修复sudo别名取消后不回收bug (#322)

2025-09-04 08:55:40 +00:00 · 2016-11-16 10:10:04 +08:00
parent 547408222d
commit a864c38238
2 changed files with 13 additions and 0 deletions
--- a/jperm/ansible_api.py
+++ b/jperm/ansible_api.py
@@ -409,6 +409,17 @@ class MyTask(MyRunner):
        self.run("script", module_args1, become=True)
        return self.results

+    def recyle_cmd_alias(self, role_name):
+        """
+        recyle sudo cmd alias
+        :return:
+        """
+        if role_name == 'root':
+            return {"status": "failed", "msg": "can't recyle root privileges"}
+        module_args = "sed -i 's/^%s.*//' /etc/sudoers" % role_name
+        self.run("command", module_args, become=True)
+        return self.results
+

 class CustomAggregateStats(callbacks.AggregateStats):
    """                                                                             
--- a/jperm/views.py
+++ b/jperm/views.py
@@ -533,6 +533,8 @@ def perm_role_push(request):
            sudo_list = set([sudo for sudo in role.sudo.all()])  # set(sudo1, sudo2, sudo3)
            if sudo_list:
                ret['sudo'] = task.push_sudo_file([role], sudo_list)
+            else:
+                ret['sudo'] = task.recyle_cmd_alias(role.name)

        logger.debug('推送role结果: %s' % ret)
        success_asset = {}