nuageinit: enhance sudo support

from the cloudinit specification sudo rules can be a string or an
array of string
This commit is contained in:
Baptiste Daroussin
2025-06-26 14:32:27 +02:00
parent 3969965c7f
commit b56d2195f1
3 changed files with 15 additions and 3 deletions
+7 -1
View File
@@ -287,7 +287,13 @@ local function addsudo(pwd)
warnmsg("impossible to open " .. sudoers)
return
end
f:write(pwd.name .. " " .. pwd.sudo .. "\n")
if type(pwd.sudo) == "string" then
f:write(pwd.name .. " " .. pwd.sudo .. "\n")
elseif type(pwd.sudo) == "table" then
for _, str in ipairs(pwd.sudo) do
f:write(pwd.name .. " " .. str .. "\n")
end
end
f:close()
if chmodsudoers then
sys_stat.chmod(sudoers, 416)
+1 -1
View File
@@ -211,7 +211,7 @@ The list of other groups the user should belong to.
.It Ic locked
Boolean to determine if the user account should be locked.
.It Ic sudo
An entry which should be appended to
A string or an array of strings which which should be appended to
.Pa /usr/local/etc/sudoers.d/90-nuageinit-users
.El
.Pp
+7 -1
View File
@@ -121,6 +121,10 @@ users:
sudo: ALL=(ALL) NOPASSWD:ALL
groups: users
passwd: $6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/
- name: bla
sudo:
- "ALL=(ALL) NOPASSWD:/usr/sbin/pw"
- "ALL=(ALL) ALL"
EOF
atf_check /usr/libexec/nuageinit "${PWD}"/media/nuageinit nocloud
atf_check /usr/libexec/nuageinit "${PWD}"/media/nuageinit postnet
@@ -131,17 +135,19 @@ admingroup:*:1001:root,sys
cloud-users:*:1002:
freebsd:*:1003:
foobar:*:1004:
bla:*:1005:
EOF
cat > expectedpasswd << 'EOF'
root:*:0:0::0:0:Charlie &:/root:/bin/sh
sys:*:1:0::0:0:Sys:/home/sys:/bin/sh
freebsd:freebsd:1001:1003::0:0:FreeBSD User:/home/freebsd:/bin/sh
foobar:$6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/:1002:1004::0:0:Foo B. Bar:/home/foobar:/bin/sh
bla::1003:1005::0:0:bla User:/home/bla:/bin/sh
EOF
sed -i "" "s/freebsd:.*:1001/freebsd:freebsd:1001/" "${PWD}"/etc/master.passwd
atf_check -o file:expectedpasswd cat "${PWD}"/etc/master.passwd
atf_check -o file:expectedgroup cat "${PWD}"/etc/group
atf_check -o inline:"foobar ALL=(ALL) NOPASSWD:ALL\n" cat ${PWD}/usr/local/etc/sudoers.d/90-nuageinit-users
atf_check -o inline:"foobar ALL=(ALL) NOPASSWD:ALL\nbla ALL=(ALL) NOPASSWD:/usr/sbin/pw\nbla ALL=(ALL) ALL\n" cat ${PWD}/usr/local/etc/sudoers.d/90-nuageinit-users
}
nocloud_network_head()