From ed0932deea218b0350f00f6a2a91ba872037ec99 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Wed, 26 Jul 2023 19:18:06 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E6=94=B9=E5=AF=86=E5=8E=BB=E6=8E=89sud?= =?UTF-8?q?o=20(#11094)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: feng <1304903146@qq.com> --- .../change_secret/host/aix/main.yml | 24 +++++++++++++++++-- .../change_secret/host/aix/manifest.yml | 6 ----- .../change_secret/host/posix/main.yml | 10 -------- .../change_secret/host/posix/manifest.yml | 6 ----- 4 files changed, 22 insertions(+), 24 deletions(-) diff --git a/apps/accounts/automations/change_secret/host/aix/main.yml b/apps/accounts/automations/change_secret/host/aix/main.yml index b51ddf69e..831b4f0bf 100644 --- a/apps/accounts/automations/change_secret/host/aix/main.yml +++ b/apps/accounts/automations/change_secret/host/aix/main.yml @@ -4,6 +4,26 @@ - name: Test privileged account ansible.builtin.ping: + - name: Check user + ansible.builtin.user: + name: "{{ account.username }}" + shell: "{{ params.shell }}" + home: "{{ params.home | default('/home/' + account.username, true) }}" + groups: "{{ params.groups }}" + expires: -1 + state: present + + - name: "Add {{ account.username }} group" + ansible.builtin.group: + name: "{{ account.username }}" + state: present + + - name: Add user groups + ansible.builtin.user: + name: "{{ account.username }}" + groups: "{{ params.groups }}" + when: params.groups + - name: Change password ansible.builtin.user: name: "{{ account.username }}" @@ -23,8 +43,8 @@ regexp: "{{ ssh_params.regexp }}" state: absent when: - - account.secret_type == "ssh_key" - - ssh_params.strategy == "set_jms" + - account.secret_type == "ssh_key" + - ssh_params.strategy == "set_jms" - name: Change SSH key ansible.builtin.authorized_key: diff --git a/apps/accounts/automations/change_secret/host/aix/manifest.yml b/apps/accounts/automations/change_secret/host/aix/manifest.yml index a3df14a4d..04a332027 100644 --- a/apps/accounts/automations/change_secret/host/aix/manifest.yml +++ b/apps/accounts/automations/change_secret/host/aix/manifest.yml @@ -5,12 +5,6 @@ type: - AIX method: change_secret params: - - name: sudo - type: str - label: 'Sudo' - default: '/bin/whoami' - help_text: "{{ 'Params sudo help text' | trans }}" - - name: shell type: str label: 'Shell' diff --git a/apps/accounts/automations/change_secret/host/posix/main.yml b/apps/accounts/automations/change_secret/host/posix/main.yml index 325ad644d..3462cabf8 100644 --- a/apps/accounts/automations/change_secret/host/posix/main.yml +++ b/apps/accounts/automations/change_secret/host/posix/main.yml @@ -53,16 +53,6 @@ exclusive: "{{ ssh_params.exclusive }}" when: account.secret_type == "ssh_key" - - name: Set sudo setting - ansible.builtin.lineinfile: - dest: /etc/sudoers - state: present - regexp: "^{{ account.username }} ALL=" - line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}" - validate: visudo -cf %s - when: - - params.sudo - - name: Refresh connection ansible.builtin.meta: reset_connection diff --git a/apps/accounts/automations/change_secret/host/posix/manifest.yml b/apps/accounts/automations/change_secret/host/posix/manifest.yml index 43d1ca5fd..4e42cfe02 100644 --- a/apps/accounts/automations/change_secret/host/posix/manifest.yml +++ b/apps/accounts/automations/change_secret/host/posix/manifest.yml @@ -6,12 +6,6 @@ type: - linux method: change_secret params: - - name: sudo - type: str - label: 'Sudo' - default: '/bin/whoami' - help_text: "{{ 'Params sudo help text' | trans }}" - - name: shell type: str label: 'Shell'