diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index dcea8a8..da5e135 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -137,19 +137,19 @@ rubocop: # default-rockylinux-8-tiamat-py3: {extends: '.test_instance'} default-debian-11-master-py3: {extends: '.test_instance'} default-debian-10-master-py3: {extends: '.test_instance'} -default-debian-9-master-py3: {extends: '.test_instance'} +appended-debian-9-master-py3: {extends: '.test_instance'} default-ubuntu-2004-master-py3: {extends: '.test_instance'} default-ubuntu-1804-master-py3: {extends: '.test_instance'} default-centos-8-master-py3: {extends: '.test_instance'} -default-centos-7-master-py3: {extends: '.test_instance'} +appended-centos-7-master-py3: {extends: '.test_instance'} default-fedora-34-master-py3: {extends: '.test_instance'} default-fedora-33-master-py3: {extends: '.test_instance'} default-opensuse-leap-153-master-py3: {extends: '.test_instance'} -default-opensuse-leap-152-master-py3: {extends: '.test_instance'} +appended-opensuse-leap-152-master-py3: {extends: '.test_instance'} default-opensuse-tmbl-latest-master-py3: {extends: '.test_instance'} default-amazonlinux-2-master-py3: {extends: '.test_instance'} default-oraclelinux-8-master-py3: {extends: '.test_instance'} -default-oraclelinux-7-master-py3: {extends: '.test_instance'} +appended-oraclelinux-7-master-py3: {extends: '.test_instance'} default-arch-base-latest-master-py3: {extends: '.test_instance'} default-gentoo-stage3-latest-master-py3: {extends: '.test_instance'} default-gentoo-stage3-systemd-master-py3: {extends: '.test_instance'} diff --git a/kitchen.yml b/kitchen.yml index 7d23efe..b0bb366 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -448,3 +448,23 @@ suites: verifier: inspec_tests: - path: test/integration/default + - name: appended + provisioner: + state_top: + base: + '*': + - sudoers._mapdata + - sudoers + - sudoers.included + pillars: + top.sls: + base: + '*': + - kitchen + - sudoers + pillars_from_files: + kitchen.sls: test/salt/pillar/kitchen.sls + sudoers.sls: test/salt/pillar/appended.sls + verifier: + inspec_tests: + - path: test/integration/appended diff --git a/sudoers/included/install.sls b/sudoers/included/install.sls index cf5da06..28f0cf6 100644 --- a/sudoers/included/install.sls +++ b/sudoers/included/install.sls @@ -18,13 +18,13 @@ include: {% set included_files = sudoers.included_files %} {% for included_file, spec in included_files.items() -%} + {%- if '/' not in included_file %} + {%- set included_file = sudoers.includedir ~ '/' ~ included_file %} + {%- endif %} + sudoers include {{ included_file }}: file.managed: - {% if '/' in included_file %} - name: {{ included_file }} - {% else %} - - name: {{ sudoers.includedir }}/{{ included_file }} - {% endif %} - user: root - group: {{ sudoers.group }} - mode: 440 @@ -40,9 +40,15 @@ sudoers include {{ included_file }}: - file: {{ sudoers.configpath }}/sudoers - require_in: - file: {{ sudoers.includedir }} + {% elif sudoers.append_included_files_to_endof_main_config %} + +sudoers append {{ included_file }}: file.append: - name: {{ sudoers.configpath }}/sudoers - - text: '#include {{ sudoers.configpath }}/sudoers.d/{{ included_file }}' + - text: '#include {{ included_file }}' + - require: + - file: sudoers include {{ included_file }} {% endif %} + {% endfor %} diff --git a/test/integration/appended/README.md b/test/integration/appended/README.md new file mode 100644 index 0000000..978a783 --- /dev/null +++ b/test/integration/appended/README.md @@ -0,0 +1,50 @@ +# InSpec Profile: `appended` + +This shows the implementation of the `appended` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md). + +## Verify a profile + +InSpec ships with built-in features to verify a profile structure. + +```bash +$ inspec check appended +Summary +------- +Location: appended +Profile: profile +Controls: 4 +Timestamp: 2019-06-24T23:09:01+00:00 +Valid: true + +Errors +------ + +Warnings +-------- +``` + +## Execute a profile + +To run all **supported** controls on a local machine use `inspec exec /path/to/profile`. + +```bash +$ inspec exec appended +.. + +Finished in 0.0025 seconds (files took 0.12449 seconds to load) +8 examples, 0 failures +``` + +## Execute a specific control from a profile + +To run one control from the profile use `inspec exec /path/to/profile --controls name`. + +```bash +$ inspec exec appended --controls package +. + +Finished in 0.0025 seconds (files took 0.12449 seconds to load) +1 examples, 0 failures +``` + +See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb). diff --git a/test/integration/appended/controls/_mapdata.rb b/test/integration/appended/controls/_mapdata.rb new file mode 100644 index 0000000..0b0c7ac --- /dev/null +++ b/test/integration/appended/controls/_mapdata.