fix(config): remove dictsort that breaks sudoers

javierbertoli · javierbertoli · commit 7ee2569b451d · 2020-08-24T19:46:55.000-03:00
in bc62b6e dictsort was applied to the pillar entries. But in the sudoers file *order matters* so, using `dictsort`, breaks it. From man 5 sudoers: > When multiple entries match for a user, they are > applied in order. Where there are multiple matches, the last match > is used (which is not necessarily the most specific match). Removed `dictsort` from the {users,groups,netgroups} specifications. BREAKING CHANGE: sudoers entries' order will change and might break existing configuration. You should check your pillars and rendering.
diff --git a/sudoers/files/sudoers b/sudoers/files/sudoers
@@ -84,24 +84,24 @@ Cmnd_Alias {{ name }} = {{ ",".join(commands) }}
 Runas_Alias {{ name }} = {{ ",".join(runas) }}
 {%- endfor %}
 
-# User privilege specification
-{%- for user,specs in users|dictsort %}
+# Netgroup privilege specification
+{%- for netgroup,specs in netgroups.items() %}
   {%- for spec in specs %}
-{{ user }} {{ spec }}
++{{ netgroup }} {{ spec }}
   {%- endfor %}
 {%- endfor %}
 
 # Group privilege specification
-{%- for group,specs in groups|dictsort %}
+{%- for group,specs in groups.items() %}
   {%- for spec in specs %}
 %{{ group }} {{ spec }}
   {%- endfor %}
 {%- endfor %}
 
-# Netgroup privilege specification
-{%- for netgroup,specs in netgroups.items() %}
+# User privilege specification
+{%- for user,specs in users.items() %}
   {%- for spec in specs %}
-+{{ netgroup }} {{ spec }}
+{{ user }} {{ spec }}
   {%- endfor %}
 {%- endfor %}
 
