/ruby.rb Secret

## ruby.rb
###############################################################
#                                                             #
#   This file is managed by puppet.  Any changes you make     #
#   will be overwritten.  If you need to make changes to this #
#   file please submit a ticket to the DevOps group.          #
#                                                             #
###############################################################

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
 %admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

## Allow people in the AD group Linux-sudo-access to run all commands
%Linux-sudo-access ALL=(ALL)	ALL
%Linux-sudo-access ALL=(APPUSERS)    NOPASSWD: ALL

## Allow developers access to the shared environment users
<% if @hostname =~ /ps-[p]?migration-db/ -%>
Runas_Alias APPUSERS = dev,test,stage,prod,worker,gitlab-runner,migration
<% else -%>
Runas_Alias APPUSERS = dev,test,stage,prod,worker,gitlab-runner
<% end -%>
%Linux-access ALL=(APPUSERS)    NOPASSWD: ALL

## Allows the devops user to deploy.  This isn't used normally but is setup just in case we have an issue with AD and need to deploy with a local user
devops ALL=(APPUSERS)   NOPASSWD: ALL
<% if @hostname =~ /ps-[p]?migration-db/ -%>

## Allows migration user to kick off script used for managing the migration env DBs
migration  ALL=(root) NOPASSWD: /home/devops/scripts/migration_test.sh
<% end -%>

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
	###############################################################
	# #
	# This file is managed by puppet. Any changes you make #
	# will be overwritten. If you need to make changes to this #
	# file please submit a ticket to the DevOps group. #
	# #
	###############################################################

	#
	# This file MUST be edited with the 'visudo' command as root.
	#
	# Please consider adding local content in /etc/sudoers.d/ instead of
	# directly modifying this file.
	#
	# See the man page for details on how to write a sudoers file.
	#
	Defaults env_reset
	Defaults mail_badpass
	Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

	# Host alias specification

	# User alias specification

	# Cmnd alias specification

	# User privilege specification
	root ALL=(ALL:ALL) ALL

	# Members of the admin group may gain root privileges
	%admin ALL=(ALL) ALL

	# Allow members of group sudo to execute any command
	%sudo ALL=(ALL:ALL) ALL

	## Allow people in the AD group Linux-sudo-access to run all commands
	%Linux-sudo-access ALL=(ALL) ALL
	%Linux-sudo-access ALL=(APPUSERS) NOPASSWD: ALL

	## Allow developers access to the shared environment users
	<% if @hostname =~ /ps-[p]?migration-db/ -%>
	Runas_Alias APPUSERS = dev,test,stage,prod,worker,gitlab-runner,migration
	<% else -%>
	Runas_Alias APPUSERS = dev,test,stage,prod,worker,gitlab-runner
	<% end -%>
	%Linux-access ALL=(APPUSERS) NOPASSWD: ALL

	## Allows the devops user to deploy. This isn't used normally but is setup just in case we have an issue with AD and need to deploy with a local user
	devops ALL=(APPUSERS) NOPASSWD: ALL
	<% if @hostname =~ /ps-[p]?migration-db/ -%>

	## Allows migration user to kick off script used for managing the migration env DBs
	migration ALL=(root) NOPASSWD: /home/devops/scripts/migration_test.sh
	<% end -%>

	# See sudoers(5) for more information on "#include" directives:

	#includedir /etc/sudoers.d