Fix undefined User_Alias HIPAA_ACTOR in sudoers

dimagi · Oct 11, 2024 · 479d029 · 479d029
1 parent ec61f70
commit 479d029
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/commcare_cloud/ansible/roles/bootstrap-users/templates/sudoers.j2 b/src/commcare_cloud/ansible/roles/bootstrap-users/templates/sudoers.j2
@@ -6,6 +6,8 @@ User_Alias HIPAA_USERS = ansible, {% for user in dev_users.present -%}
 {{ user }}
 {%- if not loop.last %}, {% endif %}
 {%- endfor %}, {{ cchq_user }}
+User_Alias HIPAA_ACTOR = {{ cchq_user }}
+
 Runas_Alias HIPAA_ACTOR = {{ cchq_user }}
 
 Cmnd_Alias NGINX = /usr/sbin/nginx
@@ -38,6 +40,6 @@ root    ALL=(ALL:ALL) ALL
 # https://help.ubuntu.com/community/EnvironmentVariables#sudo_caveat
 Defaults env_keep += "http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY"
 
-{{ cchq_user }}    ALL = (ALL) NOPASSWD: HQCOMMANDS
+HIPAA_ACTOR ALL = (ALL) NOPASSWD: HQCOMMANDS
 HIPAA_USERS ALL = (HIPAA_ACTOR) NOPASSWD: ALL
 HIPAA_USERS ALL = (root) NOPASSWD: HQCOMMANDS