1
0
Fork 0

Make management of the main sudoers config optional

It should be possible to not overwrite the main sudoers configuration
file and only provide files to be included. This introduces a new Pillar
variable to achieve that. If it's not set we default to the old
behaviour of managing that file.
This commit is contained in:
Sebastian Meyer 2018-08-22 12:14:02 +02:00
parent 76a3db1b3b
commit 73d2d70dbb
No known key found for this signature in database
GPG Key ID: CC41E41BC2D45D73
3 changed files with 15 additions and 0 deletions

View File

@ -1,4 +1,6 @@
sudoers: sudoers:
# By default the main sudoers file is managed by this formula (False to skip)
manage_main_config: True
users: users:
johndoe: johndoe:
- 'ALL=(ALL) ALL' - 'ALL=(ALL) ALL'

View File

@ -23,6 +23,8 @@ sudoers include {{ included_file }}:
- context: - context:
included: True included: True
sudoers: {{ spec|json }} sudoers: {{ spec|json }}
{% if salt['pillar.get']('sudoers:manage_main_config', True) %}
- require: - require:
- file: {{ sudoers.get('configpath', '/etc') }}/sudoers - file: {{ sudoers.get('configpath', '/etc') }}/sudoers
{% endif %}
{% endfor %} {% endfor %}

View File

@ -4,6 +4,8 @@ sudo:
pkg.installed: pkg.installed:
- name: {{ sudoers.pkg }} - name: {{ sudoers.pkg }}
{% if salt['pillar.get']('sudoers:manage_main_config', True) %}
{{ sudoers.get('configpath', '/etc') }}/sudoers: {{ sudoers.get('configpath', '/etc') }}/sudoers:
file.managed: file.managed:
- user: root - user: root
@ -16,3 +18,12 @@ sudo:
included: False included: False
- require: - require:
- pkg: sudo - pkg: sudo
{% else %}
{{ sudoers.get('configpath', '/etc') }}/sudoers:
test.show_notification:
- name: Skipping management of main sudoers file
- text: Pillar manage_main_config is False
{% endif %}