ImageCustomizer: Add Support for Configuring User Sudoers File

toolkit/tools/imagecustomizerapi/user.go

@@ -20,6 +20,7 @@ type User struct {
 	SecondaryGroups     []string  `yaml:"secondaryGroups"`
 	StartupCommand      string    `yaml:"startupCommand"`
 	HomeDirectory       string    `yaml:"homeDirectory"`
+	Sudo                bool      `yaml:"sudo"`
 }
 
 func (u *User) IsValid() error {

toolkit/tools/pkg/imagecustomizerlib/customizefiles.go

@@ -17,8 +17,8 @@ const (
 	defaultFilePermissions = 0o755
 )
 
-func copyAdditionalFiles(baseConfigPath string, additionalFiles imagecustomizerapi.AdditionalFileList,
-	imageChroot *safechroot.Chroot,
+func CopyAdditionalFiles(baseConfigPath string, additionalFiles imagecustomizerapi.AdditionalFileList,
+	imageChroot safechroot.ChrootInterface,
 ) error {
 	for _, additionalFile := range additionalFiles {
 		logger.Log.Infof("Copying: %s", additionalFile.Destination)

toolkit/tools/pkg/imagecustomizerlib/customizefiles_test.go

@@ -30,7 +30,7 @@ func TestCopyAdditionalFiles(t *testing.T) {
 	copy_2_filemode := os.FileMode(0o777)
 
 	// Copy a file.
-	err = copyAdditionalFiles(baseConfigPath, imagecustomizerapi.AdditionalFileList{
+	err = CopyAdditionalFiles(baseConfigPath, imagecustomizerapi.AdditionalFileList{
 		{
 			Source:      "files/a.txt",
 			Destination: "/copy_1.txt",
@@ -56,7 +56,7 @@ func TestCopyAdditionalFiles(t *testing.T) {
 	verifyFileContentsSame(t, a_orig_path, copy_2_path)
 
 	// Copy a different file to the same location.
-	err = copyAdditionalFiles(baseConfigPath, imagecustomizerapi.AdditionalFileList{
+	err = CopyAdditionalFiles(baseConfigPath, imagecustomizerapi.AdditionalFileList{
 		{
 			Source:      "files/b.txt",
 			Destination: "/copy_1.txt",

toolkit/tools/pkg/imagecustomizerlib/customizeos.go

@@ -39,7 +39,7 @@ func doOsCustomizations(buildDir string, baseConfigPath string, config *imagecus
 		return err
 	}
 
-	err = copyAdditionalFiles(baseConfigPath, config.OS.AdditionalFiles, imageChroot)
+	err = CopyAdditionalFiles(baseConfigPath, config.OS.AdditionalFiles, imageChroot)
 	if err != nil {
 		return err
 	}

toolkit/tools/pkg/imagecustomizerlib/customizeusers.go

@@ -137,5 +137,40 @@ func addOrUpdateUser(user imagecustomizerapi.User, baseConfigPath string, imageC
 		return err
 	}
 
+	// Set user's sudo access.
+	err = UpdateSudoAccess(imageChroot, user.Name, user.Sudo)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func UpdateSudoAccess(installChroot safechroot.ChrootInterface, username string, enableSudo bool) error {
+	if enableSudo {
+
+		// Define the sudo configuration file path for the user
+		sudoersFile := fmt.Sprintf("/etc/sudoers.d/%s", username)
+
+		// Content for sudo configuration
+		content := fmt.Sprintf("%s ALL=(ALL) NOPASSWD:ALL", username)
+
+		// Permissions for the sudoers file (read-only for root)
+		permissions := imagecustomizerapi.FilePermissions(0440)
+
+		// Create the AdditionalFile object
+		additionalFiles := imagecustomizerapi.AdditionalFileList{
+			imagecustomizerapi.AdditionalFile{
+				Destination: fmt.Sprintf("/etc/sudoers.d/%s", username),
+				Content:     &content,
+				Permissions: &permissions,
+			},
+		}
+
+		err := CopyAdditionalFiles(sudoersFile, additionalFiles, installChroot)
+		if err != nil {
+			return err
+		}
+	}
 	return nil
 }