diff --git a/files/sudoers.wheezy b/files/sudoers.debian similarity index 100% rename from files/sudoers.wheezy rename to files/sudoers.debian diff --git a/files/sudoers.deb b/files/sudoers.olddebian similarity index 100% rename from files/sudoers.deb rename to files/sudoers.olddebian diff --git a/manifests/params.pp b/manifests/params.pp index 7e14df0..e120990 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,173 +1,169 @@ #class sudo::params #Set the paramters for the sudo module class sudo::params { $source_base = "puppet:///modules/${module_name}/" case $::osfamily { debian: { case $::operatingsystem { 'Ubuntu': { $source = "${source_base}sudoers.ubuntu" } default: { - - case $::lsbdistcodename { - 'wheezy': { - $source = "${source_base}sudoers.wheezy" - } - default: { - $source = "${source_base}sudoers.deb" - } + if (0 + $::operatingsystemmajrelease >= 7) { + $source = "${source_base}sudoers.debian" + } else { + $source = "${source_base}sudoers.olddebian" } } } $package = 'sudo' $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $config_file_group = 'root' } redhat: { $package = 'sudo' # rhel 5.0 to 5.4 use sudo 1.6.9 which does not support # includedir, so we have to make sure sudo 1.7 (comes with rhel # 5.5) is installed. $package_ensure = $::operatingsystemrelease ? { /^5.[01234]/ => 'latest', default => 'present', } $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = $::operatingsystemrelease ? { /^5/ => "${source_base}sudoers.rhel5", /^6/ => "${source_base}sudoers.rhel6", /^7/ => "${source_base}sudoers.rhel7", default => "${source_base}sudoers.rhel6", } $config_file_group = 'root' } suse: { $package = 'sudo' $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = "${source_base}sudoers.suse" $config_file_group = 'root' } solaris: { case $::operatingsystem { 'OmniOS': { $package = 'sudo' $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = "${source_base}sudoers.omnios" $config_file_group = 'root' } default: { case $::kernelrelease { '5.11': { $package = 'pkg://solaris/security/sudo' $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = "${source_base}sudoers.solaris" $config_file_group = 'root' } '5.10': { $package = 'TCMsudo' $package_ensure = 'present' $package_source = "http://www.sudo.ws/sudo/dist/packages/Solaris/10/TCMsudo-1.8.9p5-${::hardwareisa}.pkg.gz" $package_admin_file = '/var/sadm/install/admin/puppet' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = "${source_base}sudoers.solaris" $config_file_group = 'root' } default: { fail("Unsupported platform: ${::osfamily}/${::operatingsystem}/${::kernelrelease}") } } } } } freebsd: { $package = 'security/sudo' $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/usr/local/etc/sudoers' $config_dir = '/usr/local/etc/sudoers.d/' $source = "${source_base}sudoers.freebsd" $config_file_group = 'wheel' } openbsd: { $package = undef $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = "${source_base}sudoers.openbsd" $config_file_group = 'wheel' } aix: { $package = 'sudo' $package_ensure = 'present' $package_source = 'http://www.sudo.ws/sudo/dist/packages/AIX/5.3/sudo-1.8.9-6.aix53.lam.rpm' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = "${source_base}sudoers.aix" $config_file_group = 'system' } default: { case $::operatingsystem { gentoo: { $package = 'sudo' $package_ensure = 'present' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = "${source_base}sudoers.deb" $config_file_group = 'root' } archlinux: { $package = 'sudo' $package_ensure = 'present' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = "${source_base}sudoers.archlinux" $config_file_group = 'root' } amazon: { $package = 'sudo' $package_ensure = 'present' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = $::operatingsystemrelease ? { /^5/ => "${source_base}sudoers.rhel5", /^6/ => "${source_base}sudoers.rhel6", default => "${source_base}sudoers.rhel6", } $config_file_group = 'root' } default: { fail("Unsupported platform: ${::osfamily}/${::operatingsystem}") } } $package_source = '' $package_admin_file = '' } } } diff --git a/spec/defines/sudo_spec.rb b/spec/defines/sudo_spec.rb index e95f51f..bf4b8d5 100644 --- a/spec/defines/sudo_spec.rb +++ b/spec/defines/sudo_spec.rb @@ -1,75 +1,76 @@ require 'spec_helper' describe 'sudo::conf', :type => :define do let(:title) { 'admins' } let(:filename) { '10_admins' } let(:file_path) { '/etc/sudoers.d/10_admins' } let :facts do { :lsbdistcodename => 'wheezy', + :operatingsystemmajrelease => '7', :operatingsystem => 'Debian', :osfamily => 'Debian', :puppetversion => '3.7.0', } end let :params do { :priority => 10, :content => "%admins ALL=(ALL) NOPASSWD: ALL", :sudo_config_dir => '/etc/sudoers.d/', } end describe "when creating a sudo entry" do it { should contain_sudo__conf('admins').with({ :priority => params[:priority], :content => params[:content], }) } it { should contain_file(filename).with({ 'ensure' => 'present', 'content' => "%admins ALL=(ALL) NOPASSWD: ALL\n", 'owner' => 'root', 'group' => 'root', 'path' => file_path, 'mode' => '0440', }) } it { should contain_exec("sudo-syntax-check for file #{params[:sudo_config_dir]}#{params[:priority]}_#{title}").with({ 'command' => "visudo -c -f #{params[:sudo_config_dir]}#{params[:priority]}_#{title} || ( rm -f '#{params[:sudo_config_dir]}#{params[:priority]}_#{title}' && exit 1)", 'refreshonly' => 'true', }) } it { should contain_file(filename).that_notifies("Exec[sudo-syntax-check for file #{params[:sudo_config_dir]}#{params[:priority]}_#{title}]") } it { should_not contain_exec("sudo-syntax-check for file #{params[:sudo_config_dir]}#{params[:priority]}_#{title}").that_requires("File[#{filename}]") } it { should_not contain_file(filename).that_requires("Exec[sudo-syntax-check for file #{params[:sudo_config_dir]}#{params[:priority]}_#{title}]") } end describe "when removing an sudo entry" do let :params do { :ensure => 'absent', :priority => 10, :content => "%admins ALL=(ALL) NOPASSWD: ALL", :sudo_config_dir => '/etc/sudoers.d/', } end it { should contain_file(filename).with({ 'ensure' => 'absent', 'content' => "%admins ALL=(ALL) NOPASSWD: ALL\n", 'owner' => 'root', 'group' => 'root', 'path' => file_path, 'mode' => '0440', }) } end end