diff --git a/.fixtures.yml b/.fixtures.yml index 57d7c7a..7df076a 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,5 +1,3 @@ fixtures: - symlinks: - "sudo": "#{source_dir}" repositories: stdlib: "https://github.com/puppetlabs/puppetlabs-stdlib.git" diff --git a/manifests/params.pp b/manifests/params.pp index 7470a1d..190c78a 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,282 +1,280 @@ class sudo::params { $content_base = "${module_name}/" $config_file_mode = '0440' $config_dir_mode = '0550' case $facts['os']['family'] { 'Debian': { case $facts['os']['name'] { 'Ubuntu': { $content = "${content_base}sudoers.ubuntu.erb" $secure_path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/puppetlabs/bin:/snap/bin' } default: { if (versioncmp($facts['os']['release']['major'], '7') >= 0) or ($facts['os']['release']['major'] =~ /\/sid/) or ($facts['os']['release']['major'] =~ /Kali/) { $content = "${content_base}sudoers.debian.erb" $secure_path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/puppetlabs/bin' } else { $content = "${content_base}sudoers.olddebian.erb" $secure_path = undef } } } $package = 'sudo' $package_ldap = 'sudo-ldap' $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $config_file_group = 'root' $config_dir_keepme = false $package_provider = undef } 'RedHat': { $package = 'sudo' # in redhat sudo package is already compiled for ldap support $package_ldap = $package # rhel 5.0 to 5.4 use sudo 1.6.9 which does not support # includedir, so we have to make sure sudo 1.7 (comes with rhel # 5.5) is installed. $package_ensure = $facts['os']['release']['full'] ? { /^5.[01234]$/ => 'latest', default => 'present', } $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' case $facts['os']['release']['full'] { /^5/: { $content = "${content_base}sudoers.rhel5.erb" $secure_path = undef } /^6/: { $content = "${content_base}sudoers.rhel6.erb" $secure_path = '/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin' } /^7/: { $content = "${content_base}sudoers.rhel7.erb" $secure_path = '/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin' } /^8/: { $content = "${content_base}sudoers.rhel8.erb" $secure_path = '/sbin:/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin' } default: { $content = "${content_base}sudoers.rhel8.erb" $secure_path = '/sbin:/bin:/usr/sbin:/usr/bin:/opt/puppetlabs/bin' } } $config_file_group = 'root' $config_dir_keepme = false $package_provider = undef } 'Suse': { $package = 'sudo' $package_ldap = $package $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.suse.erb" $secure_path = '/usr/sbin:/usr/bin:/sbin:/bin:/opt/puppetlabs/bin' $config_file_group = 'root' $config_dir_keepme = false $package_provider = undef } 'Solaris': { case $facts['os']['name'] { 'OmniOS': { $package = 'sudo' $package_ldap = undef $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.omnios.erb" $secure_path = undef $config_file_group = 'root' $config_dir_keepme = false $package_provider = undef } 'SmartOS': { $package = 'sudo' $package_ldap = undef $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/opt/local/etc/sudoers' $config_dir = '/opt/local/etc/sudoers.d' $content = "${content_base}sudoers.smartos.erb" $secure_path = undef $config_file_group = 'root' $config_dir_keepme = false $package_provider = undef } default: { case $::kernelrelease { '5.11': { $package = 'pkg://solaris/security/sudo' $package_ldap = undef $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.solaris.erb" $secure_path = undef $config_file_group = 'root' $config_dir_keepme = false $package_provider = undef } '5.10': { $package = 'TCMsudo' $package_ldap = undef $package_ensure = 'present' $package_source = "http://www.sudo.ws/sudo/dist/packages/Solaris/10/TCMsudo-1.8.9p5-${facts['os']['hardware']}.pkg.gz" $package_admin_file = '/var/sadm/install/admin/puppet' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.solaris.erb" $secure_path = undef $config_file_group = 'root' $config_dir_keepme = false $package_provider = undef } default: { fail("Unsupported platform: ${facts['os']['family']}/${facts['os']['name']}/${::kernelrelease}") } } } } } 'FreeBSD': { $package = 'security/sudo' $package_ldap = undef $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/usr/local/etc/sudoers' $config_dir = '/usr/local/etc/sudoers.d' $content = "${content_base}sudoers.freebsd.erb" $secure_path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/puppetlabs/bin' $config_file_group = 'wheel' $config_dir_keepme = true $package_provider = undef } 'OpenBSD': { if (versioncmp($::kernelversion, '5.8') < 0) { $package = undef } else { $package = 'sudo' } $package_ldap = undef $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.openbsd.erb" $config_file_group = 'wheel' $config_dir_keepme = false $package_provider = undef } 'AIX': { $package = 'sudo' $package_ldap = undef $package_ensure = 'present' $package_source = 'http://www.sudo.ws/sudo/dist/packages/AIX/5.3/sudo-1.8.27-1.aix53.rpm' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.aix.erb" $secure_path = undef $config_file_group = 'system' $config_dir_keepme = false $package_provider = 'rpm' } 'Darwin': { $package = undef $package_ldap = undef $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.darwin.erb" $secure_path = undef $config_file_group = 'wheel' $config_dir_keepme = false $package_provider = undef } default: { case $facts['os']['name'] { 'Gentoo': { $package = 'sudo' $package_ldap = $package $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.gentoo.erb" $secure_path = undef $config_file_group = 'root' $config_dir_keepme = false $package_provider = undef } /^(Arch|Manjaro)(.{0}|linux)$/: { $package = 'sudo' $package_ldap = $package $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' $content = "${content_base}sudoers.archlinux.erb" $secure_path = undef $config_file_group = 'root' $config_dir_keepme = false $package_provider = undef } 'Amazon': { $package = 'sudo' $package_ldap = $package $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d' case $facts['os']['release']['full'] { /^5/: { $content = "${content_base}sudoers.rhel5.erb" $secure_path = undef } /^6/: { $content = "${content_base}sudoers.rhel6.erb" $secure_path = '/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin' } default: { $content = "${content_base}sudoers.rhel6.erb" $secure_path = '/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin' } } $config_file_group = 'root' $config_dir_keepme = false $package_provider = undef } default: { fail("Unsupported platform: ${facts['os']['family']}/${facts['os']['name']}") } } - $package_source = '' - $package_admin_file = '' } } } diff --git a/spec/classes/sudo_spec.rb b/spec/classes/sudo_spec.rb index c5467e8..82bc4c6 100644 --- a/spec/classes/sudo_spec.rb +++ b/spec/classes/sudo_spec.rb @@ -1,285 +1,303 @@ require 'spec_helper' describe 'sudo' do - let :default_params do - { - enable: true, - package_ensure: 'present', - purge: true, - config_file_replace: true - } + let :node do + 'rspec.puppet.com' end - [{}, - { - package_ensure: 'present', - purge: false, - config_file_replace: false - }, - { - package_ensure: 'latest', - purge: true, - config_file_replace: false - }].each do |param_set| - describe "when #{param_set == {} ? 'using default' : 'specifying'} class parameters" do - let :param_hash do - default_params.merge(param_set) + on_supported_os.each do |os, os_facts| + context "on #{os} " do + let :facts do + os_facts end - let :params do - param_set + context 'with all defaults' do + it { is_expected.to compile.with_all_deps } end + end + end - %w[Debian Redhat].each do |osfamily| - let :facts do - { - os: { - 'family' => osfamily, - 'name' => osfamily, - 'release' => { - 'full' => '7.0', - 'major' => '7', + context 'legacy tests' do + let :default_params do + { + enable: true, + package_ensure: 'present', + purge: true, + config_file_replace: true + } + end + + [{}, + { + package_ensure: 'present', + purge: false, + config_file_replace: false + }, + { + package_ensure: 'latest', + purge: true, + config_file_replace: false + }].each do |param_set| + describe "when #{param_set == {} ? 