From e7dee07acf637bcf78d13004fcc00df944b91ba5 Mon Sep 17 00:00:00 2001 From: Guillaume Beaulieu Date: Mon, 22 Apr 2013 16:00:28 -0400 Subject: [PATCH 01/42] First commit, just some crap that was in koumbit for no reason ! --- manifests/init.pp | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 manifests/init.pp diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..80dc045 --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,21 @@ +class koumbit::sudo { + package { 'sudo': ensure => installed, } + + file { "/etc/sudoers": + mode => 440, owner => root, group => 0, + require => Package['sudo'], + } + if $operatingsystem == 'FreeBSD' { + File["/etc/sudoers"] { + path => "/usr/local/etc/sudoers", + source => [ "puppet://$servername/secrets/sudoers.$fqdn", "puppet://$servername/secrets/sudoers.FreeBSD" ], + } + } + else { + File["/etc/sudoers"] { + source => [ "puppet:///secrets/sudoers.$fqdn", "puppet:///secrets/sudoers" ], + } + } +} + + From d5a1bcaf37caaddf7dc1545d63bdf36d7825c0e5 Mon Sep 17 00:00:00 2001 From: Guillaume Beaulieu Date: Mon, 22 Apr 2013 16:37:17 -0400 Subject: [PATCH 02/42] Some fucking class that have some fukcing class --- manifests/init.pp | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index 80dc045..28610c0 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -18,4 +18,13 @@ class koumbit::sudo { } } - +define koumbit::sudo::extra-acces($user, $access) { + file { "/etc/sudoers.d/$user": + ensure => 'present', + owner => root, + group => admin, + mode => 640, + content => "$user $access", + notify => Service[apache2] + } +} From 84afd1d3c33338356f63dcbb1cb5e38fabe042ce Mon Sep 17 00:00:00 2001 From: Guillaume Beaulieu Date: Tue, 23 Apr 2013 15:59:32 -0400 Subject: [PATCH 03/42] Premier commit --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index 28610c0..066dde7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -18,7 +18,7 @@ class koumbit::sudo { } } -define koumbit::sudo::extra-acces($user, $access) { +define koumbit::sudo::extra-access($user, $access) { file { "/etc/sudoers.d/$user": ensure => 'present', owner => root, From 74e867802cd18299da25a4b0876c1556a8f1e220 Mon Sep 17 00:00:00 2001 From: Guillaume Beaulieu Date: Wed, 24 Apr 2013 13:44:04 -0400 Subject: [PATCH 04/42] Initial commit ! --- manifests/init.pp | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 066dde7..e75593b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -18,13 +18,24 @@ class koumbit::sudo { } } -define koumbit::sudo::extra-access($user, $access) { - file { "/etc/sudoers.d/$user": - ensure => 'present', +define sudo-user-alias ($ensure = 'present', $groupname, $members) { + file { "/etc/sudoers.d/00-user_alias-$title": + ensure => $ensure, owner => root, - group => admin, - mode => 640, - content => "$user $access", - notify => Service[apache2] + group => root, + mode => 440, + content => "# THIS FILE IS MANAGED BY PUPPET !\n\nUser_Alias $groupname = $members\n", } } + +define sudo-extra-access($ensure = 'present', $user, $access) { + file { "/etc/sudoers.d/01-user_access-$title": + ensure => $ensure, + owner => root, + group => root, + mode => 440, + content => "# THIS FILE IS MANAGED BY PUPPET !\n\n$user $access\n", + } + +} + From 0cd13c203b011c968db0c9c56b56c9f91c3bb100 Mon Sep 17 00:00:00 2001 From: Guillaume Beaulieu Date: Wed, 24 Apr 2013 14:01:34 -0400 Subject: [PATCH 05/42] Respect the autoloader --- manifests/extra-access.pp | 11 +++++++++++ manifests/init.pp | 23 +---------------------- manifests/user-alias.pp | 10 ++++++++++ 3 files changed, 22 insertions(+), 22 deletions(-) create mode 100644 manifests/extra-access.pp create mode 100644 manifests/user-alias.pp diff --git a/manifests/extra-access.pp b/manifests/extra-access.pp new file mode 100644 index 0000000..21e0c83 --- /dev/null +++ b/manifests/extra-access.pp @@ -0,0 +1,11 @@ +define sudo::user-alias ($ensure = 'present', $groupname, $members) { + file { "/etc/sudoers.d/00-user_alias-$title": + ensure => $ensure, + owner => root, + group => root, + mode => 440, + content => "# THIS FILE IS MANAGED BY PUPPET !\n\nUser_Alias $groupname = $members\n", + } +} + + diff --git a/manifests/init.pp b/manifests/init.pp index e75593b..2db3d93 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,4 +1,4 @@ -class koumbit::sudo { +class sudo { package { 'sudo': ensure => installed, } file { "/etc/sudoers": @@ -18,24 +18,3 @@ class koumbit::sudo { } } -define sudo-user-alias ($ensure = 'present', $groupname, $members) { - file { "/etc/sudoers.d/00-user_alias-$title": - ensure => $ensure, - owner => root, - group => root, - mode => 440, - content => "# THIS FILE IS MANAGED BY PUPPET !\n\nUser_Alias $groupname = $members\n", - } -} - -define sudo-extra-access($ensure = 'present', $user, $access) { - file { "/etc/sudoers.d/01-user_access-$title": - ensure => $ensure, - owner => root, - group => root, - mode => 440, - content => "# THIS FILE IS MANAGED BY PUPPET !\n\n$user $access\n", - } - -} - diff --git a/manifests/user-alias.pp b/manifests/user-alias.pp new file mode 100644 index 0000000..b6c6d53 --- /dev/null +++ b/manifests/user-alias.pp @@ -0,0 +1,10 @@ +define sudo::extra-access($ensure = 'present', $user, $access) { + file { "/etc/sudoers.d/01-user_access-$title": + ensure => $ensure, + owner => root, + group => root, + mode => 440, + content => "# THIS FILE IS MANAGED BY PUPPET !