Merge branch 'koumbit' into shared

2013-06-22 14:32:36 -04:00 · 2013-06-22 14:32:36 -04:00 · 208aefb872
commit 208aefb872
parent c0a3c67678 81a06483fc
12 changed files with 102 additions and 40 deletions
--- a/files/sudoers/FreeBSD/sudoers
+++ b/files/sudoers/FreeBSD/sudoers
@ -36,3 +36,4 @@ root	ALL=(ALL) ALL
 # Samples
 # %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
 # %users  localhost=/sbin/shutdown -h now
 #includedir /usr/local/etc/sudoers.d
--- a/files/sudoers/sudoers
+++ b/files/sudoers/sudoers
@ -0,0 +1,27 @@
 #
 # This file MUST be edited with the 'visudo' command as root.
 #
 # Please consider adding local content in /etc/sudoers.d/ instead of
 # directly modifying this file.
 #
 # See the man page for details on how to write a sudoers file.
 #
 Defaults	env_reset
 Defaults	mail_badpass
 Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 # Host alias specification
 # User alias specification
 # Cmnd alias specification
 # User privilege specification
 root	ALL=(ALL:ALL) ALL
 # Allow members of group sudo to execute any command
 %sudo	ALL=(ALL:ALL) ALL
 # See sudoers(5) for more information on "#include" directives:
 #includedir /etc/sudoers.d
--- a/manifests/access.pp
+++ b/manifests/access.pp
@ -0,0 +1,20 @@
 define sudo::access (
  $ensure = 'present',
  $user = undef,
  $access = 'ALL=(ALL) ALL'
 ) {
  include sudo
  if $user == undef {
    $real_user = $name
  } else {
    $real_user = $user
  }
  # there shouldn't be a dot in those filenames!
  file { "${sudo::dir}/01-user_access-${title}":
    ensure  => 'present',
    owner   => 'root',
    group   => 0,
    mode    => '0440',
    content => "# THIS FILE IS MANAGED BY PUPPET !\n${real_user}        ${access}\n",
  }
 }
--- a/manifests/base.pp
+++ b/manifests/base.pp
@ -1,11 +0,0 @@
 class sudo::base {
    if $sudo::deploy_sudoers {
      file{'/etc/sudoers':
        source => [ "puppet:///modules/site_sudo/sudoers/${::fqdn}/sudoers",
                    "puppet:///modules/site_sudo/sudoers/sudoers",
                    "puppet:///modules/sudo/sudoers/${::operatingsystem}/sudoers",
                    "puppet:///modules/sudo/sudoers/sudoers" ],
        owner => root, group => 0, mode => 0440;
      }
    }
 }
--- a/manifests/freebsd.pp
+++ b/manifests/freebsd.pp
@ -1,12 +0,0 @@
 class sudo::freebsd inherits sudo::base {
    package{'sudo':
        ensure => installed,
    }
    if $sudo_deploy_sudoers {
      File['/etc/sudoers']{
        path => "/usr/local/etc/sudoers",
        require => Package['sudo'],
      }
    }
 }
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -3,11 +3,28 @@
 # GPLv3
 class sudo(
-  $deploy_sudoers = false
+  $deploy_sudoers = $sudo::deploy_sudoers,
-) {
+  $path = $sudo::params::path,
-  case $::kernel {
+  $dir = $sudo::params::dir
-    linux: { include sudo::linux }
+) inherits sudo::params {
-    freebsd: { include sudo::freebsd }
+  package {'sudo':
-    default: { include sudo::base }
+    ensure => installed,
  }
  if $sudo::deploy_sudoers {
    file {
      $sudo::path:
        source => [ "puppet:///modules/site_sudo/sudoers/${::fqdn}/sudoers",
                    "puppet:///modules/site_sudo/sudoers/sudoers",
                    "puppet:///modules/sudo/sudoers/${::operatingsystem}/sudoers",
                    "puppet:///modules/sudo/sudoers/sudoers" ],
        require => Package['sudo'],
        owner => root, group => 0, mode => 0440;
    }
  }
  file {
    $sudo::dir:
      ensure => directory,
      require => Package['sudo'],
      owner => root, group => 0, mode => 0550;
  }
 }
--- a/manifests/linux.pp
+++ b/manifests/linux.pp
@ -1,11 +0,0 @@
 class sudo::linux inherits sudo::base {
    package{'sudo':
        ensure => installed,
    }
    if $sudo_deploy_sudoers {
      File['/etc/sudoers']{
        require => Package['sudo'],
      }
    }
 }
--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -0,0 +1,11 @@
 class sudo::params {
  $dir = $::kernel ? {
    /freebsd/ => '/usr/local/etc/sudoers.d',
    default => '/etc/sudoers.d',
  }
  $path = $::kernel ? {
    /freebsd/ => '/usr/local/etc/sudoers',
    default => '/etc/sudoers',
  }
  $deploy_sudoers = false
 }
--- a/manifests/user_alias.pp
+++ b/manifests/user_alias.pp
@ -0,0 +1,13 @@
 define sudo::user_alias (
  $members,
  $ensure = 'present'
 ) {
  # this is 00-prefixed so that it's defined before the other definitions
  file { "${sudo::dir}/00-user_alias-${title}":
    ensure  => $ensure,
    owner   => 'root',
    group   => 0,
    mode    => '0440',
    content => "# THIS FILE IS MANAGED BY PUPPET !\n\nUser_Alias ${name} = ${members}\n",
  }
 }
--- a/tests/base.pp
+++ b/tests/base.pp
@ -0,0 +1,3 @@
 class { 'sudo': dir => '/tmp/sudoers.d' }
 sudo::access { 'foo': }
--- a/tests/deploy.pp
+++ b/tests/deploy.pp
@ -0,0 +1 @@
 class { 'sudo': deploy_sudoers => true }
--- a/tests/freebsd.pp
+++ b/tests/freebsd.pp
@ -0,0 +1,3 @@
 # needs to be ran with FACTER_kernel=freebsd puppet apply --modulepath=.. tests/freebsd.pp
 sudo::access { 'foo': }
		`@ -0,0 +1,3 @@`
							`class { 'sudo': dir => '/tmp/sudoers.d' }`

							`sudo::access { 'foo': }`
		`@ -0,0 +1,3 @@`
							`# needs to be ran with FACTER_kernel=freebsd puppet apply --modulepath=.. tests/freebsd.pp`

							`sudo::access { 'foo': }`