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: true + +require 'yaml' + +control 'sudoers._mapdata' do + title '`map.jinja` should match the reference file' + + ### Method + # The steps below for each file appear convoluted but they are both required + # and similar in nature: + # 1. The earliest method was to simply compare the files textually but this often + # led to false positives due to inconsistencies (e.g. spacing, ordering) + # 2. The next method was to load the files back into YAML structures and then + # compare but InSpec provided block diffs this way, unusable by end users + # 3. The final step was to dump the YAML structures back into a string to use + # for the comparison; this both worked and provided human-friendly diffs + + ### Comparison file for the specific platform + ### Static, adjusted as part of code contributions, as map data is changed + # Strip the `platform[:finger]` version number down to the "OS major release" + platform_finger = system.platform[:finger].split('.').first.to_s + # Use that to set the path to the file (relative to the InSpec suite directory) + mapdata_file_path = "_mapdata/#{platform_finger}.yaml" + # Load the mapdata from profile, into a YAML structure + # https://docs.chef.io/inspec/profiles/#profile-files + mapdata_file_yaml = YAML.load(inspec.profile.file(mapdata_file_path)) + # Dump the YAML back into a string for comparison + mapdata_file_dump = YAML.dump(mapdata_file_yaml) + + ### Output file produced by running the `_mapdata` state + ### Dynamic, generated during Kitchen's `converge` phase + # Derive the location of the dumped mapdata (differs for Windows) + output_dir = platform[:family] == 'windows' ? '/temp' : '/tmp' + # Use that to set the path to the file (absolute path, i.e. within the container) + output_file_path = "#{output_dir}/salt_mapdata_dump.yaml" + # Load the output into a YAML structure using InSpec's `yaml` resource + # https://github.com/inspec/inspec/blob/49b7d10/lib/inspec/resources/yaml.rb#L29 + output_file_yaml = yaml(output_file_path).params + # Dump the YAML back into a string for comparison + output_file_dump = YAML.dump(output_file_yaml) + + describe 'File content' do + it 'should match profile map data exactly' do + expect(output_file_dump).to eq(mapdata_file_dump) + end + end +end diff --git a/test/integration/appended/controls/config.rb b/test/integration/appended/controls/config.rb new file mode 100644 index 0000000..e8e1db6 --- /dev/null +++ b/test/integration/appended/controls/config.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +control 'Sudoers configuration' do + title 'should match desired lines' + + describe file('/etc/sudoers') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its('content') { should include '#include /etc/sudoers.d/extra-file1' } + its('content') { should include '#include /etc/sudoers.d/extra-file2' } + its('content') { should include '#include /etc/sudoers.d/extra-file3' } + end + + describe file('/etc/sudoers.d/extra-file1') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its('mode') { should cmp '0440' } + its('content') { should include 'foo ALL=(ALL) ALL' } + end + + describe file('/etc/sudoers.d/extra-file2') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its('mode') { should cmp '0440' } + its('content') { should include '%bargroup ALL=(ALL) NOPASSWD: ALL' } + end + + describe file('/etc/sudoers.d/extra-file3') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its('mode') { should cmp '0440' } + its('content') { should include '+other_netgroup ALL=(ALL) ALL' } + end +end diff --git a/test/integration/appended/controls/package.rb b/test/integration/appended/controls/package.rb new file mode 100644 index 0000000..e83d035 --- /dev/null +++ b/test/integration/appended/controls/package.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +control 'Sudo package' do + title 'should be installed' + + describe package('sudo') do + it { should be_installed } + end +end diff --git a/test/integration/appended/files/_mapdata/almalinux-8.yaml b/test/integration/appended/files/_mapdata/almalinux-8.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/almalinux-8.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/amazonlinux-1.yaml b/test/integration/appended/files/_mapdata/amazonlinux-1.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/amazonlinux-1.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/amazonlinux-2.yaml b/test/integration/appended/files/_mapdata/amazonlinux-2.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/amazonlinux-2.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/arch-base-latest.yaml b/test/integration/appended/files/_mapdata/arch-base-latest.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/arch-base-latest.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/centos-6.yaml b/test/integration/appended/files/_mapdata/centos-6.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/centos-6.