diff --git a/CODEOWNERS b/CODEOWNERS index ef5bffa..91d6155 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -19,8 +19,11 @@ /docs/AUTHORS.rst @saltstack-formulas/ssf /docs/CHANGELOG.rst @saltstack-formulas/ssf /docs/TOFS_pattern.rst @saltstack-formulas/ssf +/*/_mapdata/ @saltstack-formulas/ssf /*/libsaltcli.jinja @saltstack-formulas/ssf /*/libtofs.jinja @saltstack-formulas/ssf +/test/integration/**/_mapdata_spec.rb @saltstack-formulas/ssf +/test/integration/**/libraries/system.rb @saltstack-formulas/ssf /test/integration/**/inspec.yml @saltstack-formulas/ssf /test/integration/**/README.md @saltstack-formulas/ssf /.gitignore @saltstack-formulas/ssf diff --git a/sudoers/_mapdata/init.sls b/sudoers/_mapdata/init.sls index fa7ac00..a5270eb 100644 --- a/sudoers/_mapdata/init.sls +++ b/sudoers/_mapdata/init.sls @@ -3,14 +3,12 @@ --- {#- Get the `tplroot` from `tpldir` #} {%- set tplroot = tpldir.split('/')[0] %} -{%- from tplroot ~ "/map.jinja" import sudoers with context %} +{%- from tplroot ~ "/map.jinja" import sudoers as mapdata with context %} -{%- set map = { - 'sudoers': sudoers, - } %} -{%- do salt['log.debug']('### MAP.JINJA DUMP ###\n' ~ map | yaml(False)) %} +{%- do salt['log.debug']('### MAP.JINJA DUMP ###\n' ~ mapdata | yaml(False)) %} -{%- set output_file = '/tmp/salt_mapdata_dump.yaml' %} +{%- set output_dir = '/temp' if grains.os_family == 'Windows' else '/tmp' %} +{%- set output_file = output_dir ~ '/salt_mapdata_dump.yaml' %} {{ tplroot }}-mapdata-dump: file.managed: @@ -18,4 +16,4 @@ - source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja - template: jinja - context: - map: {{ map | yaml }} + map: {{ mapdata | yaml }} diff --git a/test/integration/default/controls/_mapdata_spec.rb b/test/integration/default/controls/_mapdata_spec.rb index 7e49d30..2cced0a 100644 --- a/test/integration/default/controls/_mapdata_spec.rb +++ b/test/integration/default/controls/_mapdata_spec.rb @@ -1,13 +1,23 @@ # frozen_string_literal: true +require 'yaml' + control '`map.jinja` YAML dump' do - title 'should contain the lines' + title 'should match the comparison file' + # Strip the `platform[:finger]` version number down to the "OS major release" mapdata_file = "_mapdata/#{system.platform[:finger].split('.').first}.yaml" - mapdata_dump = inspec.profile.file(mapdata_file) - describe file('/tmp/salt_mapdata_dump.yaml') do - it { should exist } - its('content') { should eq mapdata_dump } + # Load the mapdata from profile https://docs.chef.io/inspec/profiles/#profile-files + mapdata_dump = YAML.safe_load(inspec.profile.file(mapdata_file)) + + # Derive the location of the dumped mapdata + output_dir = platform[:family] == 'windows' ? '/temp' : '/tmp' + output_file = "#{output_dir}/salt_mapdata_dump.yaml" + + describe 'File content' do + it 'should match profile map data exactly' do + expect(yaml(output_file).params).to eq(mapdata_dump) + end end end diff --git a/test/integration/default/files/_mapdata/amazonlinux-1.yaml b/test/integration/default/files/_mapdata/amazonlinux-1.yaml index 9575548..5caf6d5 100644 --- a/test/integration/default/files/_mapdata/amazonlinux-1.yaml +++ b/test/integration/default/files/_mapdata/amazonlinux-1.yaml @@ -1,70 +1,69 @@ # yamllint disable rule:indentation rule:line-length # Amazon Linux AMI-2018 --- -sudoers: - aliases: - commands: - PROCESSES: - - /usr/bin/nice - - /bin/kill - - /usr/bin/renice - - /usr/bin/pkill - - /usr/bin/top - hosts: - WEBSERVERS: - - www1 - - www2 - - www3 - users: - ADMINS: - - millert - - dowdy - - mikef - arch: amd64 - configpath: /etc - defaults: - command_list: - PROCESSES: noexec - generic: - - env_reset - - mail_badpass - - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - host_list: - www1: log_year, logfile=/var/log/sudo.log - runas_list: - root: '!set_logname' - user_list: - ADMINS: '!lecture' - johndoe: '!requiretty' - execprefix: /usr/sbin - group: root - groups: - sudo: - - ALL=(ALL) ALL - - 'ALL=(nodejs) NOPASSWD: ALL' - included_files: - /etc/sudoers.d/extra-file: - users: - foo: - - ALL=(ALL) ALL - extra-file-2: - groups: - bargroup: - - 'ALL=(ALL) NOPASSWD: ALL' - extra-file-3: - netgroups: - other_netgroup: - - ALL=(ALL) ALL - includedir: /etc/sudoers.d - manage_main_config: true - netgroups: - sysadmins: - - ALL=(ALL) ALL - pkg: sudo - purge_includedir: false +aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 users: - johndoe: - - ALL=(ALL) ALL - - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - kitchen: - - 'ALL=(root) NOPASSWD: ALL' + ADMINS: + - millert + - dowdy + - mikef +arch: amd64 +configpath: /etc +defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' +execprefix: /usr/sbin +group: root +groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' +included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL +includedir: /etc/sudoers.d +manage_main_config: true +netgroups: + sysadmins: + - ALL=(ALL) ALL +pkg: sudo +purge_includedir: false +users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/amazonlinux-2.yaml b/test/integration/default/files/_mapdata/amazonlinux-2.yaml index 61b0f1a..032fb5b 100644 --- a/test/integration/default/files/_mapdata/amazonlinux-2.yaml +++ b/test/integration/default/files/_mapdata/amazonlinux-2.yaml @@ -1,70 +1,69 @@ # yamllint disable rule:indentation rule:line-length # Amazon Linux-2 --- -sudoers: - aliases: - commands: - PROCESSES: - - /usr/bin/nice - - /bin/kill - - /usr/bin/renice - - /usr/bin/pkill - - /usr/bin/top - hosts: - WEBSERVERS: - - www1 - - www2 - - www3 - users: - ADMINS: - - millert - - dowdy - - mikef - arch: amd64 - configpath: /etc - defaults: - command_list: - PROCESSES: noexec - generic: - - env_reset - - mail_badpass - - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - host_list: - www1: log_year, logfile=/var/log/sudo.log - runas_list: - root: '!set_logname' - user_list: - ADMINS: '!lecture' - johndoe: '!requiretty' - execprefix: /usr/sbin - group: root - groups: - sudo: - - ALL=(ALL) ALL - - 'ALL=(nodejs) NOPASSWD: ALL' - included_files: - /etc/sudoers.d/extra-file: - users: - foo: - - ALL=(ALL) ALL - extra-file-2: - groups: - bargroup: - - 'ALL=(ALL) NOPASSWD: ALL' - extra-file-3: - netgroups: - other_netgroup: - - ALL=(ALL) ALL - includedir: /etc/sudoers.d - manage_main_config: true - netgroups: - sysadmins: - - ALL=(ALL) ALL - pkg: sudo - purge_includedir: false +aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 users: - johndoe: - - ALL=(ALL) ALL - - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - kitchen: - - 'ALL=(root) NOPASSWD: ALL' + ADMINS: + - millert + - dowdy + - mikef +arch: amd64 +configpath: /etc +defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' +execprefix: /usr/sbin +group: root +groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' +included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL +includedir: /etc/sudoers.d +manage_main_config: true +netgroups: + sysadmins: + - ALL=(ALL) ALL +pkg: sudo +purge_