fix: Avoid append() in sudoers file template

templates/sudoers.j2

@@ -1,30 +1,21 @@
 {%- macro render_aliases(alias_desc,alias_str,alias_dict,alias_subdict_name) %}
-{%   if item.aliases[alias_dict] is defined %}
+{% if item.aliases[alias_dict] is defined %}
 
 ## {{ alias_desc }}
-{%     for alias_item in item.aliases[alias_dict] %}
-{%       set _alias = [] %}
-{%       for alias_val in alias_item[alias_subdict_name] %}
-{%         set _ = _alias.append(alias_val) %}
-{%       endfor %}
-{{ alias_str }}    {{ alias_item.name }} = {{ _alias | join(", ") }}
-{%     endfor %}
-{%   endif %}
-{% endmacro -%}
+{%   for alias_item in item.aliases[alias_dict] %}
+{{ alias_str }}    {{ alias_item.name }} = {{ alias_item[alias_subdict_name] | join(", ") }}
+{%   endfor %}
+{% else %}
+{{- '' -}}
+{% endif %}
+{%- endmacro -%}
 {%- macro render_override_spec(spec,spec_type, spec_dict, sign) %}
-{%   if spec.type == spec_type %}
-{%     set _spec_original = [] %}
-{%     set _spec_default = [] %}
-{%       for spec_original in spec[spec_dict] %}
-{%         set _ = _spec_original.append(spec_original) %}
-{%       endfor %}
-{%       for spec_default in spec.defaults %}
-{%         set _ = _spec_default.append(spec_default) %}
-{%       endfor %}
-Defaults{{ sign }} {{ _spec_original | join(", ") }} {{ _spec_default |
-  join(", ") }}
-{%    endif %}
-{% endmacro -%}
+{% if spec.type == spec_type %}
+Defaults{{ sign }} {{ spec[spec_dict] | join(", ") }} {{ spec.defaults | join(", ") }}
+{% else %}
+{{- '' -}}
+{% endif %}
+{%- endmacro -%}
 {{ ansible_managed | default('Ansible managed') | comment }}
 {{ "system_role:sudo" | comment(prefix="", postfix="") }}
 {%- if item.defaults is defined %}
@@ -34,11 +25,7 @@ Defaults{{ sign }} {{ _spec_original | join(", ") }} {{ _spec_default |
 {%     if default is mapping %}
 {%       for name, values in default.items() %}
 {%         if name == 'secure_path' %}
-{%           set paths = [] %}
-{%           for my_value in values %}
-{%             set _ = paths.append(my_value) %}
-{%           endfor %}
-Defaults    {{ name }} = {{ paths | join(":") }}
+Defaults    {{ name }} = {{ values | join(":") }}
 {%         else %}
 {%           for items in values | list | slice(6) %}
 {%             if items %}
@@ -70,79 +57,30 @@ Defaults    {{ default }}
 
