Merge pull request #42 from stackhpc/sudoers

Add sudoers element
stackhpc · Aug 5, 2022 · 696b975 · 696b975
2 parents d1d7dcd + bed0a1b
commit 696b975
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 0 deletions.
diff --git a/elements/sudoers/README.rst b/elements/sudoers/README.rst
@@ -0,0 +1,18 @@
+=======
+sudoers
+=======
+
+This element allows for injecting sudoers configuration into an image.
+
+Environment Variables
+---------------------
+
+DIB_SUDOERS_FILENAME
+  :Required: No
+  :Default: dib
+  :Description: Name of the sudoers file in /etc/sudoers.d/
+
+DIB_SUDOERS_CONFIG
+  :Required: Yes
+  :Default: None
+  :Description: Sudoers configuration to inject
diff --git a/elements/sudoers/element-deps b/elements/sudoers/element-deps
@@ -0,0 +1 @@
+package-installs
diff --git a/elements/sudoers/environment.d/sudoers b/elements/sudoers/environment.d/sudoers
@@ -0,0 +1,2 @@
+export DIB_SUDOERS_FILENAME=${DIB_SUDOERS_FILENAME:-dib}
+export DIB_SUDOERS_CONFIG=${DIB_SUDOERS_CONFIG:?Please set DIB_SUDOERS_CONFIG}
diff --git a/elements/sudoers/install.d/50-sudoers b/elements/sudoers/install.d/50-sudoers
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+echo "${DIB_SUDOERS_CONFIG}" > /etc/sudoers.d/${DIB_SUDOERS_FILENAME}
+chmod 0440 /etc/sudoers.d/${DIB_SUDOERS_FILENAME}
+visudo -c || (rm /etc/sudoers.d/${DIB_SUDOERS_FILENAME} && false)
diff --git a/elements/sudoers/package-installs.yaml b/elements/sudoers/package-installs.yaml
@@ -0,0 +1 @@
+sudo:
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		export DIB_SUDOERS_FILENAME=${DIB_SUDOERS_FILENAME:-dib}
		export DIB_SUDOERS_CONFIG=${DIB_SUDOERS_CONFIG:?Please set DIB_SUDOERS_CONFIG}