\n\n$user $access\n", + } + +} From f4e1c13e7c971291505fe0fd2c97eb2c8bcaa905 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 12:53:33 -0400 Subject: [PATCH 06/42] move extra-access to autoloading rules --- manifests/extra-access.pp | 15 +++++++-------- manifests/init.pp | 1 - 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/manifests/extra-access.pp b/manifests/extra-access.pp index 21e0c83..64cc4a5 100644 --- a/manifests/extra-access.pp +++ b/manifests/extra-access.pp @@ -1,11 +1,10 @@ -define sudo::user-alias ($ensure = 'present', $groupname, $members) { - file { "/etc/sudoers.d/00-user_alias-$title": - ensure => $ensure, +define koumbit::sudo::extra-access($user, $access) { + file { "/etc/sudoers.d/$user": + ensure => 'present', owner => root, - group => root, - mode => 440, - content => "# THIS FILE IS MANAGED BY PUPPET !\n\nUser_Alias $groupname = $members\n", + group => admin, + mode => 640, + content => "$user $access", + notify => Service[apache2] } } - - diff --git a/manifests/init.pp b/manifests/init.pp index 2db3d93..c61e3c5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -17,4 +17,3 @@ class sudo { } } } - From b90df6b916594ed827bf3fce5f58755c0a3e59fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 12:57:11 -0400 Subject: [PATCH 07/42] remove koumbit namespace --- manifests/extra-access.pp | 6 +++++- manifests/init.pp | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/manifests/extra-access.pp b/manifests/extra-access.pp index 64cc4a5..41ae6fe 100644 --- a/manifests/extra-access.pp +++ b/manifests/extra-access.pp @@ -1,4 +1,4 @@ -define koumbit::sudo::extra-access($user, $access) { +define sudo::extra-access($user, $access) { file { "/etc/sudoers.d/$user": ensure => 'present', owner => root, @@ -8,3 +8,7 @@ define koumbit::sudo::extra-access($user, $access) { notify => Service[apache2] } } + +define koumbit::sudo::extra-access($user, $access) { + sudo::extra-access { $name: user => $user, access => $access } +} diff --git a/manifests/init.pp b/manifests/init.pp index c61e3c5..3988c72 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -17,3 +17,6 @@ class sudo { } } } + +# backwards compat +class koumbit::sudo inherits sudo {} From d803e2358901597531d787f23a5f0e5c240ee582 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 14:26:03 -0400 Subject: [PATCH 08/42] remove backward compat, belongs to koumbit module --- manifests/init.pp | 3 --- 1 file changed, 3 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 3988c72..c61e3c5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -17,6 +17,3 @@ class sudo { } } } - -# backwards compat -class koumbit::sudo inherits sudo {} From 64cc4ce4e68a41459882512374374c1a155983ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 14:26:18 -0400 Subject: [PATCH 09/42] remove backward compat, belongs to koumbit module --- manifests/extra-access.pp | 4 ---- 1 file changed, 4 deletions(-) diff --git a/manifests/extra-access.pp b/manifests/extra-access.pp index 41ae6fe..3c72eaf 100644 --- a/manifests/extra-access.pp +++ b/manifests/extra-access.pp @@ -8,7 +8,3 @@ define sudo::extra-access($user, $access) { notify => Service[apache2] } } - -define koumbit::sudo::extra-access($user, $access) { - sudo::extra-access { $name: user => $user, access => $access } -} From 4aa05ebb491388394f78e68cca5a587017a23b50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 14:29:04 -0400 Subject: [PATCH 10/42] files were reversed --- manifests/user-alias.pp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/manifests/user-alias.pp b/manifests/user-alias.pp index b6c6d53..a73abb9 100644 --- a/manifests/user-alias.pp +++ b/manifests/user-alias.pp @@ -1,10 +1,9 @@ -define sudo::extra-access($ensure = 'present', $user, $access) { - file { "/etc/sudoers.d/01-user_access-$title": +define sudo::user-alias ($ensure = 'present', $groupname, $members) { + file { "/etc/sudoers.d/00-user_alias-$title": ensure => $ensure, owner => root, group => root, mode => 440, - content => "# THIS FILE IS MANAGED BY PUPPET !\n\n$user $access\n", + content => "# THIS FILE IS MANAGED BY PUPPET !\n\nUser_Alias $groupname = $members\n", } - } From 8f4a33e33b1b964766e6b4631c08885c74b32a3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 14:33:32 -0400 Subject: [PATCH 11/42] remove notification on apache2 service --- manifests/extra-access.pp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/manifests/extra-access.pp b/manifests/extra-access.pp index 3c72eaf..68a9069 100644 --- a/manifests/extra-access.pp +++ b/manifests/extra-access.pp @@ -1,10 +1,9 @@ -define sudo::extra-access($user, $access) { - file { "/etc/sudoers.d/$user": +define sudo::extra-access($ensure = 'present', $user, $access) { + file { "/etc/sudoers.d/01-user_access-$title": ensure => 'present', owner => root, group => admin, mode => 640, - content => "$user $access", - notify => Service[apache2] + content => "# THIS FILE IS MANAGED BY PUPPET !\n\n$user $access\n", } } From 819abc4863c6b5c086257db0300fb1394aca9268 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 14:35:25 -0400 Subject: [PATCH 12/42] add sane defaults for access --- manifests/extra-access.