diff options
| author | Amol Shinde <amol.shinde@msystechnologies.com> | 2019-12-23 19:21:36 +0530 |
|---|---|---|
| committer | Amol Shinde <amol.shinde@msystechnologies.com> | 2019-12-24 19:19:48 +0530 |
| commit | d42f2fe246ca95c81c38d446f6a97b5b5cf8c47d (patch) | |
| tree | 6978c4056e0e1f180b6dbf061e2a3738c77dc8c6 | |
| parent | f5f618321ff524cfe5c8cafdf3bdaca55485cd9b (diff) | |
| download | chef-d42f2fe246ca95c81c38d446f6a97b5b5cf8c47d.tar.gz | |
Fix sudo verify regression on 2nd converge
Signed-off-by: Amol Shinde <amol.shinde@msystechnologies.com>
| -rw-r--r-- | lib/chef/resource/sudo.rb | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/lib/chef/resource/sudo.rb b/lib/chef/resource/sudo.rb index c045b1266b..3be06fa367 100644 --- a/lib/chef/resource/sudo.rb +++ b/lib/chef/resource/sudo.rb @@ -158,19 +158,20 @@ class Chef declare_resource(:directory, target) unless ::File.exist?(target) Chef::Log.warn("#{new_resource.filename} will be rendered, but will not take effect because the #{new_resource.config_prefix}/sudoers config lacks the includedir directive that loads configs from #{new_resource.config_prefix}/sudoers.d/!") if ::File.readlines("#{new_resource.config_prefix}/sudoers").grep(/includedir/).empty? + file_path = "#{target}#{new_resource.filename}" if new_resource.template logger.trace("Template property provided, all other properties ignored.") - declare_resource(:template, "#{target}#{new_resource.filename}") do + declare_resource(:template, file_path) do source new_resource.template mode "0440" variables new_resource.variables - verify "cat #{new_resource.config_prefix}/sudoers %{path} | #{new_resource.visudo_binary} -cf -" if visudo_present? + verify visudo_content(file_path) if visudo_present? action :create end else - declare_resource(:template, "#{target}#{new_resource.filename}") do + declare_resource(:template, file_path) do source ::File.expand_path("../support/sudoer.erb", __FILE__) local true mode "0440" @@ -185,7 +186,7 @@ class Chef setenv: new_resource.setenv, env_keep_add: new_resource.env_keep_add, env_keep_subtract: new_resource.env_keep_subtract - verify "cat #{new_resource.config_prefix}/sudoers %{path} | #{new_resource.visudo_binary} -cf -" if visudo_present? + verify visudo_content(file_path) if visudo_present? action :create end end @@ -225,6 +226,14 @@ class Chef Chef::Log.warn("The visudo binary cannot be found at '#{new_resource.visudo_binary}'. Skipping sudoer file validation. If visudo is on this system you can specify the path using the 'visudo_binary' property.") end + + def visudo_content(path) + if ::File.exists?(path) + "cat #{new_resource.config_prefix}/sudoers | #{new_resource.visudo_binary} -cf - && #{new_resource.visudo_binary} -cf %{path}" + else + "cat #{new_resource.config_prefix}/sudoers %{path} | #{new_resource.visudo_binary} -cf -" + end + end end end end |