From 9b6d551dd66a091a11c4fcc4ef40289a431b68fc Mon Sep 17 00:00:00 2001
From: balazshasprai <87380244+balazshasprai@users.noreply.github.com>
Date: Fri, 13 Oct 2023 06:14:47 +0200
Subject: [PATCH] Expand secure_path with support for Suse (#381)

---
 roles/prereq/defaults/main.yml | 4 ++++
 roles/prereq/tasks/main.yml    | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 roles/prereq/defaults/main.yml

diff --git a/roles/prereq/defaults/main.yml b/roles/prereq/defaults/main.yml
new file mode 100644
index 000000000..e469b0bb1
--- /dev/null
+++ b/roles/prereq/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+secure_path:
+  RedHat: '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin'
+  Suse: '/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin'
diff --git a/roles/prereq/tasks/main.yml b/roles/prereq/tasks/main.yml
index 2afb28c98..2fffe06e8 100644
--- a/roles/prereq/tasks/main.yml
+++ b/roles/prereq/tasks/main.yml
@@ -60,10 +60,10 @@
 
 - name: Add /usr/local/bin to sudo secure_path
   lineinfile:
-    line: 'Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin'
+    line: 'Defaults    secure_path = {{ secure_path[ansible_os_family] }}'
     regexp: "Defaults(\\s)*secure_path(\\s)*="
     state: present
     insertafter: EOF
     path: /etc/sudoers
     validate: 'visudo -cf %s'
-  when: ansible_os_family == "RedHat"
+  when: ansible_os_family in [ "RedHat", "Suse" ]