diff --git a/manifests/init.pp b/manifests/init.pp index e1fc9af..49619ee 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,162 +1,162 @@ # Class: sudo # # This module manages sudo # # Parameters: # [*ensure*] # Ensure if present or absent. # Default: present # # [*package*] # Name of the package. # Only set this, if your platform is not supported or you know, # what you're doing. # Default: auto-set, platform specific # # [*package_ensure*] # Allows you to ensure a particular version of a package # Default: present / lastest for RHEL < 5.5 # # [*package_source*] # Where to find the package. Only set this on AIX (required) and # Solaris (required) or if your platform is not supported or you # know, what you're doing. # # The default for aix is the perzl sudo package. For solaris 10 we # use the official www.sudo.ws binary package. # # Default: AIX: perzl.org # Solaris: www.sudo.ws # # [*package_admin_file*] # Where to find a Solaris 10 package admin file for # an unattended installation. We do not supply a default file, so # this has to be staged separately # # Only set this on Solaris 10 (required) # Default: /var/sadm/install/admin/puppet # # [*purge*] # Whether or not to purge sudoers.d directory # Default: true # # [*purge_ignore*] # Files to exclude from purging in sudoers.d directory # Default: undef # # [*config_file*] # Main configuration file. # Only set this, if your platform is not supported or you know, # what you're doing. # Default: auto-set, platform specific # # [*config_file_replace*] # Replace configuration file with that one delivered with this module # Default: true # # [*config_dir*] # Main configuration directory # Only set this, if your platform is not supported or you know, # what you're doing. # Default: auto-set, platform specific # # [*source*] # Alternate source file location # Only set this, if your platform is not supported or you know, # what you're doing. # Default: auto-set, platform specific # # Actions: # Installs sudo package and checks the state of sudoers file and # sudoers.d directory. # # Requires: # Nothing # # Sample Usage: # class { 'sudo': } # # [Remember: No empty lines between comments and class definition] class sudo( $enable = true, $package = $sudo::params::package, $package_ensure = $sudo::params::package_ensure, $package_source = $sudo::params::package_source, $package_admin_file = $sudo::params::package_admin_file, $purge = true, $purge_ignore = undef, $config_file = $sudo::params::config_file, $config_file_replace = true, $config_dir = $sudo::params::config_dir, $source = $sudo::params::source ) inherits sudo::params { validate_bool($enable) case $enable { true: { $dir_ensure = 'directory' $file_ensure = 'present' } false: { $dir_ensure = 'absent' $file_ensure = 'absent' } default: { fail('no $enable is set') } } class { 'sudo::package': package => $package, package_ensure => $package_ensure, package_source => $package_source, package_admin_file => $package_admin_file, } file { $config_file: ensure => $file_ensure, owner => 'root', group => $sudo::params::config_file_group, mode => '0440', replace => $config_file_replace, source => $source, - require => Package[$package], + require => Class['sudo::package'], } file { $config_dir: ensure => $dir_ensure, owner => 'root', group => $sudo::params::config_file_group, mode => '0550', recurse => $purge, purge => $purge, ignore => $purge_ignore, - require => Package[$package], + require => Class['sudo::package'], } if $config_file_replace == false and $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '5' { augeas { 'includedirsudoers': changes => ['set /files/etc/sudoers/#includedir /etc/sudoers.d'], incl => $config_file, lens => 'FixedSudoers.lns', } } # Load the Hiera based sudoer configuration (if enabled and present) # # NOTE: We must use 'include' here to avoid circular dependencies with # sudo::conf # # NOTE: There is no way to detect the existence of hiera. This automatic # functionality is therefore made exclusive to Puppet 3+ (hiera is embedded) # in order to preserve backwards compatibility. # # http://projects.puppetlabs.com/issues/12345 # if (versioncmp($::puppetversion, '3') != -1) { include 'sudo::configs' } anchor { 'sudo::begin': } -> Class['sudo::package'] -> anchor { 'sudo::end': } } diff --git a/manifests/package.pp b/manifests/package.pp index ce45c54..fd5274a 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -1,62 +1,63 @@ # == Class: sudo::package # # Installs the sudo package on various platforms. # # === Parameters # # Document parameters here. # # [*package*] # The name of the sudo package to be installed # # [*package_ensure*] # Ensure if present or absent # # [*package_source*] # Where to find the sudo packge, should be a local file or a uri # # === Examples # # class { sysdoc::package # package => 'sudo', # } # # === Authors # # Toni Schmidbauer # # === Copyright # # Copyright 2013 Toni Schmidbauer # class sudo::package( $package = '', $package_ensure = present, $package_source = '', $package_admin_file = '', ) { case $::osfamily { aix: { class { 'sudo::package::aix': package => $package, package_source => $package_source, package_ensure => $package_ensure, } } - openbsd: {} solaris: { class { 'sudo::package::solaris': package => $package, package_source => $package_source, package_ensure => $package_ensure, package_admin_file => $package_admin_file, } } default: { - package { $package: - ensure => $package_ensure, + if $package != '' { + package { $package: + ensure => $package_ensure, + } } } } } diff --git a/manifests/params.pp b/manifests/params.pp index ba0295f..de2288b 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,169 +1,173 @@ #class sudo::params #Set the paramters for the sudo module class sudo::params { $source_base = "puppet:///modules/${module_name}/" case $::osfamily { debian: { case $::operatingsystem { 'Ubuntu': { $source = "${source_base}sudoers.ubuntu" } default: { if (0 + $::operatingsystemmajrelease >= 7) { $source = "${source_base}sudoers.debian" } else { $source = "${source_base}sudoers.olddebian" } } } $package = 'sudo' $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $config_file_group = 'root' } redhat: { $package = 'sudo' # rhel 5.0 to 5.4 use sudo 1.6.9 which does not support # includedir, so we have to make sure sudo 1.7 (comes with rhel # 5.5) is installed. $package_ensure = $::operatingsystemrelease ? { /^5.[01234]/ => 'latest', default => 'present', } $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = $::operatingsystemrelease ? { /^5/ => "${source_base}sudoers.rhel5", /^6/ => "${source_base}sudoers.rhel6", /^7/ => "${source_base}sudoers.rhel7", default => "${source_base}sudoers.rhel6", } $config_file_group = 'root' } suse: { $package = 'sudo' $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = "${source_base}sudoers.suse" $config_file_group = 'root' } solaris: { case $::operatingsystem { 'OmniOS': { $package = 'sudo' $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = "${source_base}sudoers.omnios" $config_file_group = 'root' } default: { case $::kernelrelease { '5.11': { $package = 'pkg://solaris/security/sudo' $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = "${source_base}sudoers.solaris" $config_file_group = 'root' } '5.10': { $package = 'TCMsudo' $package_ensure = 'present' $package_source = "http://www.sudo.ws/sudo/dist/packages/Solaris/10/TCMsudo-1.8.9p5-${::hardwareisa}.pkg.gz" $package_admin_file = '/var/sadm/install/admin/puppet' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = "${source_base}sudoers.solaris" $config_file_group = 'root' } default: { fail("Unsupported platform: ${::osfamily}/${::operatingsystem}/${::kernelrelease}") } } } } } freebsd: { $package = 'security/sudo' $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/usr/local/etc/sudoers' $config_dir = '/usr/local/etc/sudoers.d/' $source = "${source_base}sudoers.freebsd" $config_file_group = 'wheel' } openbsd: { - $package = undef + if (versioncmp($::kernelversion, '5.8') < 0) { + $package = '' + } else { + $package = 'sudo' + } $package_ensure = 'present' $package_source = '' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = "${source_base}sudoers.openbsd" $config_file_group = 'wheel' } aix: { $package = 'sudo' $package_ensure = 'present' $package_source = 'http://www.sudo.ws/sudo/dist/packages/AIX/5.3/sudo-1.8.9-6.aix53.lam.rpm' $package_admin_file = '' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = "${source_base}sudoers.aix" $config_file_group = 'system' } default: { case $::operatingsystem { gentoo: { $package = 'sudo' $package_ensure = 'present' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = "${source_base}sudoers.gentoo" $config_file_group = 'root' } archlinux: { $package = 'sudo' $package_ensure = 'present' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = "${source_base}sudoers.archlinux" $config_file_group = 'root' } amazon: { $package = 'sudo' $package_ensure = 'present' $config_file = '/etc/sudoers' $config_dir = '/etc/sudoers.d/' $source = $::operatingsystemrelease ? { /^5/ => "${source_base}sudoers.rhel5", /^6/ => "${source_base}sudoers.rhel6", default => "${source_base}sudoers.rhel6", } $config_file_group = 'root' } default: { fail("Unsupported platform: ${::osfamily}/${::operatingsystem}") } } $package_source = '' $package_admin_file = '' } } } diff --git a/spec/classes/package_spec.rb b/spec/classes/package_spec.rb index d7ecaf7..6beb554 100644 --- a/spec/classes/package_spec.rb +++ b/spec/classes/package_spec.rb @@ -1,48 +1,82 @@ require 'spec_helper' describe 'sudo::package' do describe 'on supported osfamily: RedHat' do let :params do { :package => 'sudo', :package_ensure => 'present', } end let :facts do { :osfamily => 'RedHat' } end it { should contain_package('sudo').with('ensure' => 'present') } end + describe 'on supported osfamily: OpenBSD 5.8' do + let :params do + { + :package => 'sudo', + :package_ensure => 'present', + } + + end + let :facts do + { + :osfamily => 'OpenBSD', + :kernelversion => '5.8', + } + end + + it { + should contain_package('sudo').with('ensure' => 'present') + } + end + + describe 'on supported osfamily: OpenBSD 5.7' do + + let :facts do + { + :osfamily => 'OpenBSD', + :kernelversion => '5.7', + } + end + + it { + should_not contain_package('sudo') + } + end + describe 'on supported osfamily: AIX' do let :params do { :package => 'sudo', :package_ensure => 'present', :package_source => 'http://www.oss4aix.org/compatible/aix53/sudo-1.8.7-1.aix5.1.ppc.rpm', } end let :facts do { :osfamily => 'AIX' } end it { should contain_class('sudo::package::aix').with( 'package' => 'sudo', 'package_source' => 'http://www.oss4aix.org/compatible/aix53/sudo-1.8.7-1.aix5.1.ppc.rpm', 'package_ensure' => 'present' ) } end end