Allow user to specify multiple config dirs/#includedir directives

saz · May 3, 2017 · ff55b7c · ff55b7c
1 parent df34848
commit ff55b7c
Show file tree

Hide file tree

Showing 22 changed files with 143 additions and 135 deletions.
diff --git a/.bundle/config b/.bundle/config
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,13 @@
-pkg/
-*.swp
-spec/fixtures/
-.vagrant/
-vendor/
-Gemfile.lock
+.*.sw?
+/pkg
+/spec/fixtures/manifests
+/spec/fixtures/modules
+/.rspec_system
+/.vagrant
+/.bundle
+/vendor
+/Gemfile.lock
+/junit
+/log
+.yardoc
+coverage
diff --git a/manifests/conf.pp b/manifests/conf.pp
@@ -69,9 +69,9 @@
 
   # build current file name with path
   if $sudo_file_name != undef {
-    $cur_file = "${sudo_config_dir_real}${sudo_file_name}"
+    $cur_file = "${sudo_config_dir_real}/${sudo_file_name}"
   } else {
-    $cur_file = "${sudo_config_dir_real}${priority_real}_${dname}"
+    $cur_file = "${sudo_config_dir_real}/${priority_real}_${dname}"
   }
 
   # replace whitespace in file name

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -50,22 +50,17 @@
 #     what you're doing.
 #     Default: auto-set, platform specific
 #
-#   [*config_file_replace*]
-#     Replace configuration file with that one delivered with this module
-#     Default: true
-#
-#   [*includedirsudoers*]
-#     Add #includedir /etc/sudoers.d to the end of sudoers, if not config_file_replace
-#     Default: true if RedHat 5.x
-#
 #   [*config_dir*]
-#     Main configuration directory
-#     Only set this, if your platform is not supported or you know,
-#     what you're doing.
+#     Main directory containing sudo snippets, imported via
+#     includedir stanza in sudoers file
 #     Default: auto-set, platform specific
 #
-#   [*source*]
-#     Alternate source file location
+#   [*extra_include_dirs*]
+#     Array of additional directories containing sudo snippets
+#     Default: undef
+#
+#   [*content*]
+#     Alternate content file location
 #     Only set this, if your platform is not supported or you know,
 #     what you're doing.
 #     Default: auto-set, platform specific
@@ -96,9 +91,9 @@
   $purge_ignore        = undef,
   $config_file         = $sudo::params::config_file,
   $config_file_replace = true,
-  $includedirsudoers   = $sudo::params::includedirsudoers,
   $config_dir          = $sudo::params::config_dir,
-  $source              = $sudo::params::source,
+  $extra_include_dirs  = undef,
+  $content             = $sudo::params::content,
   $ldap_enable         = false,
 ) inherits sudo::params {
 
@@ -145,7 +140,7 @@
     group   => $sudo::params::config_file_group,
     mode    => '0440',
     replace => $config_file_replace,
-    source  => $source,
+    content => template($content),
     require => Class['sudo::package'],
   }
 
@@ -160,14 +155,6 @@
     require => Class['sudo::package'],
   }
 
-  if $config_file_replace == false and $includedirsudoers {
-    augeas { 'includedirsudoers':
-      changes => ['set /files/etc/sudoers/#includedir /etc/sudoers.d'],
-      incl    => $config_file,
-      lens    => 'Sudoers.lns',
-    }
-  }
-
   # Load the Hiera based sudoer configuration (if enabled and present)
   #
   # NOTE: We must use 'include' here to avoid circular dependencies with
@@ -183,7 +170,7 @@
     include '::sudo::configs'
   }
 
-  anchor { 'sudo::begin': } ->
-  Class['sudo::package']    ->
-  anchor { 'sudo::end': }
+  anchor { 'sudo::begin': }
+  -> Class['sudo::package']
+  -> anchor { 'sudo::end': }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -1,21 +1,21 @@
 #class sudo::params
 #Set the paramters for the sudo module
 class sudo::params {
-  $source_base = "puppet:///modules/${module_name}/"
+  $content_base = "${module_name}/"
 
