Make management of the main sudoers config optional
It should be possible to not overwrite the main sudoers configuration file and only provide files to be included. This introduces a new Pillar variable to achieve that. If it's not set we default to the old behaviour of managing that file.
This commit is contained in:
parent
76a3db1b3b
commit
73d2d70dbb
3 changed files with 15 additions and 0 deletions
|
@ -1,4 +1,6 @@
|
||||||
sudoers:
|
sudoers:
|
||||||
|
# By default the main sudoers file is managed by this formula (False to skip)
|
||||||
|
manage_main_config: True
|
||||||
users:
|
users:
|
||||||
johndoe:
|
johndoe:
|
||||||
- 'ALL=(ALL) ALL'
|
- 'ALL=(ALL) ALL'
|
||||||
|
|
|
@ -23,6 +23,8 @@ sudoers include {{ included_file }}:
|
||||||
- context:
|
- context:
|
||||||
included: True
|
included: True
|
||||||
sudoers: {{ spec|json }}
|
sudoers: {{ spec|json }}
|
||||||
|
{% if salt['pillar.get']('sudoers:manage_main_config', True) %}
|
||||||
- require:
|
- require:
|
||||||
- file: {{ sudoers.get('configpath', '/etc') }}/sudoers
|
- file: {{ sudoers.get('configpath', '/etc') }}/sudoers
|
||||||
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
|
@ -4,6 +4,8 @@ sudo:
|
||||||
pkg.installed:
|
pkg.installed:
|
||||||
- name: {{ sudoers.pkg }}
|
- name: {{ sudoers.pkg }}
|
||||||
|
|
||||||
|
{% if salt['pillar.get']('sudoers:manage_main_config', True) %}
|
||||||
|
|
||||||
{{ sudoers.get('configpath', '/etc') }}/sudoers:
|
{{ sudoers.get('configpath', '/etc') }}/sudoers:
|
||||||
file.managed:
|
file.managed:
|
||||||
- user: root
|
- user: root
|
||||||
|
@ -16,3 +18,12 @@ sudo:
|
||||||
included: False
|
included: False
|
||||||
- require:
|
- require:
|
||||||
- pkg: sudo
|
- pkg: sudo
|
||||||
|
|
||||||
|
{% else %}
|
||||||
|
|
||||||
|
{{ sudoers.get('configpath', '/etc') }}/sudoers:
|
||||||
|
test.show_notification:
|
||||||
|
- name: Skipping management of main sudoers file
|
||||||
|
- text: Pillar manage_main_config is False
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
|
|
Loading…
Reference in a new issue