修复sudo别名取消后不回收bug (#322)

a864c382 · 紫川秀 · 老广 · 54740822 · a864c382 · a864c382
Commit a864c382 authored Nov 16, 2016 by 紫川秀 Committed by 老广 Nov 16, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 0 deletions

ansible_api.py jperm/ansible_api.py +11 -0

views.py jperm/views.py +2 -0

No files found.
--- a/jperm/ansible_api.py
+++ b/jperm/ansible_api.py
@@ -409,6 +409,17 @@ class MyTask(MyRunner):
        self.run("script", module_args1, become=True)
        return self.results
+    def recyle_cmd_alias(self, role_name):
+        """
+        recyle sudo cmd alias
+        :return:
+        """
+        if role_name == 'root':
+            return {"status": "failed", "msg": "can't recyle root privileges"}
+        module_args = "sed -i 's/^%s.*//' /etc/sudoers" % role_name
+        self.run("command", module_args, become=True)
+        return self.results
 class CustomAggregateStats(callbacks.AggregateStats):
    """                                                                             

--- a/jperm/views.py
+++ b/jperm/views.py
@@ -533,6 +533,8 @@ def perm_role_push(request):
            sudo_list = set([sudo for sudo in role.sudo.all()])  # set(sudo1, sudo2, sudo3)
            if sudo_list:
                ret['sudo'] = task.push_sudo_file([role], sudo_list)
+            else:
+                ret['sudo'] = task.recyle_cmd_alias(role.name)
        logger.debug('推送role结果: %s' % ret)
        success_asset = {}