Merge pull request #9 from groggemans/master

Added support for more complex sudoers files fixes #8
GROG · Aug 5, 2016 · b84219b · b84219b
2 parents 8e50196 + ba5f65e
commit b84219b
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -59,7 +59,18 @@ Each item in the list can have following attributes:
 | `hosts` | Hosts | yes | / |
 | `as` | Operators | yes | / |
 | `commands` | Commands | yes | / |
-| `nopasswd` | No password sudo? | no | `no` |
+| `nopasswd` | NOPASSWD flag | no | `no` |
+| `passwd` | PASSWD flag | no | `no` |
+| `noexec` | NOEXEC flag | no | `no` |
+| `exec` | EXEC flag | no | `no` |
+| `nosetenv` | NOSETENV flag | no | `no` |
+| `setenv` | SETENV flag | no | `no` |
+| `nologinput` | NOLOG_INPUT flag | no | `no` |
+| `loginput` | LOG_INPUT flag | no | `no` |
+| `nologoutput` | NOLOG_OUTPUT flag | no | `no` |
+| `logoutput` | LOG_OUTPUT flag | no | `no` |
+
+You can provide these attrubutes in a list if a user needs multiple entries.
 
 ###### Example `sudo_list`
 
@@ -68,7 +79,7 @@ sudo_list:
   - name: root
     sudo:
       hosts: ALL
-      as: ALL
+      as: ALL:ALL
       commands: ALL
   - name: user1
   - name: user2
@@ -77,6 +88,16 @@ sudo_list:
       as: ALL
       commands: ALL
       nopasswd: yes
+  - name: user3
+    sudo:
+      - hosts: ALL
+        as: root
+        commands: /usr/sbin/poweroff
+        nopasswd: yes
+      - hosts: ALL
+        as: ALL
+        commands: /usr/sbin/less
+        noexec: yes
 ```
 
 #### `sudo_***_aliases` details

diff --git a/templates/etc-sudoers.d-user_template.j2 b/templates/etc-sudoers.d-user_template.j2
@@ -1,6 +1,10 @@
 # {{ ansible_managed }}
 
 # User privilege specification
-{% if item.sudo is defined %}
-{{ item.name }} {{ item.sudo.hosts }}=({{ item.sudo.as }}){{ " NOPASSWD:" if ( item.sudo.nopasswd | default(false) ) else "" }} {{ item.sudo.commands }}
+{% if item.sudo.hosts is defined %}
+{{ item.name }} {{ item.sudo.hosts }}=({{ item.sudo.as }}){{ " NOPASSWD:" if ( item.sudo.nopasswd | default(false) ) else "" }}{{ "PASSWD:" if ( item.sudo.passwd | default(false) ) else "" }}{{ "NOEXEC:" if ( item.sudo.noexec | default(false) ) else "" }}{{ "EXEC:" if ( item.sudo.exec | default(false) ) else "" }}{{ "NOSETENV:" if ( item.sudo.nosetenv | default(false) ) else "" }}{{ "SETENV:" if ( item.sudo.setenv | default(false) ) else "" }}{{ "NOLOG_INPUT:" if ( item.sudo.nologinput | default(false) ) else "" }}{{ "LOG_INPUT:" if ( item.sudo.loginput | default(false) ) else "" }}{{ "NOLOG_OUTPUT:" if ( item.sudo.nologoutput | default(false) ) else "" }}{{ "LOG_OUTPUT:" if ( item.sudo.logoutput | default(false) ) else "" }} {{ item.sudo.commands }}
+{% else %}
+{% for entry in item.sudo %}
+{{ item.name }} {{ entry.hosts }}=({{ entry.as }}){{ " NOPASSWD:" if ( entry.nopasswd | default(false) ) else "" }}{{ "PASSWD:" if ( entry.passwd | default(false) ) else "" }}{{ "NOEXEC:" if ( entry.noexec | default(false) ) else "" }}{{ "EXEC:" if ( entry.exec | default(false) ) else "" }}{{ "NOSETENV:" if ( entry.nosetenv | default(false) ) else "" }}{{ "SETENV:" if ( entry.setenv | default(false) ) else "" }}{{ "NOLOG_INPUT:" if ( entry.nologinput | default(false) ) else "" }}{{ "LOG_INPUT:" if ( entry.loginput | default(false) ) else "" }}{{ "NOLOG_OUTPUT:" if ( entry.nologoutput | default(false) ) else "" }}{{ "LOG_OUTPUT:" if ( entry.logoutput | default(false) ) else "" }} {{ entry.commands }}
+{% endfor %}
 {% endif %}