Feature request - Would love to do this in reverse
Closed this issue · 3 comments
It is likely outside the scope, but it would be wonderful to take an existing sudoers file (/etc/sudoers or /etc/sudoers.d/) and convert all the aliases and specs into correctly-formatted vars. This could help remediate existing systems and get them version controlled under Ansible.
That's an interesting use-case and certainly something that could be done. I believe that work would require a custom module to parse the files and return formatted data. A python module would be the best way to attack this. I'm going to leave this open for now, because I'm working on some similar stuff, not necessarily for sudoers, but I like the idea.
@ahuffman sounds good. Anything I can do to incentivize that module? I'll start working on something myself, but I'm painfully slow with python
@gforster I spun up a separate project for this request. I have some initial work done on it.
Right now it can parse your /etc/sudoers file, determine the indudedir and included files, a dictionary 'sudoers_files' that contains a list of all parsed sudoers files with raw config lines, path, and defaults (eventually it'll parse more items), then it spits out an ansible_facts['sudoers'] dictionary.
The repo where this work will be continued is located here: https://github.com/ahuffman/ansible-role-scan-sudoers. I'll close this issue since I'm spinning the work off into it's own project.
Feel free to contribute to the work on the new repo!