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/extra-access.pp b/manifests/extra-access.pp index 68a9069..a84818a 100644 --- a/manifests/extra-access.pp +++ b/manifests/extra-access.pp @@ -1,4 +1,4 @@ -define sudo::extra-access($ensure = 'present', $user, $access) { +define sudo::extra-access($ensure = 'present', $user, $access = 'ALL=(ALL) ALL') { file { "/etc/sudoers.d/01-user_access-$title": ensure => 'present', owner => root, From 1bc29f5ff51d250d9aef9c5051d6e933463b5825 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 14:42:06 -0400 Subject: [PATCH 13/42] use the builtin name variable instead of creating a new one this allows us to simplify the manifests by using: extra-access { 'user': } .. instead of having to explicitely set it. if we need to have multiple users, we can do: extra-access { 'user_foo': name => 'user' } --- manifests/extra-access.pp | 4 ++-- manifests/user-alias.pp | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/extra-access.pp b/manifests/extra-access.pp index a84818a..05c7d26 100644 --- a/manifests/extra-access.pp +++ b/manifests/extra-access.pp @@ -1,9 +1,9 @@ -define sudo::extra-access($ensure = 'present', $user, $access = 'ALL=(ALL) ALL') { +define sudo::extra-access($ensure = 'present', $access = 'ALL=(ALL) ALL') { file { "/etc/sudoers.d/01-user_access-$title": ensure => 'present', owner => root, group => admin, mode => 640, - content => "# THIS FILE IS MANAGED BY PUPPET !\n\n$user $access\n", + content => "# THIS FILE IS MANAGED BY PUPPET !\n\n$name $access\n", } } diff --git a/manifests/user-alias.pp b/manifests/user-alias.pp index a73abb9..9aff3a7 100644 --- a/manifests/user-alias.pp +++ b/manifests/user-alias.pp @@ -1,9 +1,9 @@ -define sudo::user-alias ($ensure = 'present', $groupname, $members) { +define sudo::user-alias ($ensure = 'present', $members) { file { "/etc/sudoers.d/00-user_alias-$title": ensure => $ensure, owner => root, group => root, mode => 440, - content => "# THIS FILE IS MANAGED BY PUPPET !\n\nUser_Alias $groupname = $members\n", + content => "# THIS FILE IS MANAGED BY PUPPET !\n\nUser_Alias $name = $members\n", } } From a5dc3d88fd9695942fbe62ffe7517a27e019e434 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 15:23:55 -0400 Subject: [PATCH 14/42] add back the user parameter it seems we can discriminate on the name parameter, it gives us duplicates as both title and name need to be unique --- manifests/extra-access.pp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/manifests/extra-access.pp b/manifests/extra-access.pp index 05c7d26..a8062e3 100644 --- a/manifests/extra-access.pp +++ b/manifests/extra-access.pp @@ -1,9 +1,12 @@ -define sudo::extra-access($ensure = 'present', $access = 'ALL=(ALL) ALL') { - file { "/etc/sudoers.d/01-user_access-$title": +define sudo::extra-access($ensure = 'present', $user = undef, $access = 'ALL=(ALL) ALL') { + if $user == undef { + $user = $name + } + file { "/etc/sudoers.d/01-user_access-${name}": ensure => 'present', owner => root, group => admin, mode => 640, - content => "# THIS FILE IS MANAGED BY PUPPET !\n\n$name $access\n", + content => "# THIS FILE IS MANAGED BY PUPPET !\n\n${user} ${access}\n", } } From 845161de0a990691b4d7a244c4970b2ce118e1fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 15:27:25 -0400 Subject: [PATCH 15/42] don't use non-existent admin group --- manifests/extra-access.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/extra-access.pp b/manifests/extra-access.pp index a8062e3..198bfc6 100644 --- a/manifests/extra-access.pp +++ b/manifests/extra-access.pp @@ -5,7 +5,7 @@ define sudo::extra-access($ensure = 'present', $user = undef, $access = 'ALL=(AL file { "/etc/sudoers.d/01-user_access-${name}": ensure => 'present', owner => root, - group => admin, + group => root, mode => 640, content => "# THIS FILE IS MANAGED BY PUPPET !\n\n${user} ${access}\n", } From 02624d72aab56952c437f8fdf33f9c16616dbabf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 15:28:49 -0400 Subject: [PATCH 16/42] cosmetic --- manifests/extra-access.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/extra-access.pp b/manifests/extra-access.pp index 198bfc6..3fce92e 100644 --- a/manifests/extra-access.pp +++ b/manifests/extra-access.pp @@ -7,6 +7,6 @@ define sudo::extra-access($ensure = 'present', $user = undef, $access = 'ALL=(AL owner => root, group => root, mode => 640, - content => "# THIS FILE IS MANAGED BY PUPPET !\n\n${user} ${access}\n", + content => "# THIS FILE IS MANAGED BY PUPPET !\n${user} ${access}\n", } } From 153a9e83482ed2af7db2a5a69939be2c8a35edc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 15:35:33 -0400 Subject: [PATCH 17/42] fix modes --- manifests/extra-access.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/extra-access.pp b/manifests/extra-access.pp index 3fce92e..adddf4c 100644 --- a/manifests/extra-access.pp +++ b/manifests/extra-access.pp @@ -6,7 +6,7 @@ define sudo::extra-access($ensure = 'present', $user = undef, $access = 'ALL=(AL ensure => 'present', owner => root, group => root, - mode => 640, + mode => 0440, content => "# THIS FILE IS MANAGED BY PUPPET !\n${user} ${access}\n", } } From 6800b023a936cccc559f8710875d597194ab1c79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 16:03:41 -0400 Subject: [PATCH 18/42] explain a little --- manifests/extra-access.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/extra-access.pp b/manifests/extra-access.pp index adddf4c..4d75cc5 100644 --- a/manifests/extra-access.pp +++ b/manifests/extra-access.pp @@ -2,6 +2,7 @@ define sudo::extra-access($ensure = 'present', $user = undef, $access = 'ALL=(AL if $user == undef { $user = $name } + # there shouldn't be a dot in those filenames! file { "/etc/sudoers.d/01-user_access-${name}": ensure => 'present', owner => root, From bf7c40b7f4a656cbdd3314502172dc70af50f403 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 16:04:12 -0400 Subject: [PATCH 19/42] explaine again --- manifests/user-alias.