1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Commit graph

9 commits

Author SHA1 Message Date
patchback[bot]
a7a2631333
[PR #7983/49bd9cbd backport][stable-8] Add noexec support to sudoers (#8012)
Add noexec support to sudoers (#7983)

* Add noexec support to sudoers

* Add changelog fragment #7983

* Fix yml formatting in fragment 7983

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 49bd9cbd3c)

Co-authored-by: adaniaud <adaniaud@users.noreply.github.com>
2024-02-23 07:08:04 +00:00
Renaud
dcc3d4f508
Add support for setenv parameters (#5883) 2023-01-30 06:30:54 +01:00
Laurence
77fde030cd
Add support for host restriction in sudoers module (#5703)
* Add support to restrict privileges by host

* Missing comma

* Making linter happy.

* Add version 6.2.0 as when sudoers host parameter added

Co-authored-by: Felix Fontein <felix@fontein.de>

* Changelog fragment for PR #5703

* Test for sudoers host-based restriction

Co-authored-by: Felix Fontein <felix@fontein.de>
2022-12-20 12:49:11 +01:00
Felix Fontein
1ab2a5f1bc
Add default license header to files which have no copyright or license header yet (#5074)
* Add default license header to files which have no copyright or license header yet.

* yml extension should have been xml...
2022-08-05 14:03:38 +02:00
Jon Ellis
97c72f88b7
Sudoers validate (#4794)
* Use visudo to validate sudoers rules before use

* Replace use of subprocess.Popen with module.run_command

* Switch out apt for package

* Check file mode when verifying file to determine whether something needs to change

* Only install sudo package for debian and redhat environments (when testing)

* Attempt to install sudo on FreeBSD too

* Try just installing sudo for non-darwin machines

* Don't validate file ownership

* Attempt to install sudo on all platforms

* Revert "Attempt to install sudo on all platforms"

This reverts commit b9562a8916.

* Remove file permissions changes from this PR

* Add changelog fragment for 4794 sudoers validation

* Add option to control when sudoers validation is used

* Update changelog fragment

Co-authored-by: Felix Fontein <felix@fontein.de>

* Add version_added to validation property

Co-authored-by: Felix Fontein <felix@fontein.de>

* Also validate failed sudoers validation error message

Co-authored-by: Felix Fontein <felix@fontein.de>

* Make visudo not executable instead of trying to delete it

* Update edge case validation

* Write invalid sudoers file to alternative path to avoid breaking sudo

* Don't try to remove or otherwise modify visudo on Darwin

* Update plugins/modules/system/sudoers.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Remove trailing extra empty line to appease sanity checker

Co-authored-by: Felix Fontein <felix@fontein.de>
2022-06-21 12:41:24 +02:00
s-hamann
44e21dd407
sudoers: fix handling of state: absent (#4852) (#4853)
* sudoers: fix handling of state: absent (#4852)

* typo fixes
2022-06-19 15:34:24 +02:00
Jon Ellis
2d1e58663c
Ensure managed sudoers config files have 0440 permissions (#4814)
* Ensure sudoers config files are created with 0440 permissions to appease visudo validation

* Remove change not required by the bugfix

* Add changelog fragment for 4814 sudoers file permissions

* Update changelogs/fragments/4814-sudoers-file-permissions.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Have less oct casting

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>
2022-06-12 08:17:56 +02:00
doubletwist13
17fe813c18
feat: sudoers module supports runas parameter with default of root (#4380)
* feat: sudoers module supports runas parameter with default of root

* fix: sudoers tests now pass

* chore: add changelog fragment for 4380

* fix: runas feature now a non-breaking change wh no def with no default

* fix: no trailing space in sudoers.py

* Update plugins/modules/system/sudoers.py

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>
2022-03-24 07:07:07 +01:00
Jon
1ba79f3c6a
Sudoers (take 2) (#3746)
* Add module and pass the andebox validate-modules

* Fixes pep8 and sanity checks

* Add tests (intending that they'll fail)

* Fix pep8 complaint

* Remove stub test_sudoers file

* Add version_added to documentation

Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>

* Various improvements as suggested by reviewers

* Remove further required: false from documentation

* Make yaml indentation consistently indented

* Remove default for command argument

Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>

* Refactor check_mode checking as guards

* Update documentation formatting and use to_native

* Update plugins/modules/system/sudoers.py

* Update examples and formatting

* Fix merge conflict

* Update handle

* Add some integration tests

* Update tests to pass yamllint

* Fix assertions typo

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>

* Remove wrapping quotes from assertions

* Use >- for long example names

* Add aliases file to sudoers integration tests

* Fix integration test name

* Create new alternative sudoers directory in case /tmp doesn't exist

* Alternative assertion test for checking rule revocation

* Re-quote assertions

* Update version_added to 4.3.0

Co-authored-by: Felix Fontein <felix@fontein.de>

* Uppercase first character of short_description

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
2022-01-05 08:30:44 +13:00