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/centos-7.yaml b/test/integration/appended/files/_mapdata/centos-7.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/centos-7.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/centos-8.yaml b/test/integration/appended/files/_mapdata/centos-8.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/centos-8.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/debian-10.yaml b/test/integration/appended/files/_mapdata/debian-10.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/debian-10.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/debian-11.yaml b/test/integration/appended/files/_mapdata/debian-11.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/debian-11.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/debian-9.yaml b/test/integration/appended/files/_mapdata/debian-9.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/debian-9.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/fedora-31.yaml b/test/integration/appended/files/_mapdata/fedora-31.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/fedora-31.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/fedora-32.yaml b/test/integration/appended/files/_mapdata/fedora-32.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/fedora-32.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/fedora-33.yaml b/test/integration/appended/files/_mapdata/fedora-33.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/fedora-33.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/fedora-34.yaml b/test/integration/appended/files/_mapdata/fedora-34.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/fedora-34.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/gentoo-2-sysd.yaml b/test/integration/appended/files/_mapdata/gentoo-2-sysd.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/gentoo-2-sysd.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/gentoo-2-sysv.yaml b/test/integration/appended/files/_mapdata/gentoo-2-sysv.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/gentoo-2-sysv.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/opensuse-15.yaml b/test/integration/appended/files/_mapdata/opensuse-15.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/opensuse-15.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/opensuse-tumbleweed.yaml b/test/integration/appended/files/_mapdata/opensuse-tumbleweed.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/opensuse-tumbleweed.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/oraclelinux-7.yaml b/test/integration/appended/files/_mapdata/oraclelinux-7.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/oraclelinux-7.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/oraclelinux-8.yaml b/test/integration/appended/files/_mapdata/oraclelinux-8.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/oraclelinux-8.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/rockylinux-8.yaml b/test/integration/appended/files/_mapdata/rockylinux-8.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/rockylinux-8.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/ubuntu-16.yaml b/test/integration/appended/files/_mapdata/ubuntu-16.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/ubuntu-16.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/ubuntu-18.yaml b/test/integration/appended/files/_mapdata/ubuntu-18.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/ubuntu-18.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/ubuntu-20.yaml b/test/integration/appended/files/_mapdata/ubuntu-20.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/ubuntu-20.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/inspec.yml b/test/integration/appended/inspec.yml new file mode 100644 index 0000000..8c9089d --- /dev/null +++ b/test/integration/appended/inspec.yml @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +name: appended +title: sudoers formula +maintainer: SaltStack Formulas +license: Apache-2.0 +summary: Verify that the sudoers formula is setup and configured correctly +depends: + - name: share + path: test/integration/share +supports: + - platform-name: debian + - platform-name: ubuntu + - platform-name: centos + - platform-name: fedora + - platform-name: opensuse + - platform-name: suse + - platform-name: freebsd + - platform-name: openbsd + - platform-name: amazon + - platform-name: oracle + - platform-name: arch + - platform-name: gentoo + - platform-name: almalinux + - platform-name: rocky + - platform: windows diff --git a/test/salt/pillar/appended.sls b/test/salt/pillar/appended.sls new file mode 100644 index 0000000..85566bc --- /dev/null +++ b/test/salt/pillar/appended.sls @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +sudoers: + manage_main_config: false + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - 'ALL=(ALL) ALL' + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - 'ALL=(ALL) ALL' + append_included_files_to_endof_main_config: true