From 522f8dbb66a60a448b4e22027411004b038b7cc3 Mon Sep 17 00:00:00 2001 From: Dan Bode Date: Tue, 16 Mar 2010 03:40:19 -0500 Subject: updated documentation, added more tests --- README | 2 +- lib/puppet/type/sudoers.rb | 84 ++++++++++++++++++++++++++++++++-------------- tests/test2.pp | 17 ++++++++++ 3 files changed, 77 insertions(+), 26 deletions(-) create mode 100644 tests/test2.pp diff --git a/README b/README index c974f03..2dc50b2 100644 --- a/README +++ b/README @@ -14,8 +14,8 @@ KNOWN ISSUES/TODO 4. A userspec record that starts with Defaults will be parsed as a default. (this may not be possible) 5. I still need to verify combinations of properties that work together and throw exceptions for mismatches. 6. I can probably set up autorequires on aliases in User Spec line, but this order would only be followed if both records were created. - 7. Performance - seems to be runing to_line way too many times, also flushing way too often + 8. If an alias is created with the same name as a previously defined user spec, it does not create it, or throw any errors. COMMENT NAMEVARS: diff --git a/lib/puppet/type/sudoers.rb b/lib/puppet/type/sudoers.rb index 162a871..85593a2 100644 --- a/lib/puppet/type/sudoers.rb +++ b/lib/puppet/type/sudoers.rb @@ -1,44 +1,78 @@ Puppet::Type.newtype(:sudoers) do @doc = "Manage the contents of /etc/sudoers -there are two types of things here: +Author:: Dan Bode (dan@reductivelabs.com) +Copyright:: BLAH!! +License:: GPL3 - sudoer{'NAME': - ensure => (absent|present) - type => (alias|spec) # required?? - alias => (User_alias|Runas_alias|Host_alias|Cmnd_alias), - items => [] # this is only for aliases - user_list => [] - host_list => [] - operator_list => [] - # NOPASSWD, PASSWD, NOEXEC, EXEC, SETENV and NOSETENV - tag_list => [] - command_list => [] - } += Summary - alias NAME - starts with CAP ([A-Z]([A-Z][0-9]_)*) +The sudoers type supports managing individual lines from the sudoers file. -aliases, user specifications - User_alias - Runas_alias - Host_alias - Cmnd_alias += Record Types -alias spec: +There are 3 types of records that are supported: - Alias_Type NAME = item1, item2, item3 : NAME = item4, item5 +== Aliases: + +Manages an alias line of a sudoers file. + +Example: + +sudoers{'ALIAS_NAME': + ensure => present, + sudo_alias => 'Cmnd', + items => ['/bin/true', '/usr/bin/su - bob'], +} + +creates the following line: + +Cmnd_Alias ALIAS_NAME=/bin/true,/usr/bin/su - bob + +== User Specification + +sudoers line that specifies how users can run commands. + +This there is no way to clearly determine uniqueness, a comment line is added above user spec lines that contains the namevar. + +Example: + +sudoers{'NAME': + ensure => present, + users => ['dan1', 'dan2'], + hosts => 'ALL', + commands => [ + '(root) /usr/bin/su - easapp', + '(easapp)/usr/local/eas-ts/bin/appctl', + ], +} + +creates the following line: + +#Puppet NAMEVAR NAME +dan1,dan2 ALL=(root) /usr/bin/su - easapp,(easapp)/usr/local/eas-ts/bin/appctl + +Defaults: + +the default name is used to determine uniqueness. + +sudoers{'Defaults@host': + parameters => ['x=y', 'one=1', 'two=2'], +} +Defaults@host x=y,one=1,two=2 -order matters!! +== Notes: +- parsing of multi-line sudoers records is not currently supported. +- ordering only applies when records are created. " - # we can either remove or add lines - # they should also be purgable?(whats the namesvar for specs?) + # support absent and present (also purge -> true) ensurable newparam(:name) do - desc "Either the name of the alias default or users in user spec" + desc "Either the name of the alias, default, or arbitrary unique string for user specifications" isnamevar end diff --git a/tests/test2.pp b/tests/test2.pp new file mode 100644 index 0000000..549a3b4 --- /dev/null +++ b/tests/test2.pp @@ -0,0 +1,17 @@ +sudoers{'NAME': + ensure => present, + users => ['dan1', 'dan2'], + hosts => 'ALL', + commands => [ + '(root) /usr/bin/su - easapp', + '(easapp)/usr/local/eas-ts/bin/appctl', + ], +} +sudoers{'ALIAS_NAME': + ensure => present, + sudo_alias => 'Cmnd', + items => ['/bin/true', '/usr/bin/su - bob'], +} +sudoers{'Defaults@host': + parameters => ['x=y', 'one=1', 'two=2'], + } -- cgit v1.2.3