'using default' : 'specifying'} class parameters" do + let :param_hash do + default_params.merge(param_set) + end + + let :params do + param_set + end + + %w[Debian Redhat].each do |osfamily| + let :facts do + { + os: { + 'family' => osfamily, + 'name' => osfamily, + 'release' => { + 'full' => '7.0', + 'major' => '7', + }, }, - }, - puppetversion: '3.7.0' - } + puppetversion: '3.7.0' + } + end + + describe "on supported osfamily: #{osfamily}" do + it { is_expected.to contain_class('sudo::params') } + + it do + is_expected.to contain_file('/etc/sudoers').with( + 'ensure' => 'present', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0440', + 'replace' => param_hash[:config_file_replace] + ) + end + + it do + is_expected.to contain_file('/etc/sudoers.d').with( + 'ensure' => 'directory', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0550', + 'recurse' => param_hash[:purge], + 'purge' => param_hash[:purge] + ) + end + + it do + is_expected.to contain_class('sudo::package').with( + 'package' => 'sudo', + 'package_ensure' => param_hash[:package_ensure] + ) + end + end + end + + describe 'on RedHat 5.4' do + let :facts do + { + os: { + 'family' => 'RedHat', + 'name' => 'RedHat', + 'release' => { + 'full' => '5.4', + 'major' => '5', + }, + }, + puppetversion: '3.7.0' + } + end + + it do + if params == {} + is_expected.to contain_class('sudo::package').with( + 'package' => 'sudo', + 'package_ensure' => 'latest' + ) + else + is_expected.to contain_class('sudo::package').with( + 'package' => 'sudo', + 'package_ensure' => param_hash[:package_ensure] + ) + end + end end - describe "on supported osfamily: #{osfamily}" do + describe 'on supported osfamily: AIX' do + let :facts do + { + os: { + 'family' => 'AIX', + }, + puppetversion: '3.7.0' + } + end + it { is_expected.to contain_class('sudo::params') } it do is_expected.to contain_file('/etc/sudoers').with( 'ensure' => 'present', 'owner' => 'root', - 'group' => 'root', + 'group' => 'system', 'mode' => '0440', 'replace' => param_hash[:config_file_replace] ) end it do is_expected.to contain_file('/etc/sudoers.d').with( 'ensure' => 'directory', 'owner' => 'root', - 'group' => 'root', + 'group' => 'system', 'mode' => '0550', 'recurse' => param_hash[:purge], 'purge' => param_hash[:purge] ) end it do is_expected.to contain_class('sudo::package').with( - 'package' => 'sudo', - 'package_ensure' => param_hash[:package_ensure] + 'package' => 'sudo', + 'package_ensure' => param_hash[:package_ensure], + 'package_source' => 'http://www.sudo.ws/sudo/dist/packages/AIX/5.3/sudo-1.8.27-1.aix53.rpm', + 'package_provider' => 'rpm' ) end end - end - describe 'on RedHat 5.4' do - let :facts do - { - os: { - 'family' => 'RedHat', - 'name' => 'RedHat', - 'release' => { - 'full' => '5.4', - 'major' => '5', + describe 'on supported osfamily: Solaris 10' do + let :facts do + { + os: { + 'family' => 'Solaris', + 'name' => 'Solaris', + 'hardware' => 'i386', }, - }, - puppetversion: '3.7.0' - } - end - - it do - if params == {} - is_expected.to contain_class('sudo::package').with( - 'package' => 'sudo', - 'package_ensure' => 'latest' - ) - else - is_expected.to contain_class('sudo::package').with( - 'package' => 'sudo', - 'package_ensure' => param_hash[:package_ensure] - ) + kernelrelease: '5.10', + puppetversion: '3.7.0', + } end - end - end - describe 'on supported osfamily: AIX' do - let :facts do - { - os: { - 'family' => 'AIX', - }, - puppetversion: '3.7.0' - } - end + it { is_expected.to contain_class('sudo::params') } - it { is_expected.to contain_class('sudo::params') } + it do + is_expected.to contain_file('/etc/sudoers').with( + 'ensure' => 'present', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0440', + 'replace' => param_hash[:config_file_replace] + ) + end - it do - is_expected.to contain_file('/etc/sudoers').with( - 'ensure' => 'present', - 'owner' => 'root', - 'group' => 'system', - 'mode' => '0440', - 'replace' => param_hash[:config_file_replace] - ) - end + it do + is_expected.to contain_file('/etc/sudoers.d').with( + 'ensure' => 'directory', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0550', + 'recurse' => param_hash[:purge], + 'purge' => param_hash[:purge] + ) + end - it do - is_expected.to contain_file('/etc/sudoers.d').with( - 'ensure' => 'directory', - 'owner' => 'root', - 'group' => 'system', - 'mode' => '0550', - 'recurse' => param_hash[:purge], - 'purge' => param_hash[:purge] - ) - end + it do + is_expected.to contain_class('sudo::package').with( + 'package' => 'TCMsudo', + 'package_ensure' => param_hash[:package_ensure], + 'package_source' => 'http://www.sudo.ws/sudo/dist/packages/Solaris/10/TCMsudo-1.8.9p5-i386.pkg.gz', + 'package_admin_file' => '/var/sadm/install/admin/puppet' + ) + end - it do - is_expected.to contain_class('sudo::package').with( - 'package' => 'sudo', - 'package_ensure' => param_hash[:package_ensure], - 