includedir in suoders can be prefixed by "arroba" (#783)

Since version 1.9.1, @includedir can be used in the sudoers files instead of #includedir: https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_1 Actually "@includedir" is the modern syntax, and "#includedir" the historic syntax. It has been considered that "#includedir" was too puzzling because it started with a "#" that otherwise denotes comments. This happens to be the default in SUSE Linux enterprise sudoer package, so cloudinit should take this into account. Otherwise, cloudinit was adding an extra #includedir, which was resulting on the files under /etc/sudoers.d being included twice, one by @includedir from the SUSE package, one by the @includedir from cloudinit. The consequence of this, was that if you were defining an Cmnd_Alias inside any of those files, this was being defined twice and creating an error when using sudo.
canonical · Jan 29, 2021 · 36ddf1e · 36ddf1e
1 parent 71564dc
commit 36ddf1e
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/cloudinit/distros/__init__.py b/cloudinit/distros/__init__.py
@@ -673,7 +673,7 @@ def ensure_sudo_dir(self, path, sudo_base='/etc/sudoers'):
         found_include = False
         for line in sudoers_contents.splitlines():
             line = line.strip()
-            include_match = re.search(r"^#includedir\s+(.*)$", line)
+            include_match = re.search(r"^[#|@]includedir\s+(.*)$", line)
             if not include_match:
                 continue
             included_dir = include_match.group(1).strip()

diff --git a/tests/unittests/test_distros/test_generic.py b/tests/unittests/test_distros/test_generic.py
@@ -119,6 +119,19 @@ def test_sudoers_ensure_append(self):
         self.assertIn("josh", contents)
         self.assertEqual(2, contents.count("josh"))
 
+    def test_sudoers_ensure_only_one_includedir(self):
+        cls = distros.fetch("ubuntu")
+        d = cls("ubuntu", {}, None)
+        self.patchOS(self.tmp)
+        self.patchUtils(self.tmp)
+        for char in ['#', '@']:
+            util.write_file("/etc/sudoers", "{}includedir /b".format(char))
+            d.ensure_sudo_dir("/b")
+            contents = util.load_file("/etc/sudoers")
+            self.assertIn("includedir /b", contents)
+            self.assertTrue(os.path.isdir("/b"))
+            self.assertEqual(1, contents.count("includedir /b"))
+
     def test_arch_package_mirror_info_unknown(self):
         """for an unknown arch, we should get back that with arch 'default'."""
         arch_mirrors = gapmi(package_mirrors, arch="unknown")