diff --git a/manifests/conf.pp b/manifests/conf.pp index 146e6ff..6feb113 100644 --- a/manifests/conf.pp +++ b/manifests/conf.pp @@ -1,118 +1,124 @@ # Define: sudo::conf # # This module manages sudo configurations # # Parameters: # [*ensure*] # Ensure if present or absent. # Default: present # # [*priority*] # Prefix file name with $priority # Default: 10 # # [*content*] # Content of configuration snippet. # Default: undef # # [*source*] # Source of configuration snippet. # Default: undef # # [*sudo_config_dir*] # Where to place configuration snippets. # Only set this, if your platform is not supported or # you know, what you're doing. # Default: auto-set, platform specific # # Actions: # Installs sudo configuration snippets # # Requires: # Class sudo # # Sample Usage: # sudo::conf { 'admins': # source => 'puppet:///files/etc/sudoers.d/admins', # } # # [Remember: No empty lines between comments and class definition] define sudo::conf( $ensure = present, $priority = 10, $content = undef, $source = undef, $sudo_config_dir = undef, $sudo_file_name = undef ) { include sudo # Hack to allow the user to set the config_dir from the # sudo::config parameter, but default to $sudo::params::config_dir # if it is not provided. $sudo::params isn't included before # the parameters are loaded in. $sudo_config_dir_real = $sudo_config_dir ? { undef => $sudo::params::config_dir, $sudo_config_dir => $sudo_config_dir } # sudo skip file name that contain a "." $dname = regsubst($name, '\.', '-', 'G') + if size("x${priority}") == 2 { + $priority_real = "0${priority}" + } else { + $priority_real = $priority + } + # build current file name with path if $sudo_file_name != undef { $cur_file = "${sudo_config_dir_real}${sudo_file_name}" } else { - $cur_file = "${sudo_config_dir_real}${priority}_${dname}" + $cur_file = "${sudo_config_dir_real}${priority_real}_${dname}" } Class['sudo'] -> Sudo::Conf[$name] if $::osfamily == 'RedHat' { if (versioncmp($::sudoversion, '1.7.2p1') < 0) { warning("Found sudo with version ${::sudoversion}, but at least version 1.7.2p1 is required!") } } if $content != undef { if is_array($content) { $lines = join($content, "\n") $content_real = "${lines}\n" } else { $content_real = "${content}\n" } } else { $content_real = undef } if $ensure == 'present' { $notify_real = Exec["sudo-syntax-check for file ${cur_file}"] } else { $notify_real = undef } - file { "${priority}_${dname}": + file { "${priority_real}_${dname}": ensure => $ensure, path => $cur_file, owner => 'root', group => $sudo::params::config_file_group, mode => '0440', source => $source, content => $content_real, notify => $notify_real, } exec {"sudo-syntax-check for file ${cur_file}": command => "visudo -c -f ${cur_file} || ( rm -f '${cur_file}' && exit 1)", refreshonly => true, path => [ '/bin', '/sbin', '/usr/bin', '/usr/sbin', '/usr/local/bin', '/usr/local/sbin' ], } } diff --git a/spec/defines/sudo_spec.rb b/spec/defines/sudo_spec.rb index bf4b8d5..1840039 100644 --- a/spec/defines/sudo_spec.rb +++ b/spec/defines/sudo_spec.rb @@ -1,76 +1,141 @@ require 'spec_helper' describe 'sudo::conf', :type => :define do let(:title) { 'admins' } let(:filename) { '10_admins' } let(:file_path) { '/etc/sudoers.d/10_admins' } let :facts do { :lsbdistcodename => 'wheezy', :operatingsystemmajrelease => '7', :operatingsystem => 'Debian', :osfamily => 'Debian', :puppetversion => '3.7.0', } end let :params do { :priority => 10, :content => "%admins ALL=(ALL) NOPASSWD: ALL", :sudo_config_dir => '/etc/sudoers.d/', } end describe "when creating a sudo entry" do it { should contain_sudo__conf('admins').with({ :priority => params[:priority], :content => params[:content], }) } it { should contain_file(filename).with({ 'ensure' => 'present', 'content' => "%admins ALL=(ALL) NOPASSWD: ALL\n", 'owner' => 'root', 'group' => 'root', 'path' => file_path, 'mode' => '0440', }) } it { should contain_exec("sudo-syntax-check for file #{params[:sudo_config_dir]}#{params[:priority]}_#{title}").with({ 'command' => "visudo -c -f #{params[:sudo_config_dir]}#{params[:priority]}_#{title} || ( rm -f '#{params[:sudo_config_dir]}#{params[:priority]}_#{title}' && exit 1)", 'refreshonly' => 'true', }) } it { should contain_file(filename).that_notifies("Exec[sudo-syntax-check for file #{params[:sudo_config_dir]}#{params[:priority]}_#{title}]") } it { should_not contain_exec("sudo-syntax-check for file #{params[:sudo_config_dir]}#{params[:priority]}_#{title}").that_requires("File[#{filename}]") } it { should_not contain_file(filename).that_requires("Exec[sudo-syntax-check for file #{params[:sudo_config_dir]}#{params[:priority]}_#{title}]") } end + describe "when creating a sudo entry with single number priority" do + let(:filename) { '05_admins' } + let(:file_path) { '/etc/sudoers.d/05_admins' } + + let :params do + { + :priority => 5, + :content => "%admins ALL=(ALL) NOPASSWD: ALL", + :sudo_config_dir => '/etc/sudoers.d/', + } + end + + it { should contain_sudo__conf('admins').with({ + :priority => params[:priority], + :content => params[:content], + }) + } + + it { should contain_file(filename).with({ + 'ensure' => 'present', + 'content' => "%admins ALL=(ALL) NOPASSWD: ALL\n", + 'owner' => 'root', + 'group' => 'root', + 'path' => file_path, + 'mode' => '0440', + }) + } + + it { should contain_exec("sudo-syntax-check for file #{params[:sudo_config_dir]}0#{params[:priority]}_#{title}").with({ + 'command' => "visudo -c -f #{params[:sudo_config_dir]}0#{params[:priority]}_#{title} || ( rm -f '#{params[:sudo_config_dir]}0#{params[:priority]}_#{title}' && exit 1)", + 'refreshonly' => 'true', + }) + } + + it { should contain_file(filename).that_notifies("Exec[sudo-syntax-check for file #{params[:sudo_config_dir]}0#{params[:priority]}_#{title}]") } + + it { should_not contain_exec("sudo-syntax-check for file #{params[:sudo_config_dir]}0#{params[:priority]}_#{title}").that_requires("File[#{filename}]") } + it { should_not contain_file(filename).that_requires("Exec[sudo-syntax-check for file #{params[:sudo_config_dir]}0#{params[:priority]}_#{title}]") } + + end + describe "when removing an sudo entry" do let :params do { :ensure => 'absent', :priority => 10, :content => "%admins ALL=(ALL) NOPASSWD: ALL", :sudo_config_dir => '/etc/sudoers.d/', } end it { should contain_file(filename).with({ 'ensure' => 'absent', 'content' => "%admins ALL=(ALL) NOPASSWD: ALL\n", 'owner' => 'root', 'group' => 'root', 'path' => file_path, 'mode' => '0440', }) } end + + describe "when removing an sudo entry with single number priority" do + let :params do + { + :ensure => 'absent', + :priority => 5, + :content => "%admins ALL=(ALL) NOPASSWD: ALL", + :sudo_config_dir => '/etc/sudoers.d/', + } + end + + let(:filename) { '05_admins' } + let(:file_path) { '/etc/sudoers.d/05_admins' } + + it { should contain_file(filename).with({ + 'ensure' => 'absent', + 'content' => "%admins ALL=(ALL) NOPASSWD: ALL\n", + 'owner' => 'root', + 'group' => 'root', + 'path' => file_path, + 'mode' => '0440', + }) + } + end end