Merge branch 'koumbit' into shared

2013-06-22 14:32:36 -04:00 · 2013-06-22 14:32:36 -04:00 · 208aefb872
commit 208aefb872
parent c0a3c67678 81a06483fc
12 changed files with 102 additions and 40 deletions
--- a/files/sudoers/FreeBSD/sudoers
+++ b/files/sudoers/FreeBSD/sudoers
@ -36,3 +36,4 @@ root	ALL=(ALL) ALL
 # Samples
 # %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
 # %users  localhost=/sbin/shutdown -h now
+#includedir /usr/local/etc/sudoers.d
--- a/files/sudoers/sudoers
+++ b/files/sudoers/sudoers
@ -0,0 +1,27 @@
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# Please consider adding local content in /etc/sudoers.d/ instead of
+# directly modifying this file.
+#
+# See the man page for details on how to write a sudoers file.
+#
+Defaults	env_reset
+Defaults	mail_badpass
+Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root	ALL=(ALL:ALL) ALL
+
+# Allow members of group sudo to execute any command
+%sudo	ALL=(ALL:ALL) ALL
+
+# See sudoers(5) for more information on "#include" directives:
+
+#includedir /etc/sudoers.d
--- a/manifests/access.pp
+++ b/manifests/access.pp
@ -0,0 +1,20 @@
+define sudo::access (
+  $ensure = 'present',
+  $user = undef,
+  $access = 'ALL=(ALL) ALL'
+) {
+  include sudo
+  if $user == undef {
+    $real_user = $name
+  } else {
+    $real_user = $user
+  }
+  # there shouldn't be a dot in those filenames!
+  file { "${sudo::dir}/01-user_access-${title}":
+    ensure  => 'present',
+    owner   => 'root',
+    group   => 0,
+    mode    => '0440',
+    content => "# THIS FILE IS MANAGED BY PUPPET !\n${real_user}        ${access}\n",
+  }
+}
--- a/manifests/base.pp
+++ b/manifests/base.pp
@ -1,11 +0,0 @@
-class sudo::base {
-    if $sudo::deploy_sudoers {
-      file{'/etc/sudoers':
-        source => [ "puppet:///modules/site_sudo/sudoers/${::fqdn}/sudoers",
-                    "puppet:///modules/site_sudo/sudoers/sudoers",
-                    "puppet:///modules/sudo/sudoers/${::operatingsystem}/sudoers",
-                    "puppet:///modules/sudo/sudoers/sudoers" ],
-        owner => root, group => 0, mode => 0440;
-      }
-    }
-}
--- a/manifests/freebsd.pp
+++ b/manifests/freebsd.pp
@ -1,12 +0,0 @@
-class sudo::freebsd inherits sudo::base {
-    package{'sudo':
-        ensure => installed,
-    }
-
-    if $sudo_deploy_sudoers {
-      File['/etc/sudoers']{
-        path => "/usr/local/etc/sudoers",
-        require => Package['sudo'],
-      }
-    }
-}
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -3,11 +3,28 @@
 # GPLv3

 class sudo(
-  $deploy_sudoers = false
-) {
-  case $::kernel {
-    linux: { include sudo::linux }
-    freebsd: { include sudo::freebsd }
-    default: { include sudo::base }
+  $deploy_sudoers = $sudo::deploy_sudoers,
+  $path = $sudo::params::path,
+  $dir = $sudo::params::dir
+) inherits sudo::params {
+  package {'sudo':
+    ensure => installed,
+  }
+  if $sudo::deploy_sudoers {
+    file {
+      $sudo::path:
+        source => [ "puppet:///modules/site_sudo/sudoers/${::fqdn}/sudoers",
+                    "puppet:///modules/site_sudo/sudoers/sudoers",
+                    "puppet:///modules/sudo/sudoers/${::operatingsystem}/sudoers",
+                    "puppet:///modules/sudo/sudoers/sudoers" ],
+        require => Package['sudo'],
+        owner => root, group => 0, mode => 0440;
+    }
+  }
+  file {
+    $sudo::dir:
+      ensure => directory,
+      require => Package['sudo'],
+      owner => root, group => 0, mode => 0550;
  }
 }
--- a/manifests/linux.pp
+++ b/manifests/linux.pp
@ -1,11 +0,0 @@
-class sudo::linux inherits sudo::base {
-    package{'sudo':
-        ensure => installed,
-    }
-
-    if $sudo_deploy_sudoers {
-      File['/etc/sudoers']{
-        require => Package['sudo'],
-      }
-    }
-}
--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -0,0 +1,11 @@
+class sudo::params {
+  $dir = $::kernel ? {
+    /freebsd/ => '/usr/local/etc/sudoers.d',
+    default => '/etc/sudoers.d',
+  }
+  $path = $::kernel ? {
+    /freebsd/ => '/usr/local/etc/sudoers',
+    default => '/etc/sudoers',
+  }
+  $deploy_sudoers = false
+}
--- a/manifests/user_alias.pp
+++ b/manifests/user_alias.pp
@ -0,0 +1,13 @@
+define sudo::user_alias (
+  $members,
+  $ensure = 'present'
+) {
+  # this is 00-prefixed so that it's defined before the other definitions
+  file { "${sudo::dir}/00-user_alias-${title}":
+    ensure  => $ensure,
+    owner   => 'root',
+    group   => 0,
+    mode    => '0440',
+    content => "# THIS FILE IS MANAGED BY PUPPET !\n\nUser_Alias ${name} = ${members}\n",
+  }
+}
--- a/tests/base.pp
+++ b/tests/base.pp
@ -0,0 +1,3 @@
+class { 'sudo': dir => '/tmp/sudoers.d' }
+
+sudo::access { 'foo': }
--- a/tests/deploy.pp
+++ b/tests/deploy.pp
@ -0,0 +1 @@
+class { 'sudo': deploy_sudoers => true }
--- a/tests/freebsd.pp
+++ b/tests/freebsd.pp
@ -0,0 +1,3 @@
+# needs to be ran with FACTER_kernel=freebsd puppet apply --modulepath=.. tests/freebsd.pp
+
+sudo::access { 'foo': }