diff --git a/README.md b/README.md index 9a89a96..3d6bf98 100644 --- a/README.md +++ b/README.md @@ -1,236 +1,236 @@ # puppet-sudo [![Build Status](https://secure.travis-ci.org/saz/puppet-sudo.png)](http://travis-ci.org/saz/puppet-sudo) https://github.com/saz/puppet-sudo Manage sudo configuration via Puppet ### Supported Puppet versions * Puppet >= 4 * Last version supporting Puppet 3: v4.2.0 ### Supported OS Some family and some specific os are supported by this module * debian osfamily (debian, ubuntu, kali, ...) * redhat osfamily (redhat, centos, fedora, ...) * suse osfamily (suse, opensuse, ...) * solaris osfamily (Solaris, OmniOS, SmartOS, ...) * freebsd osfamily * openbsd osfamily * aix osfamily * darwin osfamily * gentoo operating system * archlinux operating system * amazon operating system ### Gittip [![Support via Gittip](https://rawgithub.com/twolfson/gittip-badge/0.2.0/dist/gittip.png)](https://www.gittip.com/saz/) ## Usage ### WARNING **This module will purge your current sudo config** If this is not what you're expecting, set `purge` and/or `config_file_replace` to **false** ### Install sudo with default sudoers #### Purge current sudo config ```puppet class { 'sudo': } ``` #### Purge sudoers.d directory, but leave sudoers file as it is ```puppet class { 'sudo': config_file_replace => false, } ``` -#### Selective Purge of sudoers.d Directory +#### Selective Purge of sudoers.d Directory A combination of `suffix` and `ignore` can be used to purge only files that puppet previously created. -If `suffix` is specified all puppet created sudoers.d entries will have this suffix apprended to +If `suffix` is specified all puppet created sudoers.d entries will have this suffix apprended to the thier file name. A ruby glob can be used as `ignore` to ignore all files that do not have this suffix. ```puppet class{'sudo': suffix => '_puppet', ignore => '*[!_puppet]', } ``` #### Leave current sudo config as it is ```puppet class { 'sudo': purge => false, config_file_replace => false, } ``` #### Use LDAP along with sudo Sudo do not always include by default the support for LDAP. On Debian and Ubuntu a special package sudo-ldap will be used. On Gentoo there is also the needing to include [puppet portage module by Gentoo](https://forge.puppetlabs.com/gentoo/portage). If not present, only a notification will be shown. ```puppet class { 'sudo': ldap_enable => true, } ``` ### Adding sudoers configuration #### Using Code ```puppet class { 'sudo': } sudo::conf { 'web': source => 'puppet:///files/etc/sudoers.d/web', } sudo::conf { 'admins': priority => 10, content => '%admins ALL=(ALL) NOPASSWD: ALL', } sudo::conf { 'joe': priority => 60, source => 'puppet:///files/etc/sudoers.d/users/joe', } ``` #### Using Hiera A hiera hash may be used to assemble the sudoers configuration. Hash merging is also enabled, which supports layering the configuration settings. Examples using: - YAML backend - an environment called __production__ - a __/etc/puppet/hiera.yaml__ hierarchy configuration: ```yaml :hierarchy: - "%{environment}" - "defaults" ``` ##### Load module Load the module via Puppet Code or your ENC. ```puppet include sudo ``` ##### Configure Hiera YAML __(defaults.yaml)__ These defaults will apply to all systems. ```yaml sudo::configs: 'web': 'source' : 'puppet:///files/etc/sudoers.d/web' 'admins': 'content' : '%admins ALL=(ALL) NOPASSWD: ALL' 'priority' : 10 'joe': 'priority' : 60 'source' : 'puppet:///files/etc/sudoers.d/users/joe' ``` ##### Configure Hiera YAML __(production.yaml)__ This will only apply to the production environment. In this example we are: - inheriting/preserving the __web__ configuration - overriding the __admins__ configuration - removing the __joe__ configuration - adding the __bill__ template ```yaml lookup_options: sudo::configs: merge: strategy: deep merge_hash_arrays: true sudo::configs: 'admins': 'content' : "%prodadmins ALL=(ALL) NOPASSWD: ALL" 'priority' : 10 'joe': 'ensure' : 'absent' 'source' : 'puppet:///files/etc/sudoers.d/users/joe' 'bill': 'template' : "mymodule/bill.erb" ``` In this example we are: - inheriting/preserving the __web__ configuration - overriding the __admins:content__ setting - inheriting/preserving the __admins:priority__ setting - inheriting/preserving the __joe:source__ and __joe:priority__ settings - removing the __joe__ configuration - adding the __bill__ template ```yaml lookup_options: sudo::configs: merge: strategy: deep merge_hash_arrays: true sudo::configs: 'admins': 'content' : "%prodadmins ALL=(ALL) NOPASSWD: ALL" 'joe': 'ensure' : 'absent' 'bill': 'template' : "mymodule/bill.erb" ``` ##### Set a custom name for the sudoers file -In some edge cases, the automatically generated sudoers file name is insufficient. For example, when an application generates a sudoers file with a fixed file name, using this class with the purge option enabled will always delete the custom file and adding it manually will generate a file with the right content, but the wrong name. To solve this, you can use the ```sudo_file_name``` option to manually set the desired file name. +In some edge cases, the automatically generated sudoers file name is insufficient. For example, when an application generates a sudoers file with a fixed file name, using this class with the purge option enabled will always delete the custom file and adding it manually will generate a file with the right content, but the wrong name. To solve this, you can use the ```sudo_file_name``` option to manually set the desired file name. ```puppet sudo::conf { "foreman-proxy": ensure => "present", source => "puppet:///modules/sudo/foreman-proxy", sudo_file_name => "foreman-proxy", } ``` ### sudo::conf / sudo::configs notes * One of content or source must be set. * Content may be an array, string will be added with return carriage after each element. * In order to properly pass a template() use template instead of content, as hiera would run template function otherwise. ## sudo class parameters | Parameter | Type | Default | Description | | :-------------- | :------ |:----------- | :---------- | | enable | boolean | true | Set this to remove or purge all sudoers configs | | package | string | OS specific | Set package name _(for unsupported platforms)_ | | package_ensure | string | present | latest, absent, or a specific package version | | package_source | string | OS specific | Set package source _(for unsupported platforms)_ | | purge | boolean | true | Purge unmanaged files from config_dir | | purge_ignore | string | undef | Files excluded from purging in config_dir | | config_file | string | OS specific | Set config_file _(for unsupported platforms)_ | | config_file_replace | boolean | true | Replace config file with module config file | | includedirsudoers | boolean | OS specific | Add #includedir /etc/sudoers.d with augeas | | config_dir | string | OS specific | Set config_dir _(for unsupported platforms)_ | | content | string | OS specific | Alternate content file location | | ldap_enable | boolean | false | Add support to LDAP | | configs | hash | {} | A hash of sudo::conf's | ## sudo::conf class / sudo::configs hash parameters | Parameter | Type | Default | Description | | :-------------- | :----- |:----------- | :---------- | | ensure | string | present | present or absent | | priority | number | 10 | file name prefix | | content | string | undef | content of configuration snippet | | source | string | undef | source of configuration snippet | | template | string | undef | template of configuration snippet | | sudo_config_dir | string | OS Specific | configuration snippet directory _(for unsupported platforms)_ | | sudo_file_name | string | undef | custom file name for sudo file in sudoers directory | diff --git a/manifests/allow.pp b/manifests/allow.pp index fb026a1..556f340 100644 --- a/manifests/allow.pp +++ b/manifests/allow.pp @@ -1,76 +1,76 @@ # Class: sudo::allow # # This class allows you to take complete advantage of automatic parameter # lookup using a Hiera database. Providing a singleton class that accepts # arrays in the parameters makes it possible to implement specific user # or group configuration in Hiera, whereas the use of defined types is # normally restricted to Puppet manifests. # # Furthermore, having separate parameters for "add" and "replace" modes # allows you to take full advantage of inheritance in the Hiera database # while still allowing for exceptions if required. # # This class works best with Puppet 3.0 or higher. # # Parameters: # [*add_users*] # Define the set of users with sudo privileges by getting all values in # the hierarchy for this key, then flattening them into a single array # of unique values. # Default: empty array # # [*add_groups*] # Define the set of groups with sudo privileges by getting all values in # the hierarchy for this key, then flattening them into a single array # of unique values. # Default: empty array # # [*replace_users*] # Override any values specified in add_users. If you specify this value # in your manifest or Hiera database, the contents of "add_users" will # be ignored. With Hiera, a standard priority lookup is used. Note that # if replace_users is specified at ANY level of the hierarchy, then # add_users is ignored at EVERY level of the hierarchy. # Default: undef # # [*replace_groups*] # Override any values specified in add_groups. If you specify this value # in your manifest or Hiera database, the contents of "add_groups" will # be ignored. With Hiera, a standard priority lookup is used. Note that # if replace_groups is specified at ANY level of the hierarchy, then # add_groups is ignored at EVERY level of the hierarchy. # Default: undef # # Actions: # Creates file in sudoers.d that permits specific users and groups to sudo. # # Sample Usage: # class { 'sudo::allow': # add_users => ['jsmith'], # add_groups => ['wheel'], # } # # [Remember: No empty lines between comments and class definition] -class sudo::allow( +class sudo::allow ( $add_users = [], $add_groups = [], $replace_users = undef, $replace_groups = undef ) { # TODO validate that all input is arrays if $replace_users != undef { $users = $replace_users } else { $users = lookup("${module_name}::allow::add_users", Array, 'unique', $add_users) } if $replace_groups != undef { $groups = $replace_groups } else { $groups = lookup("${module_name}::allow::add_groups", Array, 'unique', $add_groups) } sudo::conf { 'sudo_users_groups': content => template("${module_name}/users_groups.erb"), } } diff --git a/manifests/conf.pp b/manifests/conf.pp index 89f8ec0..943a344 100644 --- a/manifests/conf.pp +++ b/manifests/conf.pp @@ -1,143 +1,143 @@ # Define: sudo::conf # # This module manages sudo configurations # # Parameters: # [*ensure*] # Ensure if present or absent. # Default: present # # [*priority*] # Prefix file name with $priority # Default: 10 # # [*content*] # Content of configuration snippet. # Default: undef # # [*source*] # Source of configuration snippet. # Default: undef # # [*sudo_config_dir*] # Where to place configuration snippets. # Only set this, if your platform is not supported or # you know, what you're doing. # Default: auto-set, platform specific # # Actions: # Installs sudo configuration snippets # # Requires: # Class sudo # # Sample Usage: # sudo::conf { 'admins': # source => 'puppet:///files/etc/sudoers.d/admins', # } # # [Remember: No empty lines between comments and class definition] -define sudo::conf( +define sudo::conf ( $ensure = present, $priority = 10, $content = undef, $source = undef, $template = undef, $sudo_config_dir = undef, $sudo_file_name = undef, $sudo_syntax_path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' ) { include sudo # Hack to allow the user to set the config_dir from the # sudo::config parameter, but default to $sudo::params::config_dir # if it is not provided. $sudo::params isn't included before # the parameters are loaded in. $sudo_config_dir_real = $sudo_config_dir ? { undef => $sudo::config_dir, $sudo_config_dir => $sudo_config_dir } # Append suffix if $sudo::suffix { $_name_suffix = "${name}${sudo::suffix}" } else { $_name_suffix = $name } # sudo skip file name that contain a "." $dname = regsubst($_name_suffix, '\.', '-', 