From 1cfe32bd08908068026dd3720707569d098309ed Mon Sep 17 00:00:00 2001 From: az Date: Wed, 15 Feb 2023 18:54:18 +0100 Subject: [PATCH] rename and fix currentUserCanSudoWithoutPassword --- .../provs/desktop/domain/DesktopService.kt | 4 ++-- .../provs/framework/core/cli/CliUtils.kt | 7 +++---- .../provs/framework/ubuntu/user/base/User.kt | 4 ++-- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/src/main/kotlin/org/domaindrivenarchitecture/provs/desktop/domain/DesktopService.kt b/src/main/kotlin/org/domaindrivenarchitecture/provs/desktop/domain/DesktopService.kt index 9c5fa44..ef7aded 100644 --- a/src/main/kotlin/org/domaindrivenarchitecture/provs/desktop/domain/DesktopService.kt +++ b/src/main/kotlin/org/domaindrivenarchitecture/provs/desktop/domain/DesktopService.kt @@ -9,7 +9,7 @@ import org.domaindrivenarchitecture.provs.framework.ubuntu.keys.KeyPair import org.domaindrivenarchitecture.provs.framework.ubuntu.keys.SshKeyPair import org.domaindrivenarchitecture.provs.framework.ubuntu.keys.base.gpgFingerprint import org.domaindrivenarchitecture.provs.framework.ubuntu.keys.provisionKeys -import org.domaindrivenarchitecture.provs.framework.ubuntu.user.base.currentUserCanSudo +import org.domaindrivenarchitecture.provs.framework.ubuntu.user.base.currentUserCanSudoWithoutPassword import org.domaindrivenarchitecture.provs.framework.ubuntu.user.base.whoami internal fun provisionDesktopCommand(prov: Prov, cmd: DesktopCliCommand) { @@ -65,7 +65,7 @@ internal fun Prov.provisionDesktop( } fun Prov.validatePrecondition() { - if (!currentUserCanSudo()) { + if (!currentUserCanSudoWithoutPassword()) { throw Exception("Current user ${whoami()} cannot execute sudo without entering a password! This is necessary to execute provisionDesktop") } } diff --git a/src/main/kotlin/org/domaindrivenarchitecture/provs/framework/core/cli/CliUtils.kt b/src/main/kotlin/org/domaindrivenarchitecture/provs/framework/core/cli/CliUtils.kt index 1adb83b..7e3055f 100644 --- a/src/main/kotlin/org/domaindrivenarchitecture/provs/framework/core/cli/CliUtils.kt +++ b/src/main/kotlin/org/domaindrivenarchitecture/provs/framework/core/cli/CliUtils.kt @@ -6,7 +6,7 @@ import org.domaindrivenarchitecture.provs.framework.core.Secret import org.domaindrivenarchitecture.provs.framework.core.local import org.domaindrivenarchitecture.provs.framework.core.remote import org.domaindrivenarchitecture.provs.framework.ubuntu.secret.secretSources.PromptSecretSource -import org.domaindrivenarchitecture.provs.framework.ubuntu.user.base.currentUserCanSudo +import org.domaindrivenarchitecture.provs.framework.ubuntu.user.base.currentUserCanSudoWithoutPassword import org.domaindrivenarchitecture.provs.framework.ubuntu.user.base.makeUserSudoerWithNoSudoPasswordRequired import org.domaindrivenarchitecture.provs.framework.ubuntu.user.base.whoami import kotlin.system.exitProcess @@ -49,8 +49,7 @@ fun createProvInstance( private fun createLocalProvInstance(): Prov { val prov = local() - prov.cmd("sudo -K") // revoke any temporary sudo privileges - if (!prov.currentUserCanSudo()) { + if (!prov.currentUserCanSudoWithoutPassword()) { val password = PromptSecretSource("Please enter password to configure sudo without password in the future." + "\nWarning: This will permanently allow your user to use sudo privileges without a password.").secret() prov.makeUserSudoerWithNoSudoPasswordRequired(password) @@ -76,7 +75,7 @@ private fun createRemoteProvInstance( remote(host, remoteUser, password) } - if (!prov.currentUserCanSudo()) { + if (!prov.currentUserCanSudoWithoutPassword()) { if (remoteHostSetSudoWithoutPasswordRequired) { require( password != null, diff --git a/src/main/kotlin/org/domaindrivenarchitecture/provs/framework/ubuntu/user/base/User.kt b/src/main/kotlin/org/domaindrivenarchitecture/provs/framework/ubuntu/user/base/User.kt index 233f275..def8d77 100644 --- a/src/main/kotlin/org/domaindrivenarchitecture/provs/framework/ubuntu/user/base/User.kt +++ b/src/main/kotlin/org/domaindrivenarchitecture/provs/framework/ubuntu/user/base/User.kt @@ -131,8 +131,8 @@ fun Prov.userIsInGroupSudo(userName: String): Boolean { * Checks if current user can execute sudo commands. */ @Suppress("unused") -fun Prov.currentUserCanSudo(): Boolean { - return chk("timeout 1 sudo -S id") +fun Prov.currentUserCanSudoWithoutPassword(): Boolean { + return chk("timeout 1 sudo -kS id") } /**