# create groups that correspond to the user roles
/usr/sbin/groupadd superAdmin
/usr/sbin/groupadd admin
/usr/sbin/groupadd operator

# copy current sudoers file to a temp file, that will be changed
# and then copied back
# add VMWARE environment variables to env_keep
/bin/cp /etc/sudoers /etc/sudoers.temp

if [ -f /etc/photon-release ]; then

cat >> /etc/sudoers.temp << EOF

Defaults env_keep += "VMWARE_VAPI_HOME VMWARE_RUN_FIRSTBOOTS VMWARE_DATA_DIR VMWARE_INSTALL_PARAMETER VMWARE_PERFCHARTS VMWARE_LOG_DIR VMWARE_OPENSSL_BIN VMWARE_TOMCAT VMWARE_RUNTIME_DATA_DIR VMWARE_PYTHON_PATH VMWARE_TMP_DIR VMWARE_PERFCHARTS_COMPONENT VMWARE_PYTHON_MODULES_HOME VMWARE_JAVA_WRAPPER VMWARE_TCROOT VMWARE_PYTHON_BIN VMWARE_CLOUDVM_RAM_SIZE VMWARE_VAPI_CFG_DIR VMWARE_CFG_DIR VMWARE_JAVA_HOME VMWARE_COMMON_JARS VMWARE_B2B VMWARE_VAPI_PYTHONPATH"
EOF

else

/usr/bin/sed -i '/^Defaults env_keep =/ a\Defaults env_keep += "VMWARE_VAPI_HOME VMWARE_RUN_FIRSTBOOTS VMWARE_DATA_DIR VMWARE_INSTALL_PARAMETER VMWARE_PERFCHARTS VMWARE_LOG_DIR VMWARE_OPENSSL_BIN VMWARE_TOMCAT VMWARE_RUNTIME_DATA_DIR VMWARE_PYTHON_PATH VMWARE_TMP_DIR VMWARE_PERFCHARTS_COMPONENT VMWARE_PYTHON_MODULES_HOME VMWARE_JAVA_WRAPPER VMWARE_TCROOT VMWARE_PYTHON_BIN VMWARE_CLOUDVM_RAM_SIZE VMWARE_VAPI_CFG_DIR VMWARE_CFG_DIR VMWARE_JAVA_HOME VMWARE_COMMON_JARS VMWARE_B2B VMWARE_VAPI_PYTHONPATH"' /etc/sudoers.temp

fi

#1432896
# create variables f r commands corresponding to operators and administrators
roleCmd[0]="Cmnd_Alias OPERATOR = /usr/sbin/ntpq, /sbin/tracepath,\\ \n\t"
roleCmd[0]+="/sbin/tracepath6, /usr/lib/applmgmt/support/scripts/showlog.py,\\ \n\t"
roleCmd[0]+="/usr/lib/applmgmt/support/scripts/port-accessible.py\n"

roleCmd[1]="Cmnd_Alias ADMINISTRATOR = /usr/bin/rvc, /bin/dcli,\\ \n\t"
roleCmd[1]+="/usr/lib/applmgmt/support/scripts/pgtop.py,\\ \n\t"
roleCmd[1]+="/usr/lib/applmgmt/support/scripts/shutdown.py,\\ \n\t"
roleCmd[1]+="/usr/lib/applmgmt/support/scripts/service-control.py,\\ \n\t"
roleCmd[1]+="/usr/lib/applmgmt/support/scripts/software-packages.py,\\ \n\t"
roleCmd[1]+="/usr/lib/applmgmt/support/scripts/support-bundle.py,\\ \n\t"
roleCmd[1]+="/bin/service-control"

# append to temp sudoers file
for r in "${roleCmd[@]}"
do
    /bin/echo -e $r >> /etc/sudoers.temp
done

# create rules for the different roles
roleRule[0]="%superAdmin ALL= PASSWD: ALL, NOPASSWD: OPERATOR, ADMINISTRATOR\n"
roleRule[1]="%admin ALL= NOPASSWD:OPERATOR, ADMINISTRATOR\n"
roleRule[2]="%operator ALL= NOPASSWD:OPERATOR\n"

for r in "${roleRule[@]}"
do
    /bin/echo -e $r >> /etc/sudoers.temp
done

#Fix for PR #1432896
/bin/echo -e  \
'Cmnd_Alias SCRIPT =/usr/lib/applmgmt/support/scripts/support-bundle.py' \
 >> /etc/sudoers.temp
/bin/echo -e 'Defaults!SCRIPT !syslog' >> /etc/sudoers.temp

# call password of invoking user
/usr/bin/sed -i 's/^Defaults targetpw/#Defaults targetpw/' /etc/sudoers.temp
/usr/bin/sed -i 's/^ALL/#ALL/' /etc/sudoers.temp

# check if valid sudoers configuration
/usr/sbin/visudo -c -f /etc/sudoers.temp
if [ "$?" -eq "0" ]; then
    cp /etc/sudoers.temp /etc/sudoers
fi
/bin/rm /etc/sudoers.temp