'package_source' => 'http://www.sudo.ws/sudo/dist/packages/AIX/5.3/sudo-1.8.27-1.aix53.rpm', - 'package_provider' => 'rpm' - ) - end - end + context 'when package is set' do + let :params do + { + package: 'mysudo' + } + end - describe 'on supported osfamily: Solaris 10' do - let :facts do - { - os: { - 'family' => 'Solaris', - 'name' => 'Solaris', - 'hardware' => 'i386', - }, - kernelrelease: '5.10', - puppetversion: '3.7.0', - } + it do + is_expected.to contain_class('sudo::package').with( + 'package' => 'mysudo' + ) + end + end end - it { is_expected.to contain_class('sudo::params') } - - it do - is_expected.to contain_file('/etc/sudoers').with( - 'ensure' => 'present', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0440', - 'replace' => param_hash[:config_file_replace] - ) - end + describe 'on supported osfamily: Solaris 11' do + let :facts do + { + os: { + 'family' => 'Solaris', + 'name' => 'Solaris', + }, + kernelrelease: '5.11', + puppetversion: '3.7.0' + } + end - it do - is_expected.to contain_file('/etc/sudoers.d').with( - 'ensure' => 'directory', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0550', - 'recurse' => param_hash[:purge], - 'purge' => param_hash[:purge] - ) - end + it { is_expected.to contain_class('sudo::params') } - it do - is_expected.to contain_class('sudo::package').with( - 'package' => 'TCMsudo', - 'package_ensure' => param_hash[:package_ensure], - 'package_source' => 'http://www.sudo.ws/sudo/dist/packages/Solaris/10/TCMsudo-1.8.9p5-i386.pkg.gz', - 'package_admin_file' => '/var/sadm/install/admin/puppet' - ) - end + it do + is_expected.to contain_file('/etc/sudoers').with( + 'ensure' => 'present', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0440', + 'replace' => param_hash[:config_file_replace] + ) + end - context 'when package is set' do - let :params do - { - package: 'mysudo' - } + it do + is_expected.to contain_file('/etc/sudoers.d').with( + 'ensure' => 'directory', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0550', + 'recurse' => param_hash[:purge], + 'purge' => param_hash[:purge] + ) end it do is_expected.to contain_class('sudo::package').with( - 'package' => 'mysudo' + 'package' => 'pkg://solaris/security/sudo', + 'package_ensure' => param_hash[:package_ensure] ) end end end + end - describe 'on supported osfamily: Solaris 11' do - let :facts do - { - os: { - 'family' => 'Solaris', - 'name' => 'Solaris', + describe 'on osfamily Debian' do + let :facts do + { + os: { + 'family' => 'Debian', + 'name' => 'Debian', + 'release' => { + 'full' => '7.0', + 'major' => '7', }, - kernelrelease: '5.11', - puppetversion: '3.7.0' - } - end - - it { is_expected.to contain_class('sudo::params') } - - it do - is_expected.to contain_file('/etc/sudoers').with( - 'ensure' => 'present', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0440', - 'replace' => param_hash[:config_file_replace] - ) - end - - it do - is_expected.to contain_file('/etc/sudoers.d').with( - 'ensure' => 'directory', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0550', - 'recurse' => param_hash[:purge], - 'purge' => param_hash[:purge] - ) - end - - it do - is_expected.to contain_class('sudo::package').with( - 'package' => 'pkg://solaris/security/sudo', - 'package_ensure' => param_hash[:package_ensure] - ) - end + }, + puppetversion: '3.7.0' + } end - end - end - describe 'on osfamily Debian' do - let :facts do - { - os: { - 'family' => 'Debian', - 'name' => 'Debian', - 'release' => { - 'full' => '7.0', - 'major' => '7', - }, - }, - puppetversion: '3.7.0' - } - end + it { is_expected.to contain_file('/etc/sudoers').with_content(%r{^Defaults\ssecure_path="\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/opt\/puppetlabs\/bin"$}) } - it { is_expected.to contain_file('/etc/sudoers').with_content(%r{^Defaults\ssecure_path="\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin:\/opt\/puppetlabs\/bin"$}) } + context 'secure_path is set' do + let :params do + { + secure_path: 'SecurePathHere' + } + end - context 'secure_path is set' do - let :params do - { - secure_path: 'SecurePathHere' - } + it { is_expected.to contain_file('/etc/sudoers').with_content(%r{^Defaults\ssecure_path="SecurePathHere"$}) } end - - it { is_expected.to contain_file('/etc/sudoers').with_content(%r{^Defaults\ssecure_path="SecurePathHere"$}) } end end end