 # User specifications
 {%   for spec in item.user_specifications %}
-{%     set user_spec = [] %}
-{%     set spec_users = [] %}
-{%     set spec_hosts = [] %}
-{%     set spec_ops = [] %}
-{%     set spec_types = [] %}
-{%     set spec_roles = [] %}
-{%     set spec_privs = [] %}
-{%     set spec_lprivs = [] %}
-{%     set spec_tags = [] %}
-{%     set spec_cmnds = [] %}
-{%     for user in spec.users %}
-{%       set _ = spec_users.append(user) %}
-{%     endfor %}
-{%     set _ = user_spec.append(spec_users | join(", ")) %}
-{%     set _ = user_spec.append(" ") %}
-{%     for host in spec.hosts %}
-{%       set _ = spec_hosts.append(host) %}
-{%     endfor %}
-{%     set _ = user_spec.append(spec_hosts | join(", ")) %}
-{%     set _ = user_spec.append("=") %}
-{%     if spec.operators is defined %}
-{%       set _ = user_spec.append("(") %}
-{%       for op in spec.operators %}
-{%         set _ = spec_ops.append(op) %}
-{%       endfor %}
-{%     set _ = user_spec.append(spec_ops | join(", ")) %}
-{%     set _ = user_spec.append(")") %}
+{%     if spec.users is defined and spec.users | length > 0
+          and spec.hosts is defined and spec.hosts | length > 0
+          and spec.commands is defined and spec.commands | length > 0 %}
+{{ spec.users | join(", ") }} {{ spec.hosts | join(", ") }}=
+{%- if spec.operators is defined and spec.operators | length > 0 -%}
+({{ spec.operators | join(", ") }})
+{%- endif -%}
+{%- if spec.selinux_type is defined and spec.selinux_type | length > 0 -%}
+ TYPE={{ spec.selinux_type | join(", ") }}
+{%- endif -%}
+{%- if spec.selinux_role is defined and spec.selinux_role | length > 0 -%}
+ ROLE={{ spec.selinux_role | join(", ") }}
+{%- endif -%}
+{%- if spec.solaris_privs is defined and spec.solaris_privs | length > 0 -%}
+ PRIVS={{ spec.solaris_privs | join(", ") }}
+{%- endif -%}
+{%- if spec.solaris_limitprivs is defined and spec.solaris_limitprivs | length > 0 -%}
+ LIMITPRIVS={{ spec.solaris_limitprivs | join(", ") }}
+{%- endif -%}
+{%- if spec.tags is defined and spec.tags | length > 0 -%}
+{{ spec.tags | join(":") }}:
+{%- endif -%}
+{{ " " + spec.commands | join(", ") }}
 {%     endif %}
-{%     set _ = user_spec.append(" ") %}
-{%     if spec.selinux_type is defined %}
-{%       set _ = user_spec.append("TYPE=") %}
-{%       for type in spec.selinux_type %}
-{%         set _ = spec_types.append(type) %}
-{%       endfor %}
-{%       set _ = user_spec.append(spec_types | join(", ")) %}
-{%       set _ = user_spec.append(" ") %}
-{%     endif %}
-{%     if spec.selinux_role is defined %}
-{%       set _ = user_spec.append("ROLE=") %}
-{%       for role in spec.selinux_role %}
-{%         set _ = spec_roles.append(role) %}
-{%       endfor %}
-{%       set _ = user_spec.append(spec_roles | join(", ")) %}
-{%       set _ = user_spec.append(" ") %}
-{%     endif %}
-{%     if spec.solaris_privs is defined %}
-{%       set _ = user_spec.append("PRIVS=") %}
-{%       for priv in spec.solaris_privs %}
-{%         set _ = spec_privs.append(priv) %}
-{%       endfor %}
-{%       set _ = user_spec.append(spec_privs | join(", ")) %}
-{%       set _ = user_spec.append(" ") %}
-{%     endif %}
-{%     if spec.solaris_limitprivs is defined %}
-{%       set _ = user_spec.append("LIMITPRIVS=") %}
-{%       for lpriv in spec.solaris_limitprivs %}
-{%         set _ = spec_lprivs.append(lpriv) %}
-{%       endfor %}
-{%       set _ = user_spec.append(spec_lprivs | join(", ")) %}
-{%       set _ = user_spec.append(" ") %}
-{%     endif %}
-{%     if spec.tags is defined %}
-{%       for tag in spec.tags %}
-{%         set _ = spec_tags.append(tag) %}
-{%       endfor %}
-{%       set _ = user_spec.append(spec_tags | join(":")) %}
-{%       set _ = user_spec.append(": ") %}
-{%     endif %}
-{%     for cmnd in spec.commands %}
-{%       set _ = spec_cmnds.append(cmnd) %}
-{%     endfor %}
-{%     set _ = user_spec.append(spec_cmnds | join(", ")) %}
-{{ user_spec | join('') }}
 {%   endfor %}
 {% endif -%}
 {%- if item.default_overrides is defined %}