'G') if size("x${priority}") == 2 { $priority_real = "0${priority}" } else { $priority_real = $priority } # build current file name with path if $sudo_file_name != undef { $cur_file = "${sudo_config_dir_real}/${sudo_file_name}" } else { $cur_file = "${sudo_config_dir_real}/${priority_real}_${dname}" } # replace whitespace in file name $cur_file_real = regsubst($cur_file, '\s+', '_', 'G') - if $::osfamily == 'RedHat' { + if $facts['os']['family'] == 'RedHat' { if (versioncmp($::sudoversion, '1.7.2p1') < 0) { warning("Found sudo with version ${::sudoversion}, but at least version 1.7.2p1 is required!") } } if $content != undef { if $content =~ Array { $lines = join($content, "\n") $content_real = "# This file is managed by Puppet; changes may be overwritten\n${lines}\n" } else { $content_real = "# This file is managed by Puppet; changes may be overwritten\n${content}\n" } } elsif $template != undef { $content_real = template($template) } else { $content_real = undef } if $ensure == 'present' { if $sudo::validate_single { $validate_cmd_real = 'visudo -c -f %' } else { $validate_cmd_real = undef } if $sudo::delete_on_error { $notify_real = Exec["sudo-syntax-check for file ${cur_file}"] $delete_cmd = "( rm -f '${cur_file_real}' && exit 1)" } else { $notify_real = Exec["sudo-syntax-check for file ${cur_file}"] $errormsg = "Error on global-syntax-check with file ${cur_file_real}" $delete_cmd = "( echo '${errormsg}' && echo '#${errormsg}' >>${cur_file_real} && exit 1)" } } else { $delete_cmd = '' $notify_real = undef $validate_cmd_real = undef } file { "${priority_real}_${dname}": ensure => $ensure, path => $cur_file_real, owner => 'root', group => $sudo::params::config_file_group, mode => $sudo::params::config_file_mode, source => $source, content => $content_real, notify => $notify_real, require => File[$sudo_config_dir_real], validate_cmd => $validate_cmd_real, } - exec {"sudo-syntax-check for file ${cur_file}": + exec { "sudo-syntax-check for file ${cur_file}": command => "visudo -c || ${delete_cmd}", refreshonly => true, path => $sudo_syntax_path, } } diff --git a/manifests/init.pp b/manifests/init.pp index f8cbf8f..d848e30 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,211 +1,206 @@ # Class: sudo # # This module manages sudo # # Parameters: # [*ensure*] # Ensure if present or absent. # Default: present # # [*package*] # Name of the package. # Only set this, if your platform is not supported or you know, # what you're doing. # Default: auto-set, platform specific # # [*package_ensure*] # Allows you to ensure a particular version of a package # Default: present / lastest for RHEL < 5.5 # # [*package_source*] # Where to find the package. Only set this on AIX (required) and # Solaris (required) or if your platform is not supported or you # know, what you're doing. # # The default for aix is the perzl sudo package. For solaris 10 we # use the official www.sudo.ws binary package. # # Default: AIX: perzl.org # Solaris: www.sudo.ws # # [*package_admin_file*] # Where to find a Solaris 10 package admin file for # an unattended installation. We do not supply a default file, so # this has to be staged separately # # Only set this on Solaris 10 (required) # Default: /var/sadm/install/admin/puppet # # [*purge*] # Whether or not to purge sudoers.d directory # Default: true # # [*purge_ignore*] # Files to exclude from purging in sudoers.d directory # Default: undef # # [*suffix*] # Adds a custom suffix to all files created in sudoers.d directory. # # [*config_file*] # Main configuration file. # Only set this, if your platform is not supported or you know, # what you're doing. # Default: auto-set, platform specific # # [*config_dir*] # Main directory containing sudo snippets, imported via # includedir stanza in sudoers file # Default: auto-set, platform specific # # [*extra_include_dirs*] # Array of additional directories containing sudo snippets # Default: undef # # [*content*] # Alternate content file location # Only set this, if your platform is not supported or you know, # what you're doing. # Default: auto-set, platform specific # # [*ldap_enable*] # Enable ldap support on the package # Default: false # # [*delete_on_error*] # True if you want that the configuration is deleted on an error # during a complete visudo -c run. If false it will just return # an error and will add a comment to the sudoers configuration so # that the resource will be checked at the following run. # Default: true # # [*validate_single*] # Do a validate on the "single" file in the sudoers.d directory. # If the validate fail the file will not be saved or changed # if a file already exist. # Default: false # # [*use_sudoreplay*] # Boolean to enable the usage of sudoreplay. # Default: false # # [*sudoreplay_discard*] # Array of additional command to discard in sudo log. # Default: undef # # [*configs*] # A hash of sudo::conf's # Default: {} # # Actions: # Installs sudo package and checks the state of sudoers file and # sudoers.d directory. # # Requires: # Nothing # # Sample Usage: # class { 'sudo': } # # [Remember: No empty lines between comments and class definition] class sudo ( Boolean $enable = true, Optional[String] $package = $sudo::params::package, Optional[String] $package_ldap = $sudo::params::package_ldap, String $package_ensure = $sudo::params::package_ensure, Optional[String] $package_source = $sudo::params::package_source, Optional[String] $package_admin_file = $sudo::params::package_admin_file, Boolean $purge = true, Optional[Variant[String, Array[String]]] $purge_ignore = undef, Optional[String] $suffix = undef, String $config_file = $sudo::params::config_file, Boolean $config_file_replace = true, String $config_file_mode = $sudo::params::config_file_mode, String $config_dir = $sudo::params::config_dir, String $config_dir_mode = $sudo::params::config_dir_mode, Optional[Array[String]] $extra_include_dirs = undef, String $content = $sudo::params::content, Boolean $ldap_enable = false, Boolean $delete_on_error = true, Boolean $validate_single = false, Boolean $config_dir_keepme = $sudo::params::config_dir_keepme, Boolean $use_sudoreplay = false, Optional[Array[String]] $sudoreplay_discard = undef, Hash $configs = {}, ) inherits sudo::params { - - case $enable { true: { $dir_ensure = 'directory' $file_ensure = 'present' } false: { $dir_ensure = 'absent' $file_ensure = 'absent' } default: { fail('no $enable is set') } } case $ldap_enable { true: { if $package_ldap == undef { fail('on your os ldap support for sudo is not yet supported') } $package_real = $package_ldap } false: { $package_real = $package } default: { fail('no $ldap_enable is set') } } if $package_real { class { 'sudo::package': package => $package_real, package_ensure => $package_ensure, package_source => $package_source, package_admin_file => $package_admin_file, ldap_enable => $ldap_enable, - before => [ File[$config_file], File[$config_dir] ], + before => [ + File[$config_file], + File[$config_dir], + ], } } file { $config_file: ensure => $file_ensure, owner => 'root', group => $sudo::params::config_file_group, mode => $config_file_mode, replace => $config_file_replace, content => template($content), } file { $config_dir: ensure => $dir_ensure, owner => 'root', group => $sudo::params::config_file_group, mode => $config_dir_mode, recurse => $purge, purge => $purge, ignore => $purge_ignore, } if $config_dir_keepme { file { "${config_dir}/.keep-me": ensure => file, owner => 'root', group => $sudo::params::config_file_group, } } $configs.each |$config_name, $config| { sudo::conf { $config_name: * => $config, } } - - if $package_real { - anchor { 'sudo::begin': } - -> Class['sudo::package'] - -> anchor { 'sudo::end': } - } } diff --git a/manifests/package.pp b/manifests/package.pp index 1c6e6c6..af6c084 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -1,81 +1,84 @@ # == Class: sudo::package # # Installs the sudo package on various platforms. # # === Parameters # # Document parameters here. # # [*package*] # The name of the sudo package to be installed # # [*package_ensure*] # Ensure if present or absent # # [*package_source*] # Where to find the sudo packge, should be a local file or a uri # # === Examples # # class { sysdoc::package # package => 'sudo', # } # # === Authors # # Toni Schmidbauer # # === Copyright # # Copyright 2013 Toni Schmidbauer # -class sudo::package( +class sudo::package ( $package = '', $package_ensure = present, $package_source = '', $package_admin_file = '', $ldap_enable = false, ) { - if $ldap_enable == true { - case $::osfamily { + case $facts['os']['family'] { 'Gentoo': { if defined( 'portage' ) { Class['sudo'] -> Class['portage'] package_use { 'app-admin/sudo': ensure => present, use => ['ldap'], target => 'sudo-flags', } } else { fail ('portage package needed to define ldap use on sudo') } } - default: { } + default: {} } } - case $::osfamily { + case $facts['os']['family'] { 'AIX': { class { 'sudo::package::aix': package => $package, package_source => $package_source, package_ensure => $package_ensure, } } 'Darwin': {} 'Solaris': { class { 'sudo::package::solaris': package => $package, package_source => $package_source, package_ensure => $package_ensure, package_admin_file => $package_admin_file, } } default: { if $package != '' { - ensure_packages([$package], {'ensure' => $package_ensure}) + ensure_packages([ + $package, + ], { + 'ensure' => $package_ensure, + }) } } } } diff --git a/manifests/package/aix.pp b/manifests/package/aix.pp index 89fb9dc..f3a01fb 100644 --- a/manifests/package/aix.pp +++ b/manifests/package/aix.pp @@ -1,46 +1,44 @@ # == Class: sudo::package::aix # # Install the perzl.org sudo package. It also requires the openldap # rpm. so we add a dependencies to the ldap module. # # === Parameters # # Document parameters here. # # [*package*] # The name of the sudo package to be installed # # [*package_ensure*] # Ensure if present or absent # # [*package_source*] # Where to find the sudo packge, should be a local file or a uri # # === Examples # # class { sudo::package::aix: # package => 'sudo', # package_source 'http://myaixpkgserver/pkgs/aix/sudo-1.8.6p7-1.aix5.1.ppc.rpm'', # } # # === Authors # # Toni Schmidbauer # # === Copyright # # Copyright 2013 Toni Schmidbauer # class sudo::package::aix ( $package = '', $package_source = '', $package_ensure = 'present', - - ) { - - package { $package: - ensure => $package_ensure, - source => $package_source, - provider => rpm, - } +) { + package { $package: + ensure => $package_ensure, + source => $package_source, + provider => rpm, + } } diff --git a/manifests/package/solaris.pp b/manifests/package/solaris.pp index ad2bcf6..d5cf4d0 100644 --- a/manifests/package/solaris.pp +++ b/manifests/package/solaris.pp @@ -1,60 +1,61 @@ # == Class: sudo::package::solaris # # install sudo under solaris 10/11. # # === Parameters # # Document parameters here. # # [*package*] # The name of the sudo package to be installed # # [*package_ensure*] # Ensure if present or absent # # [*package_source*] # Where to find the sudo packge, should be a local file or a uri # # [*package_admin_file*] # Solaris 10 package admin file for unattended installation # # === Examples # # class { sudo::package::solaris: # package => 'sudo', # } # # === Authors # # Toni Schmidbauer # # === Copyright # # Copyright 2013 Toni Schmidbauer # class sudo::package::solaris ( - $package = '', + $package = '', $package_source = '', $package_ensure = 'present', $package_admin_file = '', - ) { - +) { case $::kernelrelease { '5.11': { package { $package: ensure => $package_ensure, } } '5.10': { package { $package: ensure => $package_ensure, source => $package_source, adminfile => $package_admin_file, - install_options => ['-G', ], + install_options => [ + '-G', + ], } } default: { fail("Unsupported Solaris kernelrelease ${::kernelrelease}!") } } } diff --git a/manifests/params.pp b/manifests/params.pp index 0b410ea..c428a81 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,227 +1,227 @@ #class sudo::params #Set the paramters for the sudo module class sudo::params { $content_base = "${module_name}/" $config_file_mode = '0440' $config_dir_mode = '0550' - case $::osfamily { + case $facts['os']['family'] { 