Merge branch 'koumbit' into shared

files/sudoers/FreeBSD/sudoers

@@ -36,3 +36,4 @@ root	ALL=(ALL) ALL
 # Samples
 # %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
 # %users  localhost=/sbin/shutdown -h now
+#includedir /usr/local/etc/sudoers.d

files/sudoers/sudoers

@@ -0,0 +1,27 @@
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# Please consider adding local content in /etc/sudoers.d/ instead of
+# directly modifying this file.
+#
+# See the man page for details on how to write a sudoers file.
+#
+Defaults	env_reset
+Defaults	mail_badpass
+Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root	ALL=(ALL:ALL) ALL
+
+# Allow members of group sudo to execute any command
+%sudo	ALL=(ALL:ALL) ALL
+
+# See sudoers(5) for more information on "#include" directives:
+
+#includedir /etc/sudoers.d

manifests/access.pp

@@ -0,0 +1,20 @@
+define sudo::access (
+  $ensure = 'present',
+  $user = undef,
+  $access = 'ALL=(ALL) ALL'
+) {
+  include sudo
+  if $user == undef {
+    $real_user = $name
+  } else {
+    $real_user = $user
+  }
+  # there shouldn't be a dot in those filenames!
+  file { "${sudo::dir}/01-user_access-${title}":
+    ensure  => 'present',
+    owner   => 'root',
+    group   => 0,
+    mode    => '0440',
+    content => "# THIS FILE IS MANAGED BY PUPPET !\n${real_user}        ${access}\n",
+  }
+}

manifests/base.pp

@@ -1,11 +0,0 @@
-class sudo::base {
-    if $sudo::deploy_sudoers {
-      file{'/etc/sudoers':
-        source => [ "puppet:///modules/site_sudo/sudoers/${::fqdn}/sudoers",
-                    "puppet:///modules/site_sudo/sudoers/sudoers",
-                    "puppet:///modules/sudo/sudoers/${::operatingsystem}/sudoers",
-                    "puppet:///modules/sudo/sudoers/sudoers" ],
-        owner => root, group => 0, mode => 0440;
-      }
-    }
-}

manifests/freebsd.pp

@@ -1,12 +0,0 @@
-class sudo::freebsd inherits sudo::base {
-    package{'sudo':
-        ensure => installed,
-    }
-
-    if $sudo_deploy_sudoers {
-      File['/etc/sudoers']{
-        path => "/usr/local/etc/sudoers",
-        require => Package['sudo'],
-      }
-    }
-}

manifests/init.pp

@@ -3,11 +3,28 @@
 # GPLv3
 
 class sudo(
-  $deploy_sudoers = false
-) {
-  case $::kernel {
-    linux: { include sudo::linux }
-    freebsd: { include sudo::freebsd }
-    default: { include sudo::base }
+  $deploy_sudoers = $sudo::deploy_sudoers,
+  $path = $sudo::params::path,
+  $dir = $sudo::params::dir
+) inherits sudo::params {
+  package {'sudo':
+    ensure => installed,
+  }
+  if $sudo::deploy_sudoers {
+    file {
+      $sudo::path:
+        source => [ "puppet:///modules/site_sudo/sudoers/${::fqdn}/sudoers",
+                    "puppet:///modules/site_sudo/sudoers/sudoers",
+                    "puppet:///modules/sudo/sudoers/${::operatingsystem}/sudoers",
+                    "puppet:///modules/sudo/sudoers/sudoers" ],
+        require => Package['sudo'],
+        owner => root, group => 0, mode => 0440;
+    }
+  }
+  file {
+    $sudo::dir:
+      ensure => directory,
+      require => Package['sudo'],
+      owner => root, group => 0, mode => 0550;
   }
 }

manifests/linux.pp

@@ -1,11 +0,0 @@
-class sudo::linux inherits sudo::base {
-    package{'sudo':
-        ensure => installed,
-    }
-
-    if $sudo_deploy_sudoers {
-      File['/etc/sudoers']{
-        require => Package['sudo'],
-      }
-    }
-}

manifests/params.pp

@@ -0,0 +1,11 @@
+class sudo::params {
+  $dir = $::kernel ? {
+    /freebsd/ => '/usr/local/etc/sudoers.d',
+    default => '/etc/sudoers.d',
+  }
+  $path = $::kernel ? {
+    /freebsd/ => '/usr/local/etc/sudoers',
+    default => '/etc/sudoers',
+  }
+  $deploy_sudoers = false
+}

manifests/user_alias.pp

@@ -0,0 +1,13 @@
+define sudo::user_alias (
+  $members,
+  $ensure = 'present'
+) {
+  # this is 00-prefixed so that it's defined before the other definitions
+  file { "${sudo::dir}/00-user_alias-${title}":
+    ensure  => $ensure,
+    owner   => 'root',
+    group   => 0,
+    mode    => '0440',
+    content => "# THIS FILE IS MANAGED BY PUPPET !\n\nUser_Alias ${name} = ${members}\n",
+  }
+}

tests/base.pp

@@ -0,0 +1,3 @@
+class { 'sudo': dir => '/tmp/sudoers.d' }
+
+sudo::access { 'foo': }

tests/deploy.pp

@@ -0,0 +1 @@
+class { 'sudo': deploy_sudoers => true }

tests/freebsd.pp

@@ -0,0 +1,3 @@
+# needs to be ran with FACTER_kernel=freebsd puppet apply --modulepath=.. tests/freebsd.pp
+
+sudo::access { 'foo': }