WIP

mitogen-hq · Feb 7, 2025 · 6ae6968 · 6ae6968
1 parent 0dc63c2
commit 6ae6968
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 72 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -24,58 +24,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - name: Ans_27_210
-            tox_env: py27-mode_ansible-ansible2.10
-          - name: Ans_27_4
-            tox_env: py27-mode_ansible-ansible4
-
-          - name: Ans_36_210
-            python_version: '3.6'
-            tox_env: py36-mode_ansible-ansible2.10
-          - name: Ans_36_4
-            python_version: '3.6'
-            tox_env: py36-mode_ansible-ansible4
-
-          - name: Ans_311_210
-            python_version: '3.11'
-            tox_env: py311-mode_ansible-ansible2.10
-          - name: Ans_311_3
-            python_version: '3.11'
-            tox_env: py311-mode_ansible-ansible3
-          - name: Ans_311_4
-            python_version: '3.11'
-            tox_env: py311-mode_ansible-ansible4
-          - name: Ans_311_5
-            python_version: '3.11'
-            tox_env: py311-mode_ansible-ansible5
-          - name: Ans_313_6
-            python_version: '3.13'
-            tox_env: py313-mode_ansible-ansible6
-          - name: Ans_313_7
-            python_version: '3.13'
-            tox_env: py313-mode_ansible-ansible7
-          - name: Ans_313_8
-            python_version: '3.13'
-            tox_env: py313-mode_ansible-ansible8
-          - name: Ans_313_9
-            python_version: '3.13'
-            tox_env: py313-mode_ansible-ansible9
-          - name: Ans_313_10
-            python_version: '3.13'
-            tox_env: py313-mode_ansible-ansible10
-          - name: Ans_313_11
-            python_version: '3.13'
-            tox_env: py313-mode_ansible-ansible11
-
-          - name: Van_313_11
-            python_version: '3.13'
-            tox_env: py313-mode_ansible-ansible11-strategy_linear
-
-          - name: Mito_27
-            tox_env: py27-mode_mitogen
-          - name: Mito_36
-            python_version: '3.6'
-            tox_env: py36-mode_mitogen
           - name: Mito_313
             python_version: '3.13'
             tox_env: py313-mode_mitogen
@@ -168,9 +116,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - name: Mito_313
-            tox_env: py313-mode_mitogen
-
           - name: Loc_313_11
             tox_env: py313-mode_localhost-ansible11
 

diff --git a/tests/image_prep/_user_accounts.yml b/tests/image_prep/_user_accounts.yml
@@ -152,27 +152,51 @@
             owner: mitogen__has_sudo_pubkey
             group: mitogen__group
 
-    - name: Configure sudoers defaults
-      blockinfile:
+    - name: Require a TTY for two accounts
+      lineinfile:
         path: /etc/sudoers
-        block: |
-          Defaults>mitogen__pw_required targetpw
-          Defaults>mitogen__require_tty requiretty
-          Defaults>mitogen__require_tty_pw_required requiretty,targetpw
+        line: "{{item}}"
+      with_items:
+        - Defaults>mitogen__pw_required targetpw
+        - Defaults>mitogen__require_tty requiretty
+        - Defaults>mitogen__require_tty_pw_required requiretty,targetpw
+
+    - name: Require password for two accounts
+      lineinfile:
+        path: /etc/sudoers
+        line: "{{lookup('pipe', 'whoami')}} ALL = ({{item}}:ALL) ALL"
         validate: '/usr/sbin/visudo -cf %s'
+      with_items:
+        - mitogen__pw_required
+        - mitogen__require_tty_pw_required
+      when:
+        - ansible_virtualization_type != "docker"
 
-    - name: Configure sudoers users
-      blockinfile:
+    - name: Allow passwordless sudo for require_tty/readonly_homedir
+      lineinfile:
         path: /etc/sudoers
-        block: |
-          # User    Host(s) = (runas user:runas group) Command(s)
-          {{ lookup('pipe', 'whoami') }} ALL = (mitogen__pw_required:ALL) ALL
-          {{ lookup('pipe', 'whoami') }} ALL = (mitogen__require_tty_pw_required:ALL) ALL
-          {{ lookup('pipe', 'whoami') }} ALL = (mitogen__require_tty:ALL) NOPASSWD:ALL
-          {{ lookup('pipe', 'whoami') }} ALL = (mitogen__readonly_homedir:ALL) NOPASSWD:ALL
-          {% for runas_user in normal_users %}
-          {{ lookup('pipe', 'whoami') }} ALL = ({{ runas_user.name }}:ALL) NOPASSWD:ALL
-          {% endfor %}
+        line: "{{lookup('pipe', 'whoami')}} ALL = ({{item}}:ALL) NOPASSWD:ALL"
         validate: '/usr/sbin/visudo -cf %s'
+      with_items:
+        - mitogen__require_tty
+        - mitogen__readonly_homedir
       when:
         - ansible_virtualization_type != "docker"
+
+    - name: Allow passwordless for many accounts
+      lineinfile:
+        path: /etc/sudoers
+        line: "{{lookup('pipe', 'whoami')}} ALL = (mitogen__{{item}}:ALL) NOPASSWD:ALL"
+        validate: '/usr/sbin/visudo -cf %s'
+      with_items: "{{normal_users}}"
+      when:
+        - ansible_virtualization_type != "docker"
+
+    - name: Fetch sudoers
+      slurp:
+        src: /etc/sudoers
+      register: sudoers_slurp
+
+    - name: Show sudoers
+      debug:
+        msg: "{{ sudoers_slurp.content | b64decode }}"