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/user-alias.pp b/manifests/user-alias.pp index 9aff3a7..f503ff3 100644 --- a/manifests/user-alias.pp +++ b/manifests/user-alias.pp @@ -1,5 +1,6 @@ define sudo::user-alias ($ensure = 'present', $members) { - file { "/etc/sudoers.d/00-user_alias-$title": + # this is 00-prefixed so that it's defined before the other definitions + file { "/etc/sudoers.d/00-user_alias-$title": ensure => $ensure, owner => root, group => root, From d996ff97977a69e6060dd58574c876f390a266e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 16:04:45 -0400 Subject: [PATCH 20/42] style --- manifests/user-alias.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/user-alias.pp b/manifests/user-alias.pp index f503ff3..9ad2376 100644 --- a/manifests/user-alias.pp +++ b/manifests/user-alias.pp @@ -1,10 +1,10 @@ define sudo::user-alias ($ensure = 'present', $members) { # this is 00-prefixed so that it's defined before the other definitions - file { "/etc/sudoers.d/00-user_alias-$title": + file { "/etc/sudoers.d/00-user_alias-${title}": ensure => $ensure, owner => root, group => root, mode => 440, - content => "# THIS FILE IS MANAGED BY PUPPET !\n\nUser_Alias $name = $members\n", + content => "# THIS FILE IS MANAGED BY PUPPET !\n\nUser_Alias ${name} = ${members}\n", } } From 9b445752647ecff38c8789911f2061a9e1167cd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 16:05:38 -0400 Subject: [PATCH 21/42] make the filename use title so that overrides don't leave files behind --- manifests/extra-access.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/extra-access.pp b/manifests/extra-access.pp index 4d75cc5..3fac36d 100644 --- a/manifests/extra-access.pp +++ b/manifests/extra-access.pp @@ -3,7 +3,7 @@ define sudo::extra-access($ensure = 'present', $user = undef, $access = 'ALL=(AL $user = $name } # there shouldn't be a dot in those filenames! - file { "/etc/sudoers.d/01-user_access-${name}": + file { "/etc/sudoers.d/01-user_access-${title}": ensure => 'present', owner => root, group => root, From 855e89eda273fd44c71d5890b40d942b39b87bfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 16:06:13 -0400 Subject: [PATCH 22/42] style --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index c61e3c5..7a8c5ea 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -8,7 +8,7 @@ class sudo { if $operatingsystem == 'FreeBSD' { File["/etc/sudoers"] { path => "/usr/local/etc/sudoers", - source => [ "puppet://$servername/secrets/sudoers.$fqdn", "puppet://$servername/secrets/sudoers.FreeBSD" ], + source => [ "puppet:///secrets/sudoers.$fqdn", "puppet:///secrets/sudoers.FreeBSD" ], } } else { From afb1b241436046fd9c7d15a8b5047b7a3adcef14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Wed, 24 Apr 2013 16:08:42 -0400 Subject: [PATCH 23/42] remove needless else clause --- manifests/init.pp | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 7a8c5ea..a93b2f7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -4,6 +4,7 @@ class sudo { file { "/etc/sudoers": mode => 440, owner => root, group => 0, require => Package['sudo'], + source => [ "puppet:///secrets/sudoers.$fqdn", "puppet:///secrets/sudoers" ], } if $operatingsystem == 'FreeBSD' { File["/etc/sudoers"] { @@ -11,9 +12,4 @@ class sudo { source => [ "puppet:///secrets/sudoers.$fqdn", "puppet:///secrets/sudoers.FreeBSD" ], } } - else { - File["/etc/sudoers"] { - source => [ "puppet:///secrets/sudoers.$fqdn", "puppet:///secrets/sudoers" ], - } - } } From d705c23880e933f7bbd216d0cb6aa4036428c3a6 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Thu, 25 Apr 2013 18:51:18 -0400 Subject: [PATCH 24/42] change name to "access" the term is more generic and avoids dashes in the name (which are deprecated from puppet 2.7) --- manifests/{extra-access.pp => access.pp} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename manifests/{extra-access.pp => access.pp} (79%) diff --git a/manifests/extra-access.pp b/manifests/access.pp similarity index 79% rename from manifests/extra-access.pp rename to manifests/access.pp index 3fac36d..7802029 100644 --- a/manifests/extra-access.pp +++ b/manifests/access.pp @@ -1,4 +1,4 @@ -define sudo::extra-access($ensure = 'present', $user = undef, $access = 'ALL=(ALL) ALL') { +define sudo::access($ensure = 'present', $user = undef, $access = 'ALL=(ALL) ALL') { if $user == undef { $user = $name } From 9c4d6fc6ec43c46081a2765512c6e453478e9fd7 Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Thu, 25 Apr 2013 18:58:04 -0400 Subject: [PATCH 25/42] lint manifests respect style from best practices. this makes the code a lot easier to read. also change groups from "root" to "0" to make them more portable (e.g. in freebsd, the admin group is "wheel" but has gid "0") --- manifests/access.pp | 28 ++++++++++++++++------------ manifests/init.pp | 26 +++++++++++++++----------- manifests/user-alias.pp | 21 ++++++++++++--------- 3 files changed, 43 insertions(+), 32 deletions(-) diff --git a/manifests/access.pp b/manifests/access.pp index 7802029..12f24ad 100644 --- a/manifests/access.pp +++ b/manifests/access.pp @@ -1,13 +1,17 @@ -define sudo::access($ensure = 'present', $user = undef, $access = 'ALL=(ALL) ALL') { - if $user == undef { - $user = $name - } - # there shouldn't be a dot in those filenames! - file { "/etc/sudoers.d/01-user_access-${title}": - ensure => 'present', - owner => root, - group => root, - mode => 0440, - content => "# THIS FILE IS MANAGED BY PUPPET !