix_group in ad_groups %}
{%- if unix_group in ad_group_maps.keys() %}
%{{ unix_group }} {{ ad_group_maps[unix_group] }}
{%- else %}
%{{ unix_group }} {{ ad_group_maps['default'] }}
{%- endif %}
{%- endfor %}
{% if includedir %} {% if includedir %}
## Read drop-in files from /etc/sudoers.d ## Read drop-in files from /etc/sudoers.d

View file

@ -1,5 +1,8 @@
{% from "sudoers/map.jinja" import sudoers with context %} {% from "sudoers/map.jinja" import sudoers with context %}
# our list of plos core active directory groups
{%- set ad_groups = salt['pillar.get']('group_map:core').keys() %}
sudo: sudo:
pkg.installed: pkg.installed:
- name: {{ sudoers.pkg }} - name: {{ sudoers.pkg }}
@ -13,5 +16,6 @@ sudo:
- source: salt://sudoers/files/sudoers - source: salt://sudoers/files/sudoers
- context: - context:
included: False included: False
ad_groups: {{ ad_groups }}
- require: - require:
- pkg: sudo - pkg: sudo

View file

@ -13,3 +13,15 @@
'config-path': '/usr/local/etc', 'config-path': '/usr/local/etc',
'group': 'wheel'}, 'group': 'wheel'},
}, merge=salt['pillar.get']('sudoers:lookup', None)) %} }, merge=salt['pillar.get']('sudoers:lookup', None)) %}
# our plos active directory core groups sudoers permissions, filtered by environment
{% set ad_group_maps = salt['grains.filter_by']({
'default': { 'default': 'ALL = (root) NOPASSWD: SUPPORT' },
'vagrant': { 'default': 'ALL = (ALL:ALL) NOPASSWD: ALL' },
'dev': { 'default': 'ALL = (ALL:ALL) NOPASSWD: ALL' },
'qa': { 'default': 'ALL = (root) NOPASSWD: SUPPORT',
'plosqa': 'ALL = (root) NOPASSWD: ALL' },
},
grain='environment',
merge=salt['pillar.get']('group_maps:lookup', None))
%}