Skip to content

Commit d2bf37a

Browse files
martinpittmartinpitt
authored
fix: Avoid append() in sudoers file template
Cause: Ansible 2.19 does not allow calling `.append()` on a list any more (ansible/ansible#85202). You also can't reassign variables in a loop, so list addition does not work either. Consequence: The role failed on Ansible 2.19. Fix: Rewrite the template to using filters instead of explicit dict iteration.
1 parent 2c4f3eb commit d2bf37a

File tree

1 file changed

+38
-100
lines changed

1 file changed

+38
-100
lines changed

templates/sudoers.j2

Lines changed: 38 additions & 100 deletions
Original file line numberDiff line numberDiff line change
@@ -1,30 +1,21 @@
11
{%- macro render_aliases(alias_desc,alias_str,alias_dict,alias_subdict_name) %}
2-
{% if item.aliases[alias_dict] is defined %}
2+
{% if item.aliases[alias_dict] is defined %}
33

44
## {{ alias_desc }}
5-
{% for alias_item in item.aliases[alias_dict] %}
6-
{% set _alias = [] %}
7-
{% for alias_val in alias_item[alias_subdict_name] %}
8-
{% set _ = _alias.append(alias_val) %}
9-
{% endfor %}
10-
{{ alias_str }} {{ alias_item.name }} = {{ _alias | join(", ") }}
11-
{% endfor %}
12-
{% endif %}
13-
{% endmacro -%}
5+
{% for alias_item in item.aliases[alias_dict] %}
6+
{{ alias_str }} {{ alias_item.name }} = {{ alias_item[alias_subdict_name] | join(", ") }}
7+
{% endfor %}
8+
{% else %}
9+
{{- '' -}}
10+
{% endif %}
11+
{%- endmacro -%}
1412
{%- macro render_override_spec(spec,spec_type, spec_dict, sign) %}
15-
{% if spec.type == spec_type %}
16-
{% set _spec_original = [] %}
17-
{% set _spec_default = [] %}
18-
{% for spec_original in spec[spec_dict] %}
19-
{% set _ = _spec_original.append(spec_original) %}
20-
{% endfor %}
21-
{% for spec_default in spec.defaults %}
22-
{% set _ = _spec_default.append(spec_default) %}
23-
{% endfor %}
24-
Defaults{{ sign }} {{ _spec_original | join(", ") }} {{ _spec_default |
25-
join(", ") }}
26-
{% endif %}
27-
{% endmacro -%}
13+
{% if spec.type == spec_type %}
14+
Defaults{{ sign }} {{ spec[spec_dict] | join(", ") }} {{ spec.defaults | join(", ") }}
15+
{% else %}
16+
{{- '' -}}
17+
{% endif %}
18+
{%- endmacro -%}
2819
{{ ansible_managed | default('Ansible managed') | comment }}
2920
{{ "system_role:sudo" | comment(prefix="", postfix="") }}
3021
{%- if item.defaults is defined %}
@@ -34,11 +25,7 @@ Defaults{{ sign }} {{ _spec_original | join(", ") }} {{ _spec_default |
3425
{% if default is mapping %}
3526
{% for name, values in default.items() %}
3627
{% if name == 'secure_path' %}
37-
{% set paths = [] %}
38-
{% for my_value in values %}
39-
{% set _ = paths.append(my_value) %}
40-
{% endfor %}
41-
Defaults {{ name }} = {{ paths | join(":") }}
28+
Defaults {{ name }} = {{ values | join(":") }}
4229
{% else %}
4330
{% for items in values | list | slice(6) %}
4431
{% if items %}
@@ -70,79 +57,30 @@ Defaults {{ default }}
7057