\n${user} ${access}\n", - } +define sudo::access ( + $ensure = 'present', + $user = undef, + $access = 'ALL=(ALL) ALL' +) { + if $user == undef { + $user = $name + } + # there shouldn't be a dot in those filenames! + file { "/etc/sudoers.d/01-user_access-${title}": + ensure => 'present', + owner => 'root', + group => 0, + mode => '0440', + content => "# THIS FILE IS MANAGED BY PUPPET !\n${user} ${access}\n", + } } diff --git a/manifests/init.pp b/manifests/init.pp index a93b2f7..6caf6da 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,15 +1,19 @@ class sudo { - package { 'sudo': ensure => installed, } + package { 'sudo': ensure => installed, } - file { "/etc/sudoers": - mode => 440, owner => root, group => 0, - require => Package['sudo'], - source => [ "puppet:///secrets/sudoers.$fqdn", "puppet:///secrets/sudoers" ], - } - if $operatingsystem == 'FreeBSD' { - File["/etc/sudoers"] { - path => "/usr/local/etc/sudoers", - source => [ "puppet:///secrets/sudoers.$fqdn", "puppet:///secrets/sudoers.FreeBSD" ], - } + file { '/etc/sudoers': + source => ["puppet:///secrets/sudoers.${::fqdn}", + 'puppet:///secrets/sudoers' ], + mode => '0440', + owner => 'root', + group => 0, + require => Package['sudo'], + } + if $::operatingsystem == 'FreeBSD' { + File['/etc/sudoers'] { + path => '/usr/local/etc/sudoers', + source => [ "puppet:///secrets/sudoers.${::fqdn}", + 'puppet:///secrets/sudoers.FreeBSD' ], } + } } diff --git a/manifests/user-alias.pp b/manifests/user-alias.pp index 9ad2376..f6f7106 100644 --- a/manifests/user-alias.pp +++ b/manifests/user-alias.pp @@ -1,10 +1,13 @@ -define sudo::user-alias ($ensure = 'present', $members) { - # this is 00-prefixed so that it's defined before the other definitions - file { "/etc/sudoers.d/00-user_alias-${title}": - ensure => $ensure, - owner => root, - group => root, - mode => 440, - content => "# THIS FILE IS MANAGED BY PUPPET !\n\nUser_Alias ${name} = ${members}\n", - } +define sudo::user-alias ( + $members, + $ensure = 'present' +) { + # this is 00-prefixed so that it's defined before the other definitions + file { "/etc/sudoers.d/00-user_alias-${title}": + ensure => $ensure, + owner => 'root', + group => 0, + mode => '0440', + content => "# THIS FILE IS MANAGED BY PUPPET !\n\nUser_Alias ${name} = ${members}\n", + } } From 3ac9c6fbb313b23fa8792c742f2f6661df135cdd Mon Sep 17 00:00:00 2001 From: Gabriel Filion Date: Thu, 25 Apr 2013 19:00:31 -0400 Subject: [PATCH 26/42] rename user-alias to user_alias the name is good but we'd like to avoid dashes since it's deprecated starting with puppet 2.7 --- manifests/{user-alias.pp => user_alias.pp} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename manifests/{user-alias.pp => user_alias.pp} (93%) diff --git a/manifests/user-alias.pp b/manifests/user_alias.pp similarity index 93% rename from manifests/user-alias.pp rename to manifests/user_alias.pp index f6f7106..3134ab3 100644 --- a/manifests/user-alias.pp +++ b/manifests/user_alias.pp @@ -1,4 +1,4 @@ -define sudo::user-alias ( +define sudo::user_alias ( $members, $ensure = 'present' ) { From f02dcffe22debbba7d3c9079e1e08f3da4815607 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Sat, 22 Jun 2013 12:38:41 -0400 Subject: [PATCH 27/42] make the sudoers directory parametrized --- files/sudoers/FreeBSD/sudoers | 2 +- manifests/access.pp | 2 +- manifests/base.pp | 4 ++++ manifests/freebsd.pp | 2 ++ manifests/init.pp | 3 ++- manifests/user_alias.pp | 2 +- 6 files changed, 11 insertions(+), 4 deletions(-) diff --git a/files/sudoers/FreeBSD/sudoers b/files/sudoers/FreeBSD/sudoers index 688cef0..158d0ca 100644 --- a/files/sudoers/FreeBSD/sudoers +++ b/files/sudoers/FreeBSD/sudoers @@ -36,4 +36,4 @@ root ALL=(ALL) ALL # Samples # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom # %users localhost=/sbin/shutdown -h now -#includedir /etc/sudoers.d +#includedir /usr/local/etc/sudoers.d diff --git a/manifests/access.pp b/manifests/access.pp index 12f24ad..36fd610 100644 --- a/manifests/access.pp +++ b/manifests/access.pp @@ -7,7 +7,7 @@ define sudo::access ( $user = $name } # there shouldn't be a dot in those filenames! - file { "/etc/sudoers.d/01-user_access-${title}": + file { "${sudo::sudoersdir}/01-user_access-${title}": ensure => 'present', owner => 'root', group => 0, diff --git a/manifests/base.pp b/manifests/base.pp index 01c9fd7..7ed8e26 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -7,5 +7,9 @@ class sudo::base { "puppet:///modules/sudo/sudoers/sudoers" ], owner => root, group => 0, mode => 0440; } + file { ${sudo::sudoersdir}: + ensure => directory, + owner => root, group => 0, mode => 0550; + } } } diff --git a/manifests/freebsd.pp b/manifests/freebsd.pp index c115874..3bcefa4 100644 --- a/manifests/freebsd.pp +++ b/manifests/freebsd.pp @@ -1,4 +1,6 @@ class sudo::freebsd inherits sudo::base { + + class { 'sudo': sudoersdir => '/usr/local/etc/sudoers.d' } package{'sudo': ensure => installed, } diff --git a/manifests/init.pp b/manifests/init.pp index 010b163..361caf3 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -3,7 +3,8 @@ # GPLv3 class sudo( - $deploy_sudoers = false + $deploy_sudoers = false, + $sudoersdir = '/etc/sudoers.d', ) { case $::kernel { linux: { include sudo::linux } diff --git a/manifests/user_alias.pp b/manifests/user_alias.pp index 3134ab3..0ffb34a 100644 --- a/manifests/user_alias.pp +++ b/manifests/user_alias.pp @@ -3,7 +3,7 @@ define sudo::user_alias ( $ensure = 'present' ) { # this is 00-prefixed so that it's defined before the other definitions - file { "/etc/sudoers.d/00-user_alias-${title}": + file { "${sudo::sudoersdir}/etc/sudoers.d/00-user_alias-${title}": ensure => $ensure, owner => 'root', group => 0, From b3d158a696f7e18d89e5db4cfdd3d695a498a96f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Sat, 22 Jun 2013 12:50:49 -0400 Subject: [PATCH 28/42] make the user default work --- manifests/access.