'Debian': { - case $::operatingsystem { + case $facts['os']['name'] { 'Ubuntu': { $content = "${content_base}sudoers.ubuntu.erb" } default: { - if (versioncmp($::operatingsystemmajrelease, '7') >= 0) or - ($::operatingsystemmajrelease =~ /\/sid/) or - ($::operatingsystemmajrelease =~ /Kali/) { + if (versioncmp($facts['os']['release']['major'], '7') >= 0) or + ($facts['os']['release']['major'] =~ /\/sid/) or + ($facts['os']['release']['major'] =~ /Kali/) { $content = "${content_base}sudoers.debian.erb" } else { $content = "${content_base}sudoers.olddebian.erb" } } } $package = 'sudo' $package_ldap = 'sudo-ldap' $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $config_file_group = 'root' $config_dir_keepme = false } 'RedHat': { $package = 'sudo' # in redhat sudo package is already compiled for ldap support $package_ldap = $package # rhel 5.0 to 5.4 use sudo 1.6.9 which does not support # includedir, so we have to make sure sudo 1.7 (comes with rhel # 5.5) is installed. - $package_ensure = $::operatingsystemrelease ? { + $package_ensure = $facts['os']['release']['full'] ? { /^5.[01234]$/ => 'latest', default => 'present', } $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' - $content = $::operatingsystemrelease ? { + $content = $facts['os']['release']['full'] ? { /^5/ => "${content_base}sudoers.rhel5.erb", /^6/ => "${content_base}sudoers.rhel6.erb", /^7/ => "${content_base}sudoers.rhel7.erb", /^8/ => "${content_base}sudoers.rhel8.erb", default => "${content_base}sudoers.rhel8.erb", - } + } $config_file_group = 'root' $config_dir_keepme = false } 'Suse': { $package = 'sudo' $package_ldap = $package $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.suse.erb" $config_file_group = 'root' $config_dir_keepme = false } 'Solaris': { - case $::operatingsystem { + case $facts['os']['name'] { 'OmniOS': { $package = 'sudo' $package_ldap = undef $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.omnios.erb" $config_file_group = 'root' $config_dir_keepme = false } 'SmartOS': { $package = 'sudo' $package_ldap = undef $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/opt/local/etc/sudoers' $config_dir = '/opt/local/etc/sudoers.d' $content = "${content_base}sudoers.smartos.erb" $config_file_group = 'root' $config_dir_keepme = false } default: { case $::kernelrelease { '5.11': { $package = 'pkg://solaris/security/sudo' $package_ldap = undef $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.solaris.erb" $config_file_group = 'root' $config_dir_keepme = false } '5.10': { $package = 'TCMsudo' $package_ldap = undef $package_ensure = 'present' - $package_source = "http://www.sudo.ws/sudo/dist/packages/Solaris/10/TCMsudo-1.8.9p5-${::hardwareisa}.pkg.gz" + $package_source = "http://www.sudo.ws/sudo/dist/packages/Solaris/10/TCMsudo-1.8.9p5-${facts['os']['hardware']}.pkg.gz" $package_admin_file = '/var/sadm/install/admin/puppet' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.solaris.erb" $config_file_group = 'root' $config_dir_keepme = false } default: { - fail("Unsupported platform: ${::osfamily}/${::operatingsystem}/${::kernelrelease}") + fail("Unsupported platform: ${facts['os']['family']}/${facts['os']['name']}/${::kernelrelease}") } } } } } 'FreeBSD': { $package = 'security/sudo' $package_ldap = undef $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/usr/local/etc/sudoers' $config_dir = '/usr/local/etc/sudoers.d' $content = "${content_base}sudoers.freebsd.erb" $config_file_group = 'wheel' $config_dir_keepme = true } 'OpenBSD': { if (versioncmp($::kernelversion, '5.8') < 0) { $package = undef } else { $package = 'sudo' } $package_ldap = undef $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.openbsd.erb" $config_file_group = 'wheel' $config_dir_keepme = false } 'AIX': { $package = 'sudo' $package_ldap = undef $package_ensure = 'present' $package_source = 'http://www.sudo.ws/sudo/dist/packages/AIX/5.3/sudo-1.8.27-1.aix53.rpm' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.aix.erb" $config_file_group = 'system' $config_dir_keepme = false } 'Darwin': { $package = undef $package_ldap = undef $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.darwin.erb" $config_file_group = 'wheel' $config_dir_keepme = false } default: { - case $::operatingsystem { + case $facts['os']['name'] { 'Gentoo': { $package = 'sudo' $package_ldap = $package $package_ensure = 'present' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.gentoo.erb" $config_file_group = 'root' $config_dir_keepme = false } /^(Archlinux|Manjarolinux)$/: { $package = 'sudo' $package_ldap = $package $package_ensure = 'present' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.archlinux.erb" $config_file_group = 'root' $config_dir_keepme = false } 'Amazon': { $package = 'sudo' $package_ldap = $package $package_ensure = 'present' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' - $content = $::operatingsystemrelease ? { + $content = $facts['os']['release']['full'] ? { /^5/ => "${content_base}sudoers.rhel5.erb", /^6/ => "${content_base}sudoers.rhel6.erb", default => "${content_base}sudoers.rhel6.erb", } $config_file_group = 'root' $config_dir_keepme = false } default: { - fail("Unsupported platform: ${::osfamily}/${::operatingsystem}") + fail("Unsupported platform: ${facts['os']['family']}/${facts['os']['name']}") } } $package_source = '' $package_admin_file = '' } } } diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 267bc1e..2d96071 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -1,16 +1,16 @@ require 'spec_helper_acceptance' describe 'sudo class' do context 'with default parameters' do # Using puppet_apply as a helper it 'works with no errors' do pp = <<-PP class { 'sudo': } PP # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) + apply_manifest(pp, catch_failures: true) + apply_manifest(pp, catch_changes: true) end end end diff --git a/spec/acceptance/sudo_conf_spec.rb b/spec/acceptance/sudo_conf_spec.rb index dbf8a7a..7c80645 100644 --- a/spec/acceptance/sudo_conf_spec.rb +++ b/spec/acceptance/sudo_conf_spec.rb @@ -1,95 +1,95 @@ require 'spec_helper_acceptance' describe 'sudo::conf class' do context 'with