Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BREAKING: Support multiple #includedir sudoers stanzas #191

Merged
merged 4 commits into from
May 23, 2017
Merged

BREAKING: Support multiple #includedir sudoers stanzas #191

merged 4 commits into from
May 23, 2017

Conversation

rnelson0
Copy link
Contributor

@rnelson0 rnelson0 commented Apr 28, 2017
edited
Loading

I have need to support multiple #includedir stanzas, which are dynamic, rather than the single stanza in the file resources used now. This PR converts the file {'/etc/sudoers/:} resource from using a static file to an ERB template. Additional stanzas can be included by updating the sudo::extra_include_dirs key with a list of directories. Here's an example of the effective differences on RHEL7:

When upgrading from 3.1.0 to 4.1.0 (just to see some changes)

Notice: /Stage[main]/Sudo/File[/etc/sudoers]/content:
--- /etc/sudoers        2016-01-26 17:29:34.358425553 +0000
+++ /tmp/puppet-file20170428-12718-16976bm      2017-04-28 20:27:28.335942664 +0000
@@ -1,3 +1,5 @@
+# file managed by puppet (unless config_file_replace=false)
+#
 ## Sudoers allows particular users to run various commands as
 ## the root user, without needing the root password.
 ##
@@ -64,7 +66,7 @@
 Defaults    always_set_home

 Defaults    env_reset
-Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
+Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
 Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
 Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
 Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"

Notice: /Stage[main]/Sudo/File[/etc/sudoers]/content: current_value {md5}aeeef04240c22b0a067a5e01809b139d, should be {md5}e7d8a1eb7e25ff8b137d06b802fc7683 (noop)

Given the following hiera global file:

---
sudo::extra_include_dirs:
  - '/some/other/path'

And going from 3.1.0 to 4.1.0+includedir branch:

Notice: /Stage[main]/Sudo/File[/etc/sudoers]/content:
--- /etc/sudoers        2016-01-26 17:29:34.358425553 +0000
+++ /tmp/puppet-file20170428-25164-1icby3o      2017-04-28 21:13:52.743898805 +0000
@@ -1,3 +1,5 @@
+# file managed by puppet (unless config_file_replace=false)
+#
 ## Sudoers allows particular users to run various commands as
 ## the root user, without needing the root password.
 ##
@@ -64,7 +66,7 @@
 Defaults    always_set_home

 Defaults    env_reset
-Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
+Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
 Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
 Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
 Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
@@ -107,5 +109,6 @@
 ## Allows members of the users group to shutdown this system
 # %users  localhost=/sbin/shutdown -h now

-## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
+## Read drop-in files
 #includedir /etc/sudoers.d
+#includedir /some/other/path

Notice: /Stage[main]/Sudo/File[/etc/sudoers]/content: current_value {md5}aeeef04240c22b0a067a5e01809b139d, should be {md5}0b78194902c33b02a7bfb82bf86fd62d (noop)

@rnelson0
Copy link
Contributor Author

rnelson0 commented May 3, 2017

I made a few tweaks today after implementing my feature branch in production. The trailing / was throwing things off, but I think I have adjusted adequately for it.

@rnelson0
Copy link
Contributor Author

rnelson0 commented May 3, 2017

The test failures for puppet 3/no future parser are because I added a type def. Puppet 3 hit EOL on 12/31/2016. I can drop the type def if there's some need to preserve Puppet 3 compatibility, though.

@saz
Copy link
Owner

saz commented May 3, 2017 via email

rnelson0 added 4 commits May 3, 2017 22:55
@rnelson0
Allow user to specify multiple config dirs/#includedir directives
ff55b7c
@rnelson0
Update the sudo::conf tests.
6963047 
  The three removed tests were failing in master already.
  While touching those tests, migrated the hashes to the newer ruby syntax
@rnelson0
Rubocop updates
8b0f88b
@rnelson0
Remove one test to speed up the CI system, while preserving build/dep…
6b3ab03 
…loy functionality
@rnelson0
Copy link
Contributor Author

rnelson0 commented May 3, 2017

@saz Sounds good! Updated with no types so it's past_parser compatible.

I also combined two tests in travis to make the matrix a little smaller/faster (for some reason it's not using it right now, but would certainly be used on future PRs). It's what we use in Vox Pupuli projects, works pretty well.

@rnelson0
Copy link
Contributor Author

@saz Any update on this?

@rnelson0
Copy link
Contributor Author

Bump

@saz saz merged commit 0996c13 into saz:master May 23, 2017
@rnelson0 rnelson0 changed the title Support multiple #includedir sudoers stanzas BREAKING: Support multiple #includedir sudoers stanzas May 23, 2017
@rnelson0 rnelson0 deleted the includedir branch June 28, 2017 12:49
@esalberg esalberg mentioned this pull request Jul 24, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rnelson0 @saz