Validate user sudo rules before applying them
This commit is contained in:
parent
3746de7896
commit
192edba9c5
@ -129,6 +129,17 @@ sudoer-{{ name }}:
|
|||||||
- group: root
|
- group: root
|
||||||
- mode: '0440'
|
- mode: '0440'
|
||||||
{% if 'sudo_rules' in user %}
|
{% if 'sudo_rules' in user %}
|
||||||
|
{% for rule in user['sudo_rules'] %}
|
||||||
|
"validate {{ name }} sudo rule {{ loop.index0 }} {{ name }} {{ rule }}":
|
||||||
|
cmd.run:
|
||||||
|
- name: 'visudo -cf - <<<"$rule"'
|
||||||
|
- env:
|
||||||
|
# Specify the rule via an env var to avoid shell quoting issues.
|
||||||
|
- rule: "{{ name }} {{ rule }}"
|
||||||
|
- require_in:
|
||||||
|
- file: /etc/sudoers.d/{{ name }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
/etc/sudoers.d/{{ name }}:
|
/etc/sudoers.d/{{ name }}:
|
||||||
file.append:
|
file.append:
|
||||||
- text:
|
- text:
|
||||||
|
Loading…
Reference in New Issue
Block a user