From 72e6abf6db701b3cf23ad03eb7a645605c3e44ff Mon Sep 17 00:00:00 2001
From: Steven Robertson <srtrumpetaggie@gmail.com>
Date: Tue, 18 Feb 2020 16:04:16 -0800
Subject: [PATCH] attempt at fixing 'sudo runas gid invalid value' since the
 sudo command looks correct

---
 tests/image_prep/_user_accounts.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/tests/image_prep/_user_accounts.yml b/tests/image_prep/_user_accounts.yml
index fbefd9c3..150e54b4 100644
--- a/tests/image_prep/_user_accounts.yml
+++ b/tests/image_prep/_user_accounts.yml
@@ -167,7 +167,8 @@
     - name: Require password for two accounts
       lineinfile:
         path: /etc/sudoers
-        line: "{{lookup('pipe', 'whoami')}} ALL = ({{item}}) ALL"
+        line: "{{lookup('pipe', 'whoami')}} ALL = ({{item}}:ALL) ALL"
+        validate: '/usr/sbin/visudo -cf %s'
       with_items:
         - mitogen__pw_required
         - mitogen__require_tty_pw_required
@@ -175,7 +176,8 @@
     - name: Allow passwordless sudo for require_tty/readonly_homedir
       lineinfile:
         path: /etc/sudoers
-        line: "{{lookup('pipe', 'whoami')}} ALL = ({{item}}) NOPASSWD:ALL"
+        line: "{{lookup('pipe', 'whoami')}} ALL = ({{item}}:ALL) NOPASSWD:ALL"
+        validate: '/usr/sbin/visudo -cf %s'
       with_items:
         - mitogen__require_tty
         - mitogen__readonly_homedir
@@ -183,5 +185,6 @@
     - name: Allow passwordless for many accounts
       lineinfile:
         path: /etc/sudoers
-        line: "{{lookup('pipe', 'whoami')}} ALL = (mitogen__{{item}}) NOPASSWD:ALL"
+        line: "{{lookup('pipe', 'whoami')}} ALL = (mitogen__{{item}}:ALL) NOPASSWD:ALL"
+        validate: '/usr/sbin/visudo -cf %s'
       with_items: "{{normal_users}}"