   case $::osfamily {
     'Debian': {
       case $::operatingsystem {
         'Ubuntu': {
-          $source = "${source_base}sudoers.ubuntu"
+          $content = "${content_base}sudoers.ubuntu.erb"
         }
         default: {
           if (versioncmp($::operatingsystemmajrelease, '7') >= 0) or
             ($::operatingsystemmajrelease =~ /\/sid/) or
             ($::operatingsystemmajrelease =~ /Kali/) {
-            $source = "${source_base}sudoers.debian"
+            $content = "${content_base}sudoers.debian.erb"
           } else {
-            $source = "${source_base}sudoers.olddebian"
+            $content = "${content_base}sudoers.olddebian.erb"
           }
         }
       }
@@ -25,8 +25,7 @@
       $package_source    = ''
       $package_admin_file = ''
       $config_file       = '/etc/sudoers'
-      $includedirsudoers = false
-      $config_dir        = '/etc/sudoers.d/'
+      $config_dir        = '/etc/sudoers.d'
       $config_file_group = 'root'
     }
     'RedHat': {
@@ -44,16 +43,12 @@
       $package_source = ''
       $package_admin_file = ''
       $config_file = '/etc/sudoers'
-      $includedirsudoers = $::operatingsystemmajrelease ? {
-        '5'     => true,
-        default => false,
-      }
-      $config_dir = '/etc/sudoers.d/'
-      $source = $::operatingsystemrelease ? {
-        /^5/    => "${source_base}sudoers.rhel5",
-        /^6/    => "${source_base}sudoers.rhel6",
-        /^7/    => "${source_base}sudoers.rhel7",
-        default => "${source_base}sudoers.rhel6",
+      $config_dir = '/etc/sudoers.d'
+      $content = $::operatingsystemrelease ? {
+        /^5/    => "${content_base}sudoers.rhel5.erb",
+        /^6/    => "${content_base}sudoers.rhel6.erb",
+        /^7/    => "${content_base}sudoers.rhel7.erb",
+        default => "${content_base}sudoers.rhel6.erb",
         }
       $config_file_group = 'root'
     }
@@ -64,9 +59,8 @@
       $package_source = ''
       $package_admin_file = ''
       $config_file = '/etc/sudoers'
-      $includedirsudoers = false
-      $config_dir = '/etc/sudoers.d/'
-      $source = "${source_base}sudoers.suse"
+      $config_dir = '/etc/sudoers.d'
+      $content = "${content_base}sudoers.suse.erb"
       $config_file_group = 'root'
     }
     'Solaris': {
@@ -78,9 +72,8 @@
           $package_source = ''
           $package_admin_file = ''
           $config_file = '/etc/sudoers'
-          $includedirsudoers = false
-          $config_dir = '/etc/sudoers.d/'
-          $source = "${source_base}sudoers.omnios"
+          $config_dir = '/etc/sudoers.d'
+          $content = "${content_base}sudoers.omnios.erb"
           $config_file_group = 'root'
         }
         'SmartOS': {
@@ -90,8 +83,8 @@
           $package_source = ''
           $package_admin_file = ''
           $config_file = '/opt/local/etc/sudoers'
-          $config_dir = '/opt/local/etc/sudoers.d/'
-          $source = "${source_base}sudoers.smartos"
+          $config_dir = '/opt/local/etc/sudoers.d'
+          $content = "${content_base}sudoers.smartos.erb"
           $config_file_group = 'root'
         }
         default: {
@@ -103,9 +96,8 @@
               $package_source = ''
               $package_admin_file = ''
               $config_file = '/etc/sudoers'
-              $includedirsudoers = false
-              $config_dir = '/etc/sudoers.d/'
-              $source = "${source_base}sudoers.solaris"
+              $config_dir = '/etc/sudoers.d'
+              $content = "${content_base}sudoers.solaris.erb"
               $config_file_group = 'root'
             }
             '5.10': {
@@ -115,9 +107,8 @@
               $package_source = "http://www.sudo.ws/sudo/dist/packages/Solaris/10/TCMsudo-1.8.9p5-${::hardwareisa}.pkg.gz"
               $package_admin_file = '/var/sadm/install/admin/puppet'
               $config_file = '/etc/sudoers'
-              $includedirsudoers = false
-              $config_dir = '/etc/sudoers.d/'
-              $source = "${source_base}sudoers.solaris"
+              $config_dir = '/etc/sudoers.d'
+              $content = "${content_base}sudoers.solaris.erb"
               $config_file_group = 'root'
             }
             default: {
@@ -134,9 +125,8 @@
       $package_source = ''
       $package_admin_file = ''
       $config_file = '/usr/local/etc/sudoers'
-      $includedirsudoers = false
-      $config_dir = '/usr/local/etc/sudoers.d/'
-      $source = "${source_base}sudoers.freebsd"
+      $config_dir = '/usr/local/etc/sudoers.d'
+      $content = "${content_base}sudoers.freebsd.erb"
       $config_file_group = 'wheel'
     }
     'OpenBSD': {
@@ -150,9 +140,8 @@
       $package_source = ''
       $package_admin_file = ''
       $config_file = '/etc/sudoers'
-      $includedirsudoers = false
-      $config_dir = '/etc/sudoers.d/'
-      $source = "${source_base}sudoers.openbsd"
+      $config_dir = '/etc/sudoers.d'
+      $content = "${content_base}sudoers.openbsd.erb"
       $config_file_group = 'wheel'
     }
     'AIX': {
@@ -162,9 +151,8 @@
       $package_source = 'http://www.sudo.ws/sudo/dist/packages/AIX/5.3/sudo-1.8.9-6.aix53.lam.rpm'
       $package_admin_file = ''
       $config_file = '/etc/sudoers'
-      $includedirsudoers = false
-      $config_dir = '/etc/sudoers.d/'
-      $source = "${source_base}sudoers.aix"
+      $config_dir = '/etc/sudoers.d'
+      $content = "${content_base}sudoers.aix.erb"
       $config_file_group = 'system'
     }
     'Darwin': {
@@ -174,8 +162,8 @@
       $package_source = ''
       $package_admin_file = ''
       $config_file = '/etc/sudoers'
-      $config_dir = '/etc/sudoers.d/'
-      $source = "${source_base}sudoers.darwin"
+      $config_dir = '/etc/sudoers.d'
+      $content = "${content_base}sudoers.darwin.erb"
       $config_file_group = 'wheel'
     }
     default: {
@@ -185,32 +173,29 @@
           $package_ldap = $package
           $package_ensure = 'present'
           $config_file = '/etc/sudoers'
-          $includedirsudoers = false
-          $config_dir = '/etc/sudoers.d/'
-          $source = "${source_base}sudoers.gentoo"
+          $config_dir = '/etc/sudoers.d'
+          $content = "${content_base}sudoers.gentoo.erb"
           $config_file_group = 'root'
         }
         'Archlinux': {
           $package = 'sudo'
           $package_ldap = $package
           $package_ensure = 'present'
           $config_file = '/etc/sudoers'
-          $includedirsudoers = false
-          $config_dir = '/etc/sudoers.d/'
-          $source = "${source_base}sudoers.archlinux"
+          $config_dir = '/etc/sudoers.d'
+          $content = "${content_base}sudoers.archlinux.erb"
           $config_file_group = 'root'
         }
         'Amazon': {
           $package = 'sudo'
           $package_ldap = $package
           $package_ensure = 'present'
           $config_file = '/etc/sudoers'
-          $includedirsudoers = false
-          $config_dir = '/etc/sudoers.d/'
-          $source = $::operatingsystemrelease ? {
-            /^5/    => "${source_base}sudoers.rhel5",
-            /^6/    => "${source_base}sudoers.rhel6",
-            default => "${source_base}sudoers.rhel6",
+          $config_dir = '/etc/sudoers.d'
+          $content = $::operatingsystemrelease ? {
+            /^5/    => "${content_base}sudoers.rhel5.erb",
+            /^6/    => "${content_base}sudoers.rhel6.erb",
+            default => "${content_base}sudoers.rhel6.erb",
           }
           $config_file_group = 'root'
         }

