Closed jeffmccune closed 5 years ago
This is awesome! Wondering if you ever foresee a use-case when someone needs to add users to sudoers at the instance or instance group level vs. project only? I ask this question when going about devising a test strategy. I was looking in project-factory and yet to see where we are declaring the google_compute_project_metadata
resource. I'm happy to add this, but wanted to check in with you before I go to left field.
If you think this is a relevant additional use case, what do you think about the stdlib::setup_sudoers
function taking an argument to target either the project or instance metadata?
Good idea to handle the use case of instance metadata. I recommend doing that as a follow on ticket instead of expanding the scope of this effort, which is focused on getting the behavior in place as-is.
For the test strategy, I'd declare the google_compute_project_metadata resource inside of examples/sudoers_example/main.tf, call a sudo command from startup-script-custom that produces some output, then check for the output using the get-serial-output technique in #15 . YMMV though, this is just thinking off the top of my head.
Thanks!
Sent from my Apple Watch
On Feb 21, 2019, at 11:22, Jeff McCune notifications@github.com wrote:
Good idea to handle the use case of instance metadata. I recommend doing that as a follow on ticket instead of expanding the scope of this effort, which is focused on getting the behavior in place as-is.
For the test strategy, I'd declare the google_compute_project_metadata resource inside of examples/sudoers_example/main.tf, call a sudo command from startup-script-custom that produces some output, then check for the output using the get-serial-output technique in #15 . YMMV though, this is just thinking off the top of my head. — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
I’d also approve a test that simply cats the sudoers file and checks for the expected line. This could be a lot easier than dealing with sudo gymnastics and user creation.
Closed in favour of #21.
Read the metadata key
sudoers
and configure each CSV listed username in /etc/sudoers with full root access.