7158
# User specifications
7259
{% for spec in item.user_specifications %}
73-
{% set user_spec = [] %}
74-
{% set spec_users = [] %}
75-
{% set spec_hosts = [] %}
76-
{% set spec_ops = [] %}
77-
{% set spec_types = [] %}
78-
{% set spec_roles = [] %}
79-
{% set spec_privs = [] %}
80-
{% set spec_lprivs = [] %}
81-
{% set spec_tags = [] %}
82-
{% set spec_cmnds = [] %}
83-
{% for user in spec.users %}
84-
{% set _ = spec_users.append(user) %}
85-
{% endfor %}
86-
{% set _ = user_spec.append(spec_users | join(", ")) %}
87-
{% set _ = user_spec.append(" ") %}
88-
{% for host in spec.hosts %}
89-
{% set _ = spec_hosts.append(host) %}
90-
{% endfor %}
91-
{% set _ = user_spec.append(spec_hosts | join(", ")) %}
92-
{% set _ = user_spec.append("=") %}
93-
{% if spec.operators is defined %}
94-
{% set _ = user_spec.append("(") %}
95-
{% for op in spec.operators %}
96-
{% set _ = spec_ops.append(op) %}
97-
{% endfor %}
98-
{% set _ = user_spec.append(spec_ops | join(", ")) %}
99-
{% set _ = user_spec.append(")") %}
60+
{% if spec.users is defined and spec.users | length > 0
61+
and spec.hosts is defined and spec.hosts | length > 0
62+
and spec.commands is defined and spec.commands | length > 0 %}
63+
{{ spec.users | join(", ") }} {{ spec.hosts | join(", ") }}=
64+
{%- if spec.operators is defined and spec.operators | length > 0 -%}
65+
({{ spec.operators | join(", ") }})
66+
{%- endif -%}
67+
{%- if spec.selinux_type is defined and spec.selinux_type | length > 0 -%}
68+
TYPE={{ spec.selinux_type | join(", ") }}
69+
{%- endif -%}
70+
{%- if spec.selinux_role is defined and spec.selinux_role | length > 0 -%}
71+
ROLE={{ spec.selinux_role | join(", ") }}
72+
{%- endif -%}
73+
{%- if spec.solaris_privs is defined and spec.solaris_privs | length > 0 -%}
74+
PRIVS={{ spec.solaris_privs | join(", ") }}
75+
{%- endif -%}
76+
{%- if spec.solaris_limitprivs is defined and spec.solaris_limitprivs | length > 0 -%}
77+
LIMITPRIVS={{ spec.solaris_limitprivs | join(", ") }}
78+
{%- endif -%}
79+
{%- if spec.tags is defined and spec.tags | length > 0 -%}
80+
{{ spec.tags | join(":") }}:
81+
{%- endif -%}
82+
{{ " " + spec.commands | join(", ") }}
10083
{% endif %}
101-
{% set _ = user_spec.append(" ") %}
102-
{% if spec.selinux_type is defined %}
103-
{% set _ = user_spec.append("TYPE=") %}
104-
{% for type in spec.selinux_type %}
105-
{% set _ = spec_types.append(type) %}
106-
{% endfor %}
107-
{% set _ = user_spec.append(spec_types | join(", ")) %}
108-
{% set _ = user_spec.append(" ") %}
109-
{% endif %}
110-
{% if spec.selinux_role is defined %}
111-
{% set _ = user_spec.append("ROLE=") %}
112-
{% for role in spec.selinux_role %}
113-
{% set _ = spec_roles.append(role) %}
114-
{% endfor %}
115-
{% set _ = user_spec.append(spec_roles | join(", ")) %}
116-
{% set _ = user_spec.append(" ") %}
117-
{% endif %}
118-
{% if spec.solaris_privs is defined %}
119-
{% set _ = user_spec.append("PRIVS=") %}
120-
{% for priv in spec.solaris_privs %}
121-
{% set _ = spec_privs.append(priv) %}
122-
{% endfor %}
123-
{% set _ = user_spec.append(spec_privs | join(", ")) %}
124-
{% set _ = user_spec.append(" ") %}
125-
{% endif %}
126-
{% if spec.solaris_limitprivs is defined %}
127-
{% set _ = user_spec.append("LIMITPRIVS=") %}
128-
{% for lpriv in spec.solaris_limitprivs %}
129-
{% set _ = spec_lprivs.append(lpriv) %}
130-
{% endfor %}
131-
{% set _ = user_spec.append(spec_lprivs | join(", ")) %}
132-
{% set _ = user_spec.append(" ") %}
133-
{% endif %}
134-
{% if spec.tags is defined %}
135-
{% for tag in spec.tags %}
136-
{% set _ = spec_tags.append(tag) %}
137-
{% endfor %}
138-
{% set _ = user_spec.append(spec_tags | join(":")) %}
139-
{% set _ = user_spec.append(": ") %}
140-
{% endif %}
141-
{% for cmnd in spec.commands %}
142-
{% set _ = spec_cmnds.append(cmnd) %}
143-
{% endfor %}
144-
{% set _ = user_spec.append(spec_cmnds | join(", ")) %}
145-
{{ user_spec | join('') }}
14684
{% endfor %}
14785
{% endif -%}
14886
{%- if item.default_overrides is defined %}

0 commit comments

Comments
 (0)