one/share/sudoers/sudo_commands.rb

#!/usr/bin/env ruby

# -------------------------------------------------------------------------- #
# Copyright 2002-2023, OpenNebula Project, OpenNebula Systems                #
#                                                                            #
# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
# not use this file except in compliance with the License. You may obtain    #
# a copy of the License at                                                   #
#                                                                            #
# http://www.apache.org/licenses/LICENSE-2.0                                 #
#                                                                            #
# Unless required by applicable law or agreed to in writing, software        #
# distributed under the License is distributed on an "AS IS" BASIS,          #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
# See the License for the specific language governing permissions and        #
# limitations under the License.                                             #
#--------------------------------------------------------------------------- #

ONE_LOCATION = ENV['ONE_LOCATION']

if !ONE_LOCATION
    LIB_LOCATION = '/usr/lib/one'
else
    LIB_LOCATION = ONE_LOCATION + '/lib'
end

require 'erb'
require_relative 'sudoers'

sudoers = Sudoers.new LIB_LOCATION
aliases = sudoers.aliases
aliases.reject! {|_k, v| v.empty? }

puts ERB.new(DATA.read, nil, '<>').result(binding)

__END__
Defaults:oneadmin !requiretty
Defaults:oneadmin secure_path = /sbin:/bin:/usr/sbin:/usr/bin

<% cmd_sets  = sudoers.cmds.keys.sort %>
<% cmd_sets.each  do |k|; l = "ONE_#{k}"; v = aliases[l]  %>
<%    if !v.nil? %>
Cmnd_Alias <%= l %> = <%= v.join(", ") %>
<%    end %>
<% end  %>

## Command aliases are enabled individually in dedicated
## sudoers files by each OpenNebula component (server, node).
# oneadmin ALL=(ALL) NOPASSWD: <%= cmd_sets.each.sort.collect{|k| "ONE_#{k}"}.join(", ") %>
Bug #2257: Add a sudoers file generator 2013-08-15 12:04:40 -04:00			`#!/usr/bin/env ruby`

			`# -------------------------------------------------------------------------- #`
M #-: Bump year 2023 2023-01-09 12:23:19 +01:00			`# Copyright 2002-2023, OpenNebula Project, OpenNebula Systems #`
Bug #2257: Add a sudoers file generator 2013-08-15 12:04:40 -04:00			`# #`
			`# Licensed under the Apache License, Version 2.0 (the "License"); you may #`
			`# not use this file except in compliance with the License. You may obtain #`
			`# a copy of the License at #`
			`# #`
			`# http://www.apache.org/licenses/LICENSE-2.0 #`
			`# #`
			`# Unless required by applicable law or agreed to in writing, software #`
			`# distributed under the License is distributed on an "AS IS" BASIS, #`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #`
			`# See the License for the specific language governing permissions and #`
			`# limitations under the License. #`
			`#--------------------------------------------------------------------------- #`

B #3046: Review sudoers (#3786) 2019-09-30 15:15:42 +02:00			`ONE_LOCATION = ENV['ONE_LOCATION']`
F #2531: Add support for linuxcontainers MarketPlace Co-authored-by: Sergio Vega Gutiérrez <svega@opennebula.systems> 2018-12-11 12:21:43 +01:00
			`if !ONE_LOCATION`
B #3046: Review sudoers (#3786) 2019-09-30 15:15:42 +02:00			`LIB_LOCATION = '/usr/lib/one'`
F #2531: Add support for linuxcontainers MarketPlace Co-authored-by: Sergio Vega Gutiérrez <svega@opennebula.systems> 2018-12-11 12:21:43 +01:00			`else`
B #3046: Review sudoers (#3786) 2019-09-30 15:15:42 +02:00			`LIB_LOCATION = ONE_LOCATION + '/lib'`
F #2531: Add support for linuxcontainers MarketPlace Co-authored-by: Sergio Vega Gutiérrez <svega@opennebula.systems> 2018-12-11 12:21:43 +01:00			`end`
Bug #2257: Add a sudoers file generator 2013-08-15 12:04:40 -04:00
B #3046: Review sudoers (#3786) 2019-09-30 15:15:42 +02:00			`require 'erb'`
			`require_relative 'sudoers'`
Bug #2257: deterministic output for ruby 1.8.7 2013-08-15 13:58:43 -04:00
B #3046: Review sudoers (#3786) 2019-09-30 15:15:42 +02:00			`sudoers = Sudoers.new LIB_LOCATION`
			`aliases = sudoers.aliases`
			`aliases.reject! {\|_k, v\| v.empty? }`
Bug #2257: Add a sudoers file generator 2013-08-15 12:04:40 -04:00
B #3046: Review sudoers (#3786) 2019-09-30 15:15:42 +02:00			`puts ERB.new(DATA.read, nil, '<>').result(binding)`
Bug #2257: Add a sudoers file generator 2013-08-15 12:04:40 -04:00
			`__END__`
B #3046: Review sudoers (#3786) 2019-09-30 15:15:42 +02:00			`Defaults:oneadmin !requiretty`
			`Defaults:oneadmin secure_path = /sbin:/bin:/usr/sbin:/usr/bin`
Bug #2257: Add a sudoers file generator 2013-08-15 12:04:40 -04:00
B #3046: Review sudoers (#3786) 2019-09-30 15:15:42 +02:00			`<% cmd_sets = sudoers.cmds.keys.sort %>`
			`<% cmd_sets.each do \|k\|; l = "ONE_#{k}"; v = aliases[l] %>`
			`<% if !v.nil? %>`
Bug #2257: Better label for ONE commands for the sudoers file 2013-08-15 15:05:00 -04:00			`Cmnd_Alias <%= l %> = <%= v.join(", ") %>`
B #3046: Review sudoers (#3786) 2019-09-30 15:15:42 +02:00			`<% end %>`
Bug #2257: deterministic output for ruby 1.8.7 2013-08-15 13:58:43 -04:00			`<% end %>`
Bug #2257: Add a sudoers file generator 2013-08-15 12:04:40 -04:00
B #3046: Review sudoers (#3786) 2019-09-30 15:15:42 +02:00			`## Command aliases are enabled individually in dedicated`
			`## sudoers files by each OpenNebula component (server, node).`
			`# oneadmin ALL=(ALL) NOPASSWD: <%= cmd_sets.each.sort.collect{\|k\| "ONE_#{k}"}.join(", ") %>`