diff --git a/manifests/init.pp b/manifests/init.pp index 3a83be8..5cb484e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,189 +1,189 @@ # Class: sudo # # This module manages sudo # # Parameters: # [*ensure*] # Ensure if present or absent. # Default: present # # [*package*] # Name of the package. # Only set this, if your platform is not supported or you know, # what you're doing. # Default: auto-set, platform specific # # [*package_ensure*] # Allows you to ensure a particular version of a package # Default: present / lastest for RHEL < 5.5 # # [*package_source*] # Where to find the package. Only set this on AIX (required) and # Solaris (required) or if your platform is not supported or you # know, what you're doing. # # The default for aix is the perzl sudo package. For solaris 10 we # use the official www.sudo.ws binary package. # # Default: AIX: perzl.org # Solaris: www.sudo.ws # # [*package_admin_file*] # Where to find a Solaris 10 package admin file for # an unattended installation. We do not supply a default file, so # this has to be staged separately # # Only set this on Solaris 10 (required) # Default: /var/sadm/install/admin/puppet # # [*purge*] # Whether or not to purge sudoers.d directory # Default: true # # [*purge_ignore*] # Files to exclude from purging in sudoers.d directory # Default: undef # # [*config_file*] # Main configuration file. # Only set this, if your platform is not supported or you know, # what you're doing. # Default: auto-set, platform specific # # [*config_file_replace*] # Replace configuration file with that one delivered with this module # Default: true # # [*includedirsudoers*] # Add #includedir /etc/sudoers.d to the end of sudoers, if not config_file_replace # Default: true if RedHat 5.x # # [*config_dir*] # Main configuration directory # Only set this, if your platform is not supported or you know, # what you're doing. # Default: auto-set, platform specific # # [*source*] # Alternate source file location # Only set this, if your platform is not supported or you know, # what you're doing. # Default: auto-set, platform specific # # [*ldap_enable*] # Enable ldap support on the package # Default: false # # Actions: # Installs sudo package and checks the state of sudoers file and # sudoers.d directory. # # Requires: # Nothing # # Sample Usage: # class { 'sudo': } # # [Remember: No empty lines between comments and class definition] class sudo( $enable = true, - $package_default = $sudo::params::package, + $package = $sudo::params::package, $package_ldap = $sudo::params::package_ldap, $package_ensure = $sudo::params::package_ensure, $package_source = $sudo::params::package_source, $package_admin_file = $sudo::params::package_admin_file, $purge = true, $purge_ignore = undef, $config_file = $sudo::params::config_file, $config_file_replace = true, $includedirsudoers = $sudo::params::includedirsudoers, $config_dir = $sudo::params::config_dir, $source = $sudo::params::source, $ldap_enable = false, ) inherits sudo::params { validate_bool($enable) case $enable { true: { $dir_ensure = 'directory' $file_ensure = 'present' } false: { $dir_ensure = 'absent' $file_ensure = 'absent' } default: { fail('no $enable is set') } } validate_bool($ldap_enable) case $ldap_enable { true: { if $package_ldap == undef { fail('on your os ldap support for sudo is not yet supported') } - $package = $package_ldap + $package_real = $package_ldap } false: { - $package = $package_default + $package_real = $package } default: { fail('no $ldap_enable is set') } } class { '::sudo::package': - package => $package, + package => $package_real, package_ensure => $package_ensure, package_source => $package_source, package_admin_file => $package_admin_file, ldap_enable => $ldap_enable, } file { $config_file: ensure => $file_ensure, owner => 'root', group => $sudo::params::config_file_group, mode => '0440', replace => $config_file_replace, source => $source, require => Class['sudo::package'], } file { $config_dir: ensure => $dir_ensure, owner => 'root', group => $sudo::params::config_file_group, mode => '0550', recurse => $purge, purge => $purge, ignore => $purge_ignore, require => Class['sudo::package'], } if $config_file_replace == false and $includedirsudoers { augeas { 'includedirsudoers': changes => ['set /files/etc/sudoers/#includedir /etc/sudoers.d'], incl => $config_file, lens => 'Sudoers.lns', } } # Load the Hiera based sudoer configuration (if enabled and present) # # NOTE: We must use 'include' here to avoid circular dependencies with # sudo::conf # # NOTE: There is no way to detect the existence of hiera. This automatic # functionality is therefore made exclusive to Puppet 3+ (hiera is embedded) # in order to preserve backwards compatibility. # # http://projects.puppetlabs.com/issues/12345 # if (versioncmp($::puppetversion, '3') != -1) { include '::sudo::configs' } anchor { 'sudo::begin': } -> Class['sudo::package'] -> anchor { 'sudo::end': } } diff --git a/spec/classes/sudo_spec.rb b/spec/classes/sudo_spec.rb index 25e3d44..0bcbc8c 100644 --- a/spec/classes/sudo_spec.rb +++ b/spec/classes/sudo_spec.rb @@ -1,227 +1,241 @@ require 'spec_helper' describe 'sudo' do let :default_params do { :enable => true, :package_ensure => 'present', :purge => true, :config_file_replace => true } end [{}, { :package_ensure => 'present', :purge => false, :config_file_replace => false }, { :package_ensure => 'latest', :purge => true, :config_file_replace => false }].each do |param_set| describe "when #{param_set == {} ? 