Version 2.0.4

Minor template fix for a user that has their ANSIBLE_MANAGER_STR set to None.

Version 2.0.3

• Added a configurable "become" sudoers_backup_become variable due to bug with local user (PASSWD) prompt configs. This allows a user to configure whether or not to execute the backup directory creation with privilege escalation
• Set the new parameter in defaults/main.yaml and force to True when undefined for backward compatibility
• Updated documentation to reflect the new parameter

Version 2.0.2

• Adds support for non-root owner wheel on MacOS
• Adds some comments to the defaults/main.yml vars
• Minor documentation tweaks/fixes

Version 2.0.1

Fixes:

• Issue #34 - Backup issues with fetch module when using become and ansible_user on delegated task

Version 2.0.0

Into the Future

Version 2.0.0 is a major rewrite of the old role code. The revamp allows us to better represent the data, as well as allows us to align with the ahuffman.scan_sudoers role. This allows for migration of running configurations to new systems, as well as quicker time to deployment by automatic generation of the sudoers_files variable off of an existing running configuration.

Changes

• Variables redesigned to be more declarative for each sudoers file
  • Each file has a path key which defines where the file gets deployed VS. creating include files off of an alias name
• Unnecessary variables dropped
  • Several variables were dropped since the new data structures are more flexible and declarative, many were no longer required, or made no sense in the new scheme
  • All variables were slightly renamed to prevent users coming from versions 1.0.x to purposefully break in case they were deploying the role from Galaxy without a tag or version specified in their automation
    • Allows users a chance to evaluate and adopt version 2.0.0+ in the future without breaking configurations
• Data structure of sudoers file specifications redesigned
• Jinja2 Templates were able to be reduced to a single file
  • Each item in the sudoers_files variable will define how this template is implemented
  • Allows for more freedom in what you want in each included file as well as the default /etc/sudoers file
• Documentation rewritten and reformatted for all changes
  • New playbook examples added
  • Example of migration of a running sudoers configuration added
  • How to build the required data format from existing running configuration added with ahuffman.scan_sudoers role
• Backup style changed to fetch to Ansible Control Node VS. backup of files on remote file-systems (prevents accidental inclusion of old files in included directories)
  • This comes with a configurable sudoers_backup_path variable to define the path where remote backups are pulled to prior to changes of the running configurations.
• Default sudoers_files definition aligned with a RHEL7.6 default /etc/sudoers configuration
• Configurable visudo binary path for validation of sudoers configurations. Default set to /usr/sbin/visudo which should work for most Operating System flavors
• Better representation of sudoers_files via new data structure of the /etc/sudoers and related included files.
• Ansible 2.8.x best-practices and syntax have been adopted

Version 1.0.7

Fixes issues with become and visudo. Fully-qualified path was required to properly validate with visudo. Has not been tested with Ubuntu/Debian distros, but will work if visudo exists at /usr/sbin/visudo.

Version 1.0.6

• Drops support for Python versions less than 2.7 by replacing iteritems with items in templates

Version 1.0.5

Fixes ansible-lint complaining about retries on a package install.

Version 1.0.4

• Added Backup option for /etc/sudoers
• Added separate option to cleanup separate spec files if they exist and the sudoer_separate_spec option is set to False
• Added debugs to view values of calculated authorized sudoer specs. Can be viewed when running with -v
• Updated docs to attempt to make usage clearer
• Fixed #28
• Implemented best practices in tasks

Fixing check mode runs by removing a command that grepped /etc/sudoers. This was found to be unnecessary due to the lineinfile module that ensures the line we were grepping for is in place when the separate sudoer specs boolean was on.

Minor documentation update to correct Author section.