diff --git a/files/sudoers.omnios → templates/sudoers.aix.erb b/files/sudoers.omnios → templates/sudoers.aix.erb
@@ -87,6 +87,9 @@ root ALL=(ALL) ALL
 # Defaults targetpw  # Ask for the password of the target user
 # ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'
 
-## Read drop-in files from /etc/sudoers.d
+## Read drop-in files
 ## (the '#' here does not indicate a comment)
-#includedir /etc/sudoers.d
+#includedir <%= @config_dir %>
+<% @extra_include_dirs.each do |include_dir| -%>
+#includedir <%= include_dir %>
+<% end if @extra_include_dirs -%>
diff --git a/files/sudoers.archlinux → templates/sudoers.archlinux.erb b/files/sudoers.archlinux → templates/sudoers.archlinux.erb
@@ -87,6 +87,9 @@ root ALL=(ALL) ALL
 # Defaults targetpw  # Ask for the password of the target user
 # ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'
 
-## Read drop-in files from /etc/sudoers.d
+## Read drop-in files
 ## (the '#' here does not indicate a comment)
-#includedir /etc/sudoers.d
+#includedir <%= @config_dir %>
+<% @extra_include_dirs.each do |include_dir| -%>
+#includedir <%= include_dir %>
+<% end if @extra_include_dirs -%>
diff --git a/files/sudoers.darwin → templates/sudoers.darwin.erb b/files/sudoers.darwin → templates/sudoers.darwin.erb
@@ -45,4 +45,7 @@ root	ALL=(ALL) ALL
 # Samples
 # %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
 # %users  localhost=/sbin/shutdown -h now
-#includedir /etc/sudoers.d
+#includedir <%= @config_dir %>
+<% @extra_include_dirs.each do |include_dir| -%>
+#includedir <%= include_dir %>
+<% end if @extra_include_dirs -%>
diff --git a/files/sudoers.debian → templates/sudoers.debian.erb b/files/sudoers.debian → templates/sudoers.debian.erb
@@ -12,4 +12,7 @@ root	ALL=(ALL:ALL) ALL
 
 # See sudoers(5) for more information on "#include" directives:
 
-#includedir /etc/sudoers.d
+#includedir <%= @config_dir %>
+<% @extra_include_dirs.each do |include_dir| -%>
+#includedir <%= include_dir %>
+<% end if @extra_include_dirs -%>
diff --git a/templates/sudoers.erb b/templates/sudoers.erb
diff --git a/files/sudoers.freebsd → templates/sudoers.freebsd.erb b/files/sudoers.freebsd → templates/sudoers.freebsd.erb
@@ -102,6 +102,9 @@ root ALL=(ALL) ALL
 # Defaults targetpw  # Ask for the password of the target user
 # ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'
 
-## Read drop-in files from /usr/local/etc/sudoers.d
+## Read drop-in files
 ## (the '#' here does not indicate a comment)
-#includedir /usr/local/etc/sudoers.d
+#includedir <%= @config_dir %>
+<% @extra_include_dirs.each do |include_dir| -%>
+#includedir <%= include_dir %>
+<% end if @extra_include_dirs -%>