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/access.pp b/manifests/access.pp index 36fd610..c496304 100644 --- a/manifests/access.pp +++ b/manifests/access.pp @@ -4,7 +4,7 @@ define sudo::access ( $access = 'ALL=(ALL) ALL' ) { if $user == undef { - $user = $name + $real_user = $name } # there shouldn't be a dot in those filenames! file { "${sudo::sudoersdir}/01-user_access-${title}": @@ -12,6 +12,6 @@ define sudo::access ( owner => 'root', group => 0, mode => '0440', - content => "# THIS FILE IS MANAGED BY PUPPET !\n${user} ${access}\n", + content => "# THIS FILE IS MANAGED BY PUPPET !\n${real_user} ${access}\n", } } From 7f3f14f08463a4b774412cd8e01c5fcebe8106a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Sat, 22 Jun 2013 12:54:50 -0400 Subject: [PATCH 29/42] fix syntax error in 2.6 --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index 361caf3..e6e18da 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -4,7 +4,7 @@ class sudo( $deploy_sudoers = false, - $sudoersdir = '/etc/sudoers.d', + $sudoersdir = '/etc/sudoers.d' ) { case $::kernel { linux: { include sudo::linux } From e3eef47070c59d06742c1baa556cbfb78c67b1f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Sat, 22 Jun 2013 12:55:28 -0400 Subject: [PATCH 30/42] fix syntax error --- manifests/base.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/base.pp b/manifests/base.pp index 7ed8e26..9576d62 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -7,7 +7,7 @@ class sudo::base { "puppet:///modules/sudo/sudoers/sudoers" ], owner => root, group => 0, mode => 0440; } - file { ${sudo::sudoersdir}: + file { $sudo::sudoersdir: ensure => directory, owner => root, group => 0, mode => 0550; } From 78121831898f4c9949821540d8e2cad1bbe6f648 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Sat, 22 Jun 2013 12:58:08 -0400 Subject: [PATCH 31/42] sudoersdir/dir to avoid redundancy --- manifests/access.pp | 2 +- manifests/base.pp | 2 +- manifests/freebsd.pp | 2 +- manifests/init.pp | 2 +- manifests/user_alias.pp | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/access.pp b/manifests/access.pp index c496304..622f428 100644 --- a/manifests/access.pp +++ b/manifests/access.pp @@ -7,7 +7,7 @@ define sudo::access ( $real_user = $name } # there shouldn't be a dot in those filenames! - file { "${sudo::sudoersdir}/01-user_access-${title}": + file { "${sudo::dir}/01-user_access-${title}": ensure => 'present', owner => 'root', group => 0, diff --git a/manifests/base.pp b/manifests/base.pp index 9576d62..1780436 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -7,7 +7,7 @@ class sudo::base { "puppet:///modules/sudo/sudoers/sudoers" ], owner => root, group => 0, mode => 0440; } - file { $sudo::sudoersdir: + file { $sudo::dir: ensure => directory, owner => root, group => 0, mode => 0550; } diff --git a/manifests/freebsd.pp b/manifests/freebsd.pp index 3bcefa4..dc09a75 100644 --- a/manifests/freebsd.pp +++ b/manifests/freebsd.pp @@ -1,6 +1,6 @@ class sudo::freebsd inherits sudo::base { - class { 'sudo': sudoersdir => '/usr/local/etc/sudoers.d' } + class { 'sudo': dir => '/usr/local/etc/sudoers.d' } package{'sudo': ensure => installed, } diff --git a/manifests/init.pp b/manifests/init.pp index e6e18da..0cf5b1d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -4,7 +4,7 @@ class sudo( $deploy_sudoers = false, - $sudoersdir = '/etc/sudoers.d' + $dir = '/etc/sudoers.d' ) { case $::kernel { linux: { include sudo::linux } diff --git a/manifests/user_alias.pp b/manifests/user_alias.pp index 0ffb34a..475de58 100644 --- a/manifests/user_alias.pp +++ b/manifests/user_alias.pp @@ -3,7 +3,7 @@ define sudo::user_alias ( $ensure = 'present' ) { # this is 00-prefixed so that it's defined before the other definitions - file { "${sudo::sudoersdir}/etc/sudoers.d/00-user_alias-${title}": + file { "${sudo::dir}/etc/sudoers.d/00-user_alias-${title}": ensure => $ensure, owner => 'root', group => 0, From 81c6a5f6d02155fad61d338262b1dd1304231cec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Sat, 22 Jun 2013 12:58:45 -0400 Subject: [PATCH 32/42] style --- manifests/base.pp | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/manifests/base.pp b/manifests/base.pp index 1780436..230cbb1 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,15 +1,15 @@ class sudo::base { if $sudo::deploy_sudoers { - file{'/etc/sudoers': - source => [ "puppet:///modules/site_sudo/sudoers/${::fqdn}/sudoers", - "puppet:///modules/site_sudo/sudoers/sudoers", - "puppet:///modules/sudo/sudoers/${::operatingsystem}/sudoers", - "puppet:///modules/sudo/sudoers/sudoers" ], - owner => root, group => 0, mode => 0440; - } - file { $sudo::dir: - ensure => directory, - owner => root, group => 0, mode => 0550; + file{ + '/etc/sudoers': + source => [ "puppet:///modules/site_sudo/sudoers/${::fqdn}/sudoers", + "puppet:///modules/site_sudo/sudoers/sudoers", + "puppet:///modules/sudo/sudoers/${::operatingsystem}/sudoers", + "puppet:///modules/sudo/sudoers/sudoers" ], + owner => root, group => 0, mode => 0440; + $sudo::dir: + ensure => directory, + owner => root, group => 0, mode => 0550; } } } From f4f40c57181de2222145c326cf461eecf83de458 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Sat, 22 Jun 2013 13:26:07 -0400 Subject: [PATCH 33/42] autoloading fix --- manifests/access.