Update showcase.yaml from #18 (#20)

shinenelson · michaelwittig · commit cc83a2f45a32 · 2017-02-13T12:37:13.000+01:00
diff --git a/showcase.yaml b/showcase.yaml
@@ -103,18 +103,35 @@ Resources:
               content: |
                 #!/bin/bash
 
+                # Specify an IAM group for users who should be given sudo privileges, or leave
+                # empty to not change sudo access, or give it the value '##ALL##' to have all
+                # users be given sudo rights.
+                SudoersGroup=""
+                [[ -z "${SudoersGroup}" ]] || [[ "${SudoersGroup}" == "##ALL##" ]] || Sudoers=$(
+                  aws iam get-group --group-name "${SudoersGroup}" --query "Users[].[UserName]" --output text
+                );
+
                 aws iam list-users --query "Users[].[UserName]" --output text | while read User; do
                   SaveUserName="$User"
                   SaveUserName=${SaveUserName//"+"/".plus."}
                   SaveUserName=${SaveUserName//"="/".equal."}
                   SaveUserName=${SaveUserName//","/".comma."}
                   SaveUserName=${SaveUserName//"@"/".at."}
                   if ! grep "^$SaveUserName:" /etc/passwd > /dev/null; then
-                    # sudo will read each file in /etc/sudoers.d, skipping file names that end in ‘~’ or contain a ‘.’ character to avoid causing problems with package manager or editor temporary/backup files.
                     /usr/sbin/useradd --create-home --shell /bin/bash "$SaveUserName" 
-                    # Uncomment the following lines if you need to give all users sudo privileges
-                    # SaveUserFileName=$(echo "$SaveUserName" | tr "." " ")
-                    # echo "$SaveUserName ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/$SaveUserFileName"
+                  fi
+
+                  if [[ ! -z "${SudoersGroup}" ]]; then
+                    # sudo will read each file in /etc/sudoers.d, skipping file names that end
+                    # in ‘~’ or contain a ‘.’ character to avoid causing problems with package
+                    # manager or editor temporary/backup files.
+                    SaveUserFileName=$(echo "$SaveUserName" | tr "." " ")
+                    SaveUserSudoFilePath="/etc/sudoers.d/$SaveUserFileName"
+                    if [[ "${SudoersGroup}" == "##ALL##" ]] || echo "$Sudoers" | grep "^$User\$" > /dev/null; then
+                      echo "$SaveUserName ALL=(ALL) NOPASSWD:ALL" > "$SaveUserSudoFilePath"
+                    else
+                      [[ ! -f "$SaveUserSudoFilePath" ]] || rm "$SaveUserSudoFilePath"
+                    fi
                   fi
                 done
               mode: '000755'
