From 0983ea291199c5e10a0d67f70444b0e4fafb5352 Mon Sep 17 00:00:00 2001 From: Erik Tate Date: Fri, 30 Aug 2024 15:57:07 -0400 Subject: [PATCH] adds host_sudoers example to the role spec reference (#46044) --- docs/pages/includes/role-spec.mdx | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/pages/includes/role-spec.mdx b/docs/pages/includes/role-spec.mdx index 8968e8e96c0ba..398d5851e3ab4 100644 --- a/docs/pages/includes/role-spec.mdx +++ b/docs/pages/includes/role-spec.mdx @@ -146,6 +146,15 @@ spec: # is not 'off'. host_groups: [ubuntu, nginx, other] + # List of entries to include in a temporary sudoers file created in + # `/etc/sudoers.d`. The records are removed on session close. + host_sudoers: [ + # This line will allow the login user to run `systemctl restart nginx.service` + # as root without requiring a password. The sudoers entry will be prefixed + # with the logged in username. + "ALL = (root) NOPASSWD: /usr/bin/systemctl restart nginx.service" + ] + # kubernetes_groups specifies Kubernetes groups a user with this role will assume. # You can refer to a SAML/OIDC trait via the 'external' property bag. # This allows you to specify Kubernetes group membership in an identity manager: