From 479d029b9f0967929d04339c45952b6cc83357e3 Mon Sep 17 00:00:00 2001
From: Marco van Zwetselaar <io@zwets.it>
Date: Sat, 12 Oct 2024 01:09:47 +0300
Subject: [PATCH] Fix undefined User_Alias HIPAA_ACTOR in sudoers

---
 .../ansible/roles/bootstrap-users/templates/sudoers.j2        | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/commcare_cloud/ansible/roles/bootstrap-users/templates/sudoers.j2 b/src/commcare_cloud/ansible/roles/bootstrap-users/templates/sudoers.j2
index 6c24bdb39b..153e24fef8 100644
--- a/src/commcare_cloud/ansible/roles/bootstrap-users/templates/sudoers.j2
+++ b/src/commcare_cloud/ansible/roles/bootstrap-users/templates/sudoers.j2
@@ -6,6 +6,8 @@ User_Alias HIPAA_USERS = ansible, {% for user in dev_users.present -%}
 {{ user }}
 {%- if not loop.last %}, {% endif %}
 {%- endfor %}, {{ cchq_user }}
+User_Alias HIPAA_ACTOR = {{ cchq_user }}
+
 Runas_Alias HIPAA_ACTOR = {{ cchq_user }}
 
 Cmnd_Alias NGINX = /usr/sbin/nginx
@@ -38,6 +40,6 @@ root    ALL=(ALL:ALL) ALL
 # https://help.ubuntu.com/community/EnvironmentVariables#sudo_caveat
 Defaults env_keep += "http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY"
 
-{{ cchq_user }}    ALL = (ALL) NOPASSWD: HQCOMMANDS
+HIPAA_ACTOR ALL = (ALL) NOPASSWD: HQCOMMANDS
 HIPAA_USERS ALL = (HIPAA_ACTOR) NOPASSWD: ALL
 HIPAA_USERS ALL = (root) NOPASSWD: HQCOMMANDS