Update nodejs, sudo and users cookbooks

2018-04-17 13:18:09 +02:00
parent ff2f424ddb
commit 157ccdc8b7
37 changed files with 862 additions and 523 deletions
--- a/cookbooks/sudo/templates/default/sudoer.erb
+++ b/cookbooks/sudo/templates/default/sudoer.erb
@@ -4,19 +4,15 @@
 <% @command_aliases.each do |a| -%>
 Cmnd_Alias <%= a[:name].upcase %> = <%= a[:command_list].join(', ') %>
 <% end -%>
-
 <% @env_keep_add.each do |env_keep| -%>
 Defaults    env_keep += "<%= env_keep %>"
 <% end -%>
-
 <% @env_keep_subtract.each do |env_keep| -%>
 Defaults    env_keep -= "<%= env_keep %>"
 <% end -%>
-
 <% @commands.each do |command| -%>
-<% if @sudoer %><%= @sudoer %> <%= @host %>=(<%= @runas %>) <%= 'NOEXEC:' if @noexec %><%= 'NOPASSWD:' if @nopasswd %><%= 'SETENV:' if @setenv %><%= command %><% end -%>
+<% unless @sudoer.empty? %><%= @sudoer %> <%= @host %>=(<%= @runas %>) <%= 'NOEXEC:' if @noexec %><%= 'NOPASSWD:' if @nopasswd.to_s == 'true' %><%= 'SETENV:' if @setenv.to_s == 'true' %><%= command %><% end -%>
 <% end -%>
-
 <% unless @defaults.empty? %>
 Defaults:<%= @sudoer %> <%= @defaults.join(',') %>
 <% end -%>
--- a/cookbooks/sudo/templates/default/sudoers.erb
+++ b/cookbooks/sudo/templates/default/sudoers.erb
@@ -4,7 +4,7 @@
 <% @sudoers_defaults.each do |defaults| -%>
 Defaults      <%= defaults %>
 <% end -%>
-<% if @agent_forwarding -%>
+<% if @agent_forwarding.to_s == 'true' -%>
 Defaults      env_keep+=SSH_AUTH_SOCK
 <% end -%>
 <% @env_keep_add.each do |env_keep| -%>
@@ -19,12 +19,12 @@ root          ALL=(ALL) ALL

 <% @custom_commands_users.each do |commands| -%>
 # Privileges for specific command <%= commands[:command_list].join(', ') %> for user <%= commands[:user] %>
-<%= commands[:user] %> ALL = <%= "NOPASSWD:" if commands[:passwordless] %> <%= commands[:command_list].join(', ') %>
+<%= commands[:user] %> ALL = <%= "NOPASSWD:" if commands[:passwordless].to_s == 'true' %><%= "SETENV:" if @setenv %> <%= commands[:command_list].join(', ') %>
 <% end -%>

 <% @custom_commands_groups.each do |commands| -%>
 # Privileges for specific command <%= commands[:command_list].join(', ') %> for group <%= commands[:group] %>
-%<%= commands[:group] %> ALL = <%= "NOPASSWD:" if commands[:passwordless] %> <%= commands[:command_list].join(', ') %>
+%<%= commands[:group] %> ALL = <%= "NOPASSWD:" if commands[:passwordless].to_s == 'true' %><%= "SETENV:" if @setenv %> <%= commands[:command_list].join(', ') %>
 <% end -%>

 <% @command_aliases.each do |a| -%>
@@ -32,13 +32,13 @@ Cmnd_Alias <%= a[:name].upcase %> = <%= a[:command_list].join(', ') %>
 <% end -%>

 <% @sudoers_users.each do |user| -%>
-<%= user %> ALL=(ALL) <%= "NOPASSWD:" if @passwordless %><%= "SETENV:" if @setenv %>ALL
+<%= user %> ALL=(ALL) <%= "NOPASSWD:" if @passwordless.to_s == 'true' %><%= "SETENV:" if @setenv.to_s == 'true' %>ALL
 <% end -%>

 <% @sudoers_groups.each do |group| -%>
 # Members of the group '<%= group %>' may gain root privileges
-%<%= group %> ALL=(ALL) <%= "NOPASSWD:" if @passwordless %><%= "SETENV:" if @setenv %>ALL
+%<%= group %> ALL=(ALL) <%= "NOPASSWD:" if @passwordless.to_s == 'true' %><%= "SETENV:" if @setenv.to_s == 'true' %>ALL
 <% end -%>

 # This is not a comment; see sudoers(5) for more information on "#include" directives
-<%= "#includedir #{node['authorization']['sudo']['prefix']}/sudoers.d" if @include_sudoers_d  %>
+<%= "#includedir #{@config_prefix}/sudoers.d" if @include_sudoers_d.to_s == 'true'  %>