'using default' : 'specifying'} class parameters" do let :param_hash do default_params.merge(param_set) end let :params do param_set end %w(Debian Redhat).each do |osfamily| let :facts do { :operatingsystem => osfamily, :operatingsystemrelease => '7.0', :operatingsystemmajrelease => '7', :osfamily => osfamily, :puppetversion => '3.7.0' } end describe "on supported osfamily: #{osfamily}" do it { is_expected.to contain_class('sudo::params') } it do is_expected.to contain_file('/etc/sudoers').with( 'ensure' => 'present', 'owner' => 'root', 'group' => 'root', 'mode' => '0440', 'replace' => param_hash[:config_file_replace] ) end it do is_expected.to contain_file('/etc/sudoers.d/').with( 'ensure' => 'directory', 'owner' => 'root', 'group' => 'root', 'mode' => '0550', 'recurse' => param_hash[:purge], 'purge' => param_hash[:purge] ) end it do is_expected.to contain_class('sudo::package').with( 'package' => 'sudo', 'package_ensure' => param_hash[:package_ensure] ) end end end describe 'on RedHat 5.4' do let :facts do { :osfamily => 'RedHat', :operatingsystemrelease => '5.4', :operatingsystemmajrelease => '5', :puppetversion => '3.7.0' } end it do if params == {} is_expected.to contain_class('sudo::package').with( 'package' => 'sudo', 'package_ensure' => 'latest' ) else is_expected.to contain_class('sudo::package').with( 'package' => 'sudo', 'package_ensure' => param_hash[:package_ensure] ) end end end describe 'on supported osfamily: AIX' do let :facts do { :osfamily => 'AIX', :puppetversion => '3.7.0' } end it { is_expected.to contain_class('sudo::params') } it do is_expected.to contain_file('/etc/sudoers').with( 'ensure' => 'present', 'owner' => 'root', 'group' => 'system', 'mode' => '0440', 'replace' => param_hash[:config_file_replace] ) end it do is_expected.to contain_file('/etc/sudoers.d/').with( 'ensure' => 'directory', 'owner' => 'root', 'group' => 'system', 'mode' => '0550', 'recurse' => param_hash[:purge], 'purge' => param_hash[:purge] ) end it do is_expected.to contain_class('sudo::package').with( 'package' => 'sudo', 'package_ensure' => param_hash[:package_ensure], 'package_source' => 'http://www.sudo.ws/sudo/dist/packages/AIX/5.3/sudo-1.8.9-6.aix53.lam.rpm' ) end end describe 'on supported osfamily: Solaris 10' do let :facts do { :operatingsystem => 'Solaris', :osfamily => 'Solaris', :kernelrelease => '5.10', :puppetversion => '3.7.0', :hardwareisa => 'i386' } end it { is_expected.to contain_class('sudo::params') } it do is_expected.to contain_file('/etc/sudoers').with( 'ensure' => 'present', 'owner' => 'root', 'group' => 'root', 'mode' => '0440', 'replace' => param_hash[:config_file_replace] ) end it do is_expected.to contain_file('/etc/sudoers.d/').with( 'ensure' => 'directory', 'owner' => 'root', 'group' => 'root', 'mode' => '0550', 'recurse' => param_hash[:purge], 'purge' => param_hash[:purge] ) end it do is_expected.to contain_class('sudo::package').with( 'package' => 'TCMsudo', 'package_ensure' => param_hash[:package_ensure], 'package_source' => 'http://www.sudo.ws/sudo/dist/packages/Solaris/10/TCMsudo-1.8.9p5-i386.pkg.gz', 'package_admin_file' => '/var/sadm/install/admin/puppet' ) end + + context 'when package is set' do + let :params do + { + :package => 'mysudo' + } + end + + it do + is_expected.to contain_class('sudo::package').with( + 'package' => 'mysudo', + ) + end + end end describe 'on supported osfamily: Solaris 11' do let :facts do { :operatingsystem => 'Solaris', :osfamily => 'Solaris', :kernelrelease => '5.11', :puppetversion => '3.7.0' } end it { is_expected.to contain_class('sudo::params') } it do is_expected.to contain_file('/etc/sudoers').with( 'ensure' => 'present', 'owner' => 'root', 'group' => 'root', 'mode' => '0440', 'replace' => param_hash[:config_file_replace] ) end it do is_expected.to contain_file('/etc/sudoers.d/').with( 'ensure' => 'directory', 'owner' => 'root', 'group' => 'root', 'mode' => '0550', 'recurse' => param_hash[:purge], 'purge' => param_hash[:purge] ) end it do is_expected.to contain_class('sudo::package').with( 'package' => 'pkg://solaris/security/sudo', 'package_ensure' => param_hash[:package_ensure] ) end end end end end