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/access.pp b/manifests/access.pp index 622f428..f13d480 100644 --- a/manifests/access.pp +++ b/manifests/access.pp @@ -3,6 +3,7 @@ define sudo::access ( $user = undef, $access = 'ALL=(ALL) ALL' ) { + include sudo if $user == undef { $real_user = $name } From 1f777fc52d7afdc2a0bac7868082f3550eafd473 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Sat, 22 Jun 2013 13:04:34 -0400 Subject: [PATCH 34/42] deploy the sudoers directory even if we don't overwrite sudoers --- manifests/base.pp | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/manifests/base.pp b/manifests/base.pp index 230cbb1..b70e439 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,15 +1,18 @@ class sudo::base { if $sudo::deploy_sudoers { - file{ + file { '/etc/sudoers': source => [ "puppet:///modules/site_sudo/sudoers/${::fqdn}/sudoers", "puppet:///modules/site_sudo/sudoers/sudoers", "puppet:///modules/sudo/sudoers/${::operatingsystem}/sudoers", "puppet:///modules/sudo/sudoers/sudoers" ], owner => root, group => 0, mode => 0440; - $sudo::dir: - ensure => directory, - owner => root, group => 0, mode => 0550; } } + file { + $sudo::dir: + ensure => directory, + owner => root, group => 0, mode => 0550; + } + } From 6df937e3ed5a19559d0d5bee09b399ad49d3bce7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Sat, 22 Jun 2013 13:25:51 -0400 Subject: [PATCH 35/42] use Smart Parameter Defaults pattern to fix freebsd path --- manifests/freebsd.pp | 2 -- manifests/init.pp | 6 +++--- manifests/params.pp | 11 +++++++++++ 3 files changed, 14 insertions(+), 5 deletions(-) create mode 100644 manifests/params.pp diff --git a/manifests/freebsd.pp b/manifests/freebsd.pp index dc09a75..c115874 100644 --- a/manifests/freebsd.pp +++ b/manifests/freebsd.pp @@ -1,6 +1,4 @@ class sudo::freebsd inherits sudo::base { - - class { 'sudo': dir => '/usr/local/etc/sudoers.d' } package{'sudo': ensure => installed, } diff --git a/manifests/init.pp b/manifests/init.pp index 0cf5b1d..4e6a50f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -3,9 +3,9 @@ # GPLv3 class sudo( - $deploy_sudoers = false, - $dir = '/etc/sudoers.d' -) { + $deploy_sudoers = $sudo::deploy_sudoers, + $dir = $sudo::params::dir +) inherits sudo::params { case $::kernel { linux: { include sudo::linux } freebsd: { include sudo::freebsd } diff --git a/manifests/params.pp b/manifests/params.pp new file mode 100644 index 0000000..afe6be0 --- /dev/null +++ b/manifests/params.pp @@ -0,0 +1,11 @@ +class sudo::params { + $dir = $::kernel ? { + /freebsd/ => '/usr/local/etc/sudoers.d', + default => '/etc/sudoers.d', + } + $path = $::kernel ? { + /freebsd/ => '/usr/local/etc/sudoers', + default => '/etc/sudoers', + } + $deploy_sudoers = false +} From 92073a73709ec8f7ede198e0c8db5df70597f29b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Sat, 22 Jun 2013 13:31:31 -0400 Subject: [PATCH 36/42] make the path sudoers a parameter too this simplifies the freebsd code greatly --- manifests/base.pp | 2 +- manifests/freebsd.pp | 7 ------- manifests/init.pp | 1 + 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/manifests/base.pp b/manifests/base.pp index b70e439..dfe3f94 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,7 +1,7 @@ class sudo::base { if $sudo::deploy_sudoers { file { - '/etc/sudoers': + $sudo::path: source => [ "puppet:///modules/site_sudo/sudoers/${::fqdn}/sudoers", "puppet:///modules/site_sudo/sudoers/sudoers", "puppet:///modules/sudo/sudoers/${::operatingsystem}/sudoers", diff --git a/manifests/freebsd.pp b/manifests/freebsd.pp index c115874..a419da1 100644 --- a/manifests/freebsd.pp +++ b/manifests/freebsd.pp @@ -2,11 +2,4 @@ class sudo::freebsd inherits sudo::base { package{'sudo': ensure => installed, } - - if $sudo_deploy_sudoers { - File['/etc/sudoers']{ - path => "/usr/local/etc/sudoers", - require => Package['sudo'], - } - } } diff --git a/manifests/init.pp b/manifests/init.pp index 4e6a50f..09f9493 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -4,6 +4,7 @@ class sudo( $deploy_sudoers = $sudo::deploy_sudoers, + $path = $sudo::params::path, $dir = $sudo::params::dir ) inherits sudo::params { case $::kernel { From 6b8fb05ac983dd062d8d1295a95f221dfc919e6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Sat, 22 Jun 2013 13:36:33 -0400 Subject: [PATCH 37/42] remove duplicate code between linux and freebsd now everything is managed through parameters we still don't install the package on platforms other than freebsd and linux to respect the current policy, so this actually is just a refactoring --- manifests/base.pp | 18 ------------------ manifests/freebsd.pp | 5 ----- manifests/init.pp | 26 +++++++++++++++++++++++--- manifests/linux.pp | 11 ----------- 4 files changed, 23 insertions(+), 37 deletions(-) delete mode 100644 manifests/base.pp delete mode 100644 manifests/freebsd.pp delete mode 100644 manifests/linux.pp diff --git a/manifests/base.pp b/manifests/base.pp deleted file mode 100644 index dfe3f94..0000000 --- a/manifests/base.pp +++ /dev/null @@ -1,18 +0,0 @@ -class sudo::base { - if $sudo::deploy_sudoers { - file { - $sudo::path: - source => [ "puppet:///modules/site_sudo/sudoers/${::fqdn}/sudoers", - "puppet:///modules/site_sudo/sudoers/sudoers", - "puppet:///modules/sudo/sudoers/${::operatingsystem}/sudoers", - "puppet:///modules/sudo/sudoers/sudoers" ], - owner => root, group => 0, mode => 0440; - } - } - file { - $sudo::dir: - ensure => directory, - owner => root, group => 0, mode => 0550; - } - -} diff --git a/manifests/freebsd.pp b/manifests/freebsd.pp deleted file mode 100644 index a419da1..0000000 --- a/manifests/freebsd.pp +++ /dev/null @@ -1,5 +0,0 @@ -class sudo::freebsd inherits sudo::base { - package{'sudo': - ensure => installed, - } -} diff --git a/manifests/init.pp b/manifests/init.pp index 09f9493..f962834 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -8,8 +8,28 @@ class sudo( $dir = $sudo::params::dir ) inherits sudo::params { case $::kernel { - linux: { include sudo::linux } - freebsd: { include sudo::freebsd } - default: { include sudo::base } + # XXX: why don't we install the package everywhere? + linux,freebsd: { + package {'sudo': + ensure => installed, + } + } + } + if $sudo::deploy_sudoers { + file { + $sudo::path: + source => [ "puppet:///modules/site_sudo/sudoers/${::fqdn}/sudoers", + "puppet:///modules/site_sudo/sudoers/sudoers", + "puppet:///modules/sudo/sudoers/${::operatingsystem}/sudoers", + "puppet:///modules/sudo/sudoers/sudoers" ], + require => Package['sudo'], + owner => root, group => 0, mode => 0440; + } + } + file { + $sudo::dir: + ensure => directory, + require => Package['sudo'], + owner => root, group => 0, mode => 0550; } } diff --git a/manifests/linux.pp b/manifests/linux.pp deleted file mode 100644 index 65517a8..0000000 --- a/manifests/linux.pp +++ /dev/null @@ -1,11 +0,0 @@ -class sudo::linux inherits sudo::base { - package{'sudo': - ensure => installed, - } - - if $sudo_deploy_sudoers { - File['/etc/sudoers']{ - require => Package['sudo'], - } - } -} From a47e787de8098181c39f2adfb21d68fbfc59f996 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Sat, 22 Jun 2013 13:38:12 -0400 Subject: [PATCH 38/42] always install the sudo package --- manifests/init.pp | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index f962834..553e3ba 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -7,13 +7,8 @@ class sudo( $path = $sudo::params::path, $dir = $sudo::params::dir ) inherits sudo::params { - case $::kernel { - # XXX: why don't we install the package everywhere? - linux,freebsd: { - package {'sudo': - ensure => installed, - } - } + package {'sudo': + ensure => installed, } if $sudo::deploy_sudoers { file { From 5c2d174fa15ae93afc0b3b1f44816f554b26e2c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Sat, 22 Jun 2013 13:38:27 -0400 Subject: [PATCH 39/42] add some tests --- tests/base.pp | 3 +++ tests/deploy.pp | 1 + tests/freebsd.pp | 3 +++ 3 files changed, 7 insertions(+) create mode 100644 tests/base.pp create mode 100644 tests/deploy.pp create mode 100644 tests/freebsd.pp diff --git a/tests/base.pp b/tests/base.pp new file mode 100644 index 0000000..efdbec0 --- /dev/null +++ b/tests/base.pp @@ -0,0 +1,3 @@ +class { 'sudo': dir => '/tmp/sudoers.d' } + +sudo::access { 'foo': } diff --git a/tests/deploy.pp b/tests/deploy.pp new file mode 100644 index 0000000..da94092 --- /dev/null +++ b/tests/deploy.pp @@ -0,0 +1 @@ +class { 'sudo': deploy_sudoers => true } diff --git a/tests/freebsd.pp b/tests/freebsd.pp new file mode 100644 index 0000000..23f33e1 --- /dev/null +++ b/tests/freebsd.pp @@ -0,0 +1,3 @@ +# needs to be ran with FACTER_kernel=freebsd puppet apply --modulepath=.. tests/freebsd.pp + +sudo::access { 'foo': } From b38db28f706723d1b7effa55576c7dcc81e791c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Sat, 22 Jun 2013 13:38:47 -0400 Subject: [PATCH 40/42] add sample sudoers file from Debian Wheezy --- files/sudoers/sudoers | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 files/sudoers/sudoers diff --git a/files/sudoers/sudoers b/files/sudoers/sudoers new file mode 100644 index 0000000..d4cc632 --- /dev/null +++ b/files/sudoers/sudoers @@ -0,0 +1,27 @@ +# +# This file MUST be edited with the 'visudo' command as root. +# +# Please consider adding local content in /etc/sudoers.d/ instead of +# directly modifying this file. +# +# See the man page for details on how to write a sudoers file. +# +Defaults env_reset +Defaults mail_badpass +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL:ALL) ALL + +# Allow members of group sudo to execute any command +%sudo ALL=(ALL:ALL) ALL + +# See sudoers(5) for more information on "#include" directives: + +#includedir /etc/sudoers.d From 73c5057e016a9a7e6241cde645be421f3ccba428 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Sat, 22 Jun 2013 13:45:02 -0400 Subject: [PATCH 41/42] fix default case --- manifests/access.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/access.pp b/manifests/access.pp index f13d480..023f5d5 100644 --- a/manifests/access.pp +++ b/manifests/access.pp @@ -6,6 +6,8 @@ define sudo::access ( include sudo if $user == undef { $real_user = $name + } else { + $real_user = $user } # there shouldn't be a dot in those filenames! file { "${sudo::dir}/01-user_access-${title}": From 81a06483fc98427e41e0c7ec4a180ccf734b9334 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= Date: Sat, 22 Jun 2013 13:48:10 -0400 Subject: [PATCH 42/42] fix typo --- manifests/user_alias.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/user_alias.pp b/manifests/user_alias.pp index 475de58..b16df6b 100644 --- a/manifests/user_alias.pp +++ b/manifests/user_alias.pp @@ -3,7 +3,7 @@ define sudo::user_alias ( $ensure = 'present' ) { # this is 00-prefixed so that it's defined before the other definitions - file { "${sudo::dir}/etc/sudoers.d/00-user_alias-${title}": + file { "${sudo::dir}/00-user_alias-${title}": ensure => $ensure, owner => 'root', group => 0,