default parameters' do # Using puppet_apply as a helper it 'works with no errors' do pp = <<-PP group { 'janedoe': ensure => present; } -> user { 'janedoe' : gid => 'janedoe', home => '/home/janedoe', shell => '/bin/bash', managehome => true, membership => minimum, } -> user { 'nosudoguy' : home => '/home/nosudoguy', shell => '/bin/bash', managehome => true, membership => minimum, } -> class {'sudo': purge => false, config_file_replace => false, } -> sudo::conf { 'janedoe_nopasswd': content => "janedoe ALL=(ALL) NOPASSWD: ALL\n" } PP # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, catch_failures: true) + apply_manifest(pp, catch_failures: true) end describe command("su - janedoe -c 'sudo echo Hello World'") do its(:stdout) { is_expected.to match %r{Hello World} } its(:exit_status) { is_expected.to eq 0 } end describe command("su - nosudoguy -c 'sudo echo Hello World'") do its(:stderr) { is_expected.to match %r{no tty present and no askpass program specified} } its(:exit_status) { is_expected.to eq 1 } end end context 'with ignore and suffix specified' do - describe command("touch /etc/sudoers.d/file-from-rpm") do + describe command('touch /etc/sudoers.d/file-from-rpm') do its(:exit_status) { is_expected.to eq 0 } end it 'create a puppet managed file' do pp = <<-PP class {'sudo': suffix => '_puppet', ignore => '[*!_puppet]', } sudo::conf { 'janedoe_nopasswd': content => "janedoe ALL=(ALL) NOPASSWD: ALL\n" } PP # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero + apply_manifest(pp, catch_failures: true) + expect(apply_manifest(pp, catch_failures: true).exit_code).to be_zero describe file('/etc/sudoers.d/janedoe_nopasswd_puppet') do - it { should exist } + it { is_expected.to exist } end describe file('/etc/sudoers.d/sudoers.d/file-from-rpm') do - it { should exist } + it { is_expected.to exist } end pp = <<-PP class {'sudo': suffix => '_puppet', ignore => '[*!_puppet]', } PP # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero + apply_manifest(pp, catch_failures: true) + expect(apply_manifest(pp, catch_failures: true).exit_code).to be_zero describe file('/etc/sudoers.d/janedoe_nopasswd_puppet') do - it { should_not exist } + it { is_expected.not_to exist } end describe file('/etc/sudoers.d/sudoers.d/file-from-rpm') do - it { should exist } + it { is_expected.to exist } end end end end diff --git a/spec/classes/package_aix_spec.rb b/spec/classes/package_aix_spec.rb index 32f9635..68c2773 100644 --- a/spec/classes/package_aix_spec.rb +++ b/spec/classes/package_aix_spec.rb @@ -1,26 +1,26 @@ require 'spec_helper' describe 'sudo::package::aix' do describe 'on supported osfamily: AIX' do let :params do { - :package => 'sudo', - :package_ensure => 'present', - :package_source => 'http://www.sudo.ws/sudo/dist/packages/AIX/5.3/sudo-1.8.27-1.aix53.rpm' + package: 'sudo', + package_ensure: 'present', + package_source: 'http://www.sudo.ws/sudo/dist/packages/AIX/5.3/sudo-1.8.27-1.aix53.rpm' } end let :facts do { - :osfamily => 'AIX' + osfamily: 'AIX' } end it do is_expected.to contain_package('sudo').with( 'ensure' => 'present', 'source' => 'http://www.sudo.ws/sudo/dist/packages/AIX/5.3/sudo-1.8.27-1.aix53.rpm', 'provider' => 'rpm' ) end end end diff --git a/spec/classes/package_spec.rb b/spec/classes/package_spec.rb index 4638524..3c3571e 100644 --- a/spec/classes/package_spec.rb +++ b/spec/classes/package_spec.rb @@ -1,77 +1,85 @@ require 'spec_helper' describe 'sudo::package' do describe 'on supported osfamily: RedHat' do let :params do { - :package => 'sudo', - :package_ensure => 'present' + package: 'sudo', + package_ensure: 'present' } end let :facts do { - :osfamily => 'RedHat' + os: { + 'family' => 'RedHat', + }, } end it do is_expected.to contain_package('sudo').with('ensure' => 'present') end end describe 'on supported osfamily: OpenBSD 5.8' do let :params do { - :package => 'sudo', - :package_ensure => 'present' + package: 'sudo', + package_ensure: 'present' } end let :facts do { - :osfamily => 'OpenBSD', - :kernelversion => '5.8' + os: { + 'family' => 'OpenBSD', + }, + kernelversion: '5.8' } end it do is_expected.to contain_package('sudo').with('ensure' => 'present') end end describe 'on supported osfamily: OpenBSD 5.7' do let :facts do { - :osfamily => 'OpenBSD', - :kernelversion => '5.7' + os: { + 'family' => 'OpenBSD', + }, + kernelversion: '5.7' } end it do is_expected.not_to contain_package('sudo') end end describe 'on supported osfamily: AIX' do let :params do { - :package => 'sudo', - :package_ensure => 'present', - :package_source => 'http://www.oss4aix.org/compatible/aix53/sudo-1.8.7-1.aix5.1.ppc.rpm' + package: 'sudo', + package_ensure: 'present', + package_source: 'http://www.oss4aix.org/compatible/aix53/sudo-1.8.7-1.aix5.1.ppc.rpm' } end let :facts do { - :osfamily => 'AIX' + os: { + 'family' => 'AIX', + }, } end it do is_expected.to contain_class('sudo::package::aix').with( 'package' => 'sudo', 'package_source' => 'http://www.oss4aix.org/compatible/aix53/sudo-1.8.7-1.aix5.1.ppc.rpm', 'package_ensure' => 'present' ) end end end diff --git a/spec/classes/sudo_spec.rb b/spec/classes/sudo_spec.rb index 01f7cfe..93e3a26 100644 --- a/spec/classes/sudo_spec.rb +++ b/spec/classes/sudo_spec.rb @@ -1,241 +1,256 @@ require 'spec_helper' describe 'sudo' do let :default_params do { - :enable => true, - :package_ensure => 'present', - :purge => true, - :config_file_replace => true + enable: true, + package_ensure: 'present', + purge: true, + config_file_replace: true } end [{}, { - :package_ensure => 'present', - :purge => false, - :config_file_replace => false + package_ensure: 'present', + purge: false, + config_file_replace: false }, { - :package_ensure => 'latest', - :purge => true, - :config_file_replace => false + package_ensure: 'latest', + purge: true, + config_file_replace: false }].each do |param_set| describe "when #{param_set == {} ? 