aboutsummaryrefslogtreecommitdiff
path: root/roles/sudo
diff options
context:
space:
mode:
Diffstat (limited to 'roles/sudo')
-rw-r--r--roles/sudo/main.yml6
-rw-r--r--roles/sudo/tasks/225
-rw-r--r--roles/sudo/tasks/main.yml63
-rw-r--r--roles/sudo/tests/test.yml12
-rw-r--r--roles/sudo/vars/FreeBSD.yml4
-rw-r--r--roles/sudo/vars/default.yml4
6 files changed, 114 insertions, 0 deletions
diff --git a/roles/sudo/main.yml b/roles/sudo/main.yml
new file mode 100644
index 0000000..430c387
--- /dev/null
+++ b/roles/sudo/main.yml
@@ -0,0 +1,6 @@
+---
+- hosts: all
+ vars_files:
+ - vars/default.yml
+ tasks:
+ - include: tasks/main.yml
diff --git a/roles/sudo/tasks/2 b/roles/sudo/tasks/2
new file mode 100644
index 0000000..5dd7b7f
--- /dev/null
+++ b/roles/sudo/tasks/2
@@ -0,0 +1,25 @@
+---
+- name: sudo get vars
+ include_vars: default.yml
+
+- name: sudo get OS vars
+ include_vars: '{{ item }}'
+ with_first_found:
+ - '{{ ansible_distribution }}.yml'
+ - default.yml
+
+- debug: msg="{{ item | regex_replace('^.*\/','') }}"
+ with_items:
+ - '{{ sudo_files }}'
+
+- name: sudo deploy rules from files
+ template:
+ src: "roles/sudo/files/{{ item.file }}"
+ dest: "{{ sudo_rules_dir }}/{{ item.file | regex_replace('^.*\/','a') }}"
+ mode: 0440
+ owner: '{{ sudo_root_user }}'
+ group: '{{ sudo_root_group }}'
+ with_items:
+ - '{{ sudo_files }}'
+ when:
+ - sudo_files is defined
diff --git a/roles/sudo/tasks/main.yml b/roles/sudo/tasks/main.yml
new file mode 100644
index 0000000..07fda25
--- /dev/null
+++ b/roles/sudo/tasks/main.yml
@@ -0,0 +1,63 @@
+---
+- name: sudo get vars
+ include_vars: default.yml
+
+- name: sudo get OS vars
+ include_vars: '{{ item }}'
+ with_first_found:
+ - '{{ ansible_distribution }}.yml'
+ - default.yml
+
+- stat: path='{{ sudo_rules_dir }}/{{ item.priority }}_{{ item.name }}' #'
+ with_items:
+ - '{{ sudo_strings }}'
+ register: "s"
+ when: sudo_strings is defined
+
+- name: sudo deploy rules from files
+ template:
+ src: "roles/sudo/files/{{ item.file }}"
+ dest: "{{ sudo_rules_dir }}/{{ item.file | regex_replace('.*/','') }}"
+ mode: 0440
+ owner: '{{ sudo_root_user }}'
+ group: '{{ sudo_root_group }}'
+ with_items:
+ - '{{ sudo_files }}'
+ when:
+ - sudo_files is defined
+
+- name: sudo remove rules from files
+ file: path='{{ sudo_rules_dir }}/{{ item.file | regex_replace('.*/','') }}' state='absent'
+ with_items:
+ - '{{ sudo_files }}'
+ when:
+ - sudo_files is defined
+ - ( not item.exists ) or ( '{{ item.exists | lower }}' == 'false' )
+
+#- debug: msg='foo'
+# with_items: '{{ s.results }}'
+
+- name: sudo deploy rules from strings
+ lineinfile:
+ line: "{{ item.item.content }}"
+ regexp: "{{ item.item.content | regex_replace('^(.{8}).*$','\\1') }}"
+ dest: '{{ sudo_rules_dir }}/{{ item.item.priority }}_{{ item.item.name }}'
+ mode: 0600
+ owner: '{{ sudo_root_user }}'
+ group: '{{ sudo_root_group }}'
+ create: yes
+ state: present
+ with_items:
+ - '{{ s.results }}'
+ when:
+ - item.stat.exists is defined
+ - s is defined
+ - '{{ item.item.exists }}'
+
+- name: sudo remove rules from strings
+ file: path='{{ sudo_rules_dir }}/{{ item.item.priority }}_{{ item.item.name }}' state='absent'
+ with_items:
+ - '{{ s.results }}'
+ when:
+ - s is defined
+ - ( not item.item.exists ) or ( '{{ item.item.exists | lower }}' == 'false' )
diff --git a/roles/sudo/tests/test.yml b/roles/sudo/tests/test.yml
new file mode 100644
index 0000000..e15f798
--- /dev/null
+++ b/roles/sudo/tests/test.yml
@@ -0,0 +1,12 @@
+---
+- name: Test playbook for sudo
+ hosts: test
+ remote_user: root
+ roles:
+ - sudo
+ vars:
+ sudo_strings:
+ - { priority: 42, exists: 'false', name: 'admins-do-all', content: 'User_Alias ADMINS = bgstack15, bgstack15, user16, user16' }
+ - { priority: 43, exists: false, name: 'a', content: "ADMINS ALL=(ALL) ALL" }
+ sudo_files:
+ - { exists: 'false', file: '../../../company/sudo-files/40_bgstack15' }
diff --git a/roles/sudo/vars/FreeBSD.yml b/roles/sudo/vars/FreeBSD.yml
new file mode 100644
index 0000000..0205496
--- /dev/null
+++ b/roles/sudo/vars/FreeBSD.yml
@@ -0,0 +1,4 @@
+---
+sudo_rules_dir: /usr/local/etc/sudoers.d/
+sudo_root_user: root
+sudo_root_group: wheel
diff --git a/roles/sudo/vars/default.yml b/roles/sudo/vars/default.yml
new file mode 100644
index 0000000..80e6de4
--- /dev/null
+++ b/roles/sudo/vars/default.yml
@@ -0,0 +1,4 @@
+---
+sudo_rules_dir: /etc/sudoers.d/
+sudo_root_user: root
+sudo_root_group: root
bgstack15