'using default' : 'specifying'} class parameters" do let :param_hash do default_params.merge(param_set) end let :params do param_set end %w[Debian Redhat].each do |osfamily| let :facts do { - :operatingsystem => osfamily, - :operatingsystemrelease => '7.0', - :operatingsystemmajrelease => '7', - :osfamily => osfamily, - :puppetversion => '3.7.0' + os: { + 'family' => osfamily, + 'name' => osfamily, + 'release' => { + 'full' => '7.0', + 'major' => '7', + }, + }, + puppetversion: '3.7.0' } end describe "on supported osfamily: #{osfamily}" do it { is_expected.to contain_class('sudo::params') } it do is_expected.to contain_file('/etc/sudoers').with( 'ensure' => 'present', 'owner' => 'root', 'group' => 'root', 'mode' => '0440', 'replace' => param_hash[:config_file_replace] ) end it do is_expected.to contain_file('/etc/sudoers.d').with( 'ensure' => 'directory', 'owner' => 'root', 'group' => 'root', 'mode' => '0550', 'recurse' => param_hash[:purge], 'purge' => param_hash[:purge] ) end it do is_expected.to contain_class('sudo::package').with( 'package' => 'sudo', 'package_ensure' => param_hash[:package_ensure] ) end end end describe 'on RedHat 5.4' do let :facts do { - :osfamily => 'RedHat', - :operatingsystemrelease => '5.4', - :operatingsystemmajrelease => '5', - :puppetversion => '3.7.0' + os: { + 'family' => 'RedHat', + 'name' => 'RedHat', + 'release' => { + 'full' => '5.4', + 'major' => '5', + }, + }, + puppetversion: '3.7.0' } end it do if params == {} is_expected.to contain_class('sudo::package').with( 'package' => 'sudo', 'package_ensure' => 'latest' ) else is_expected.to contain_class('sudo::package').with( 'package' => 'sudo', 'package_ensure' => param_hash[:package_ensure] ) end end end describe 'on supported osfamily: AIX' do let :facts do { - :osfamily => 'AIX', - :puppetversion => '3.7.0' + os: { + 'family' => 'AIX', + }, + puppetversion: '3.7.0' } end it { is_expected.to contain_class('sudo::params') } it do is_expected.to contain_file('/etc/sudoers').with( 'ensure' => 'present', 'owner' => 'root', 'group' => 'system', 'mode' => '0440', 'replace' => param_hash[:config_file_replace] ) end it do is_expected.to contain_file('/etc/sudoers.d').with( 'ensure' => 'directory', 'owner' => 'root', 'group' => 'system', 'mode' => '0550', 'recurse' => param_hash[:purge], 'purge' => param_hash[:purge] ) end it do is_expected.to contain_class('sudo::package').with( 'package' => 'sudo', 'package_ensure' => param_hash[:package_ensure], 'package_source' => 'http://www.sudo.ws/sudo/dist/packages/AIX/5.3/sudo-1.8.27-1.aix53.rpm' ) end end describe 'on supported osfamily: Solaris 10' do let :facts do { - :operatingsystem => 'Solaris', - :osfamily => 'Solaris', - :kernelrelease => '5.10', - :puppetversion => '3.7.0', - :hardwareisa => 'i386' + os: { + 'family' => 'Solaris', + 'name' => 'Solaris', + 'hardware' => 'i386', + }, + kernelrelease: '5.10', + puppetversion: '3.7.0', } end it { is_expected.to contain_class('sudo::params') } it do is_expected.to contain_file('/etc/sudoers').with( 'ensure' => 'present', 'owner' => 'root', 'group' => 'root', 'mode' => '0440', 'replace' => param_hash[:config_file_replace] ) end it do is_expected.to contain_file('/etc/sudoers.d').with( 'ensure' => 'directory', 'owner' => 'root', 'group' => 'root', 'mode' => '0550', 'recurse' => param_hash[:purge], 'purge' => param_hash[:purge] ) end it do is_expected.to contain_class('sudo::package').with( 'package' => 'TCMsudo', 'package_ensure' => param_hash[:package_ensure], 'package_source' => 'http://www.sudo.ws/sudo/dist/packages/Solaris/10/TCMsudo-1.8.9p5-i386.pkg.gz', 'package_admin_file' => '/var/sadm/install/admin/puppet' ) end context 'when package is set' do let :params do { - :package => 'mysudo' + package: 'mysudo' } end it do is_expected.to contain_class('sudo::package').with( 'package' => 'mysudo' - ) + ) end end end describe 'on supported osfamily: Solaris 11' do let :facts do { - :operatingsystem => 'Solaris', - :osfamily => 'Solaris', - :kernelrelease => '5.11', - :puppetversion => '3.7.0' + os: { + 'family' => 'Solaris', + 'name' => 'Solaris', + }, + kernelrelease: '5.11', + puppetversion: '3.7.0' } end it { is_expected.to contain_class('sudo::params') } it do is_expected.to contain_file('/etc/sudoers').with( 'ensure' => 'present', 'owner' => 'root', 'group' => 'root', 'mode' => '0440', 'replace' => param_hash[:config_file_replace] ) end it do is_expected.to contain_file('/etc/sudoers.d').with( 'ensure' => 'directory', 'owner' => 'root', 'group' => 'root', 'mode' => '0550', 'recurse' => param_hash[:purge], 'purge' => param_hash[:purge] ) end it do is_expected.to contain_class('sudo::package').with( 'package' => 'pkg://solaris/security/sudo', 'package_ensure' => param_hash[:package_ensure] ) end end end end end diff --git a/spec/defines/sudo_spec.rb b/spec/defines/sudo_spec.rb index cc39672..0b9313c 100644 --- a/spec/defines/sudo_spec.rb +++ b/spec/defines/sudo_spec.rb @@ -1,234 +1,238 @@ require 'spec_helper' -describe 'sudo::conf', :type => :define do +describe 'sudo::conf', type: :define do let(:title) { 'admins' } let(:filename) { '10_admins' } let(:file_path) { '/etc/sudoers.d/10_admins' } let :facts do { + os: { + 'family' => 'Debian', + 'name' => 'Debian', + 'release' => { + 'full' => '7.0', + 'major' => '7', + }, + }, lsbdistcodename: 'wheezy', - operatingsystemmajrelease: '7', - operatingsystem: 'Debian', - osfamily: 'Debian', puppetversion: '3.7.0' } end let :params do { priority: 10, content: '%admins ALL=(ALL) NOPASSWD: ALL', sudo_config_dir: '/etc/sudoers.d' } end describe 'when creating a sudo entry' do it do is_expected.to contain_sudo__conf('admins').with( priority: params[:priority], content: params[:content] ) end it do is_expected.to contain_file(filename).with( ensure: 'present', content: "# This file is managed by Puppet; changes may be overwritten\n%admins ALL=(ALL) NOPASSWD: ALL\n", owner: 'root', group: 'root', path: file_path, mode: '0440' ) end it do is_expected.to contain_exec("sudo-syntax-check for file #{params[:sudo_config_dir]}/#{params[:priority]}_#{title}").with( command: "visudo -c || ( rm -f '#{params[:sudo_config_dir]}/#{params[:priority]}_#{title}' && exit 1)", refreshonly: 'true' ) end it { is_expected.to contain_file(filename).that_notifies("Exec[sudo-syntax-check for file #{params[:sudo_config_dir]}/#{params[:priority]}_#{title}]") } it { is_expected.not_to contain_file(filename).that_requires("Exec[sudo-syntax-check for file #{params[:sudo_config_dir]}/#{params[:priority]}_#{title}]") } end describe 'when creating a sudo entry with single number priority' do let(:filename) { '05_admins' } let(:file_path) { '/etc/sudoers.d/05_admins' } let :params do { priority: 5, content: '%admins ALL=(ALL) NOPASSWD: ALL', sudo_config_dir: '/etc/sudoers.d' } end it do is_expected.to contain_sudo__conf('admins').with( priority: params[:priority], content: params[:content] ) end it do is_expected.to contain_file(filename).with( ensure: 'present', content: "# This file is managed by Puppet; changes may be overwritten\n%admins ALL=(ALL) NOPASSWD: ALL\n", owner: 'root', group: 'root', path: file_path, mode: '0440' ) end it do is_expected.to contain_exec("sudo-syntax-check for file #{params[:sudo_config_dir]}/0#{params[:priority]}_#{title}").with( command: "visudo -c || ( rm -f '#{params[:sudo_config_dir]}/0#{params[:priority]}_#{title}' && exit 1)", refreshonly: 'true' ) end it { is_expected.to contain_file(filename).that_notifies("Exec[sudo-syntax-check for file #{params[:sudo_config_dir]}/0#{params[:priority]}_#{title}]") } it { is_expected.not_to contain_file(filename).that_requires("Exec[sudo-syntax-check for file #{params[:sudo_config_dir]}/0#{params[:priority]}_#{title}]") } end describe 'when creating a sudo entry with whitespace in name' do let(:title) { 'admins hq' } let(:filename) { '05_admins hq' } let(:file_path) { '/etc/sudoers.d/05_admins_hq' } let :params do { priority: 5, content: '%admins_hq ALL=(ALL) NOPASSWD: ALL', sudo_config_dir: '/etc/sudoers.d' } end it do - is_expected.to contain_sudo__conf('admins hq').with(:priority => params[:priority], - :content => params[:content]) + is_expected.to contain_sudo__conf('admins hq').with(priority: params[:priority], + content: params[:content]) end it do is_expected.to contain_file(filename).with( ensure: 'present', content: "# This file is managed by Puppet; changes may be overwritten\n%admins_hq ALL=(ALL) NOPASSWD: ALL\n", owner: 'root', group: 'root', path: file_path, mode: '0440' ) end it do is_expected.to contain_exec("sudo-syntax-check for file #{params[:sudo_config_dir]}/0#{params[:priority]}_#{title}").with( command: "visudo -c || ( rm -f '#{file_path}' && exit 1)", refreshonly: 'true' ) end it { is_expected.to contain_file(filename).that_notifies("Exec[sudo-syntax-check for file #{params[:sudo_config_dir]}/0#{params[:priority]}_#{title}]") } it { is_expected.not_to contain_file(filename).that_requires("Exec[sudo-syntax-check for file #{params[:sudo_config_dir]}/0#{params[:priority]}_#{title}]") } end describe 'when removing an sudo entry' do let :params do { ensure: 'absent', priority: 10, content: '%admins ALL=(ALL) NOPASSWD: ALL', sudo_config_dir: '/etc/sudoers.d' } end it do is_expected.to contain_file(filename).with( ensure: 'absent', content: "# This file is managed by Puppet; changes may be overwritten\n%admins ALL=(ALL) NOPASSWD: ALL\n", owner: 'root', group: 'root', path: file_path, mode: '0440' ) end end describe 'when removing an sudo entry with single number priority' do let :params do { ensure: 'absent', priority: 5, content: '%admins ALL=(ALL) NOPASSWD: ALL', sudo_config_dir: '/etc/sudoers.d' } end let(:filename) { '05_admins' } let(:file_path) { '/etc/sudoers.d/05_admins' } it do is_expected.to contain_file(filename).with( ensure: 'absent', content: "# This file is managed by Puppet; changes may be overwritten\n%admins ALL=(ALL) NOPASSWD: ALL\n", owner: 'root', group: 'root', path: file_path, mode: '0440' ) end end describe 'when adding a sudo entry with array content' do let :params do { content: [ '%admins ALL=(ALL) NOPASSWD: ALL', '%wheel ALL=(ALL) NOPASSWD: ALL' ] } end let(:filename) { '10_admins' } let(:file_path) { '/etc/sudoers.d/10_admins' } it do is_expected.to contain_file(filename).with( ensure: 'present', content: "# This file is managed by Puppet; changes may be overwritten\n%admins ALL=(ALL) NOPASSWD: ALL\n%wheel ALL=(ALL) NOPASSWD: ALL\n", owner: 'root', group: 'root', path: file_path, mode: '0440' ) end end describe 'when adding a sudo entry with a suffix _foobar' do let :pre_condition do 'class{"sudo": suffix => "_foobar"}' end let :params do { ensure: 'absent', priority: 10, content: '%admins ALL=(ALL) NOPASSWD: ALL', sudo_config_dir: '/etc/sudoers.d', } end it do is_expected.to contain_file("#{filename}_foobar").with( ensure: 'absent', content: "# This file is managed by Puppet; changes may be overwritten\n%admins ALL=(ALL) NOPASSWD: ALL\n", owner: 'root', group: 'root', path: "#{file_path}_foobar", mode: '0440' ) end end - end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 57f4e26..8bca60e 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -1,34 +1,34 @@ require 'beaker-rspec' # Install Puppet unless ENV['RS_PROVISION'] == 'no' # This will install the latest available package on el and deb based # systems fail on windows and osx, and install via gem on other *nixes - foss_opts = { :default_action => 'gem_install' } + foss_opts = { default_action: 'gem_install' } default.is_pe? ? install_pe : install_puppet(foss_opts) hosts.each do |host| on host, "mkdir -p #{host['distmoduledir']}" end end UNSUPPORTED_PLATFORMS = ['windows'].freeze RSpec.configure do |c| # Project root proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) # Readable test descriptions c.formatter = :documentation # Configure all nodes in nodeset c.before :suite do # Install module and dependencies - puppet_module_install(:source => proj_root, :module_name => 'sudo') + puppet_module_install(source: proj_root, module_name: 'sudo') hosts.each do |_host| shell("/bin/touch #{default['puppetpath']}/hiera.yaml") - shell('puppet module install puppetlabs-stdlib --version >= 2.6.0', :acceptable_exit_codes => [0]) + shell('puppet module install puppetlabs-stdlib --version >= 2.6.0', acceptable_exit_codes: [0]) end end end diff --git a/tests/init.pp b/tests/init.pp deleted file mode 100644 index 5218467..0000000 --- a/tests/init.pp +++ /dev/null @@ -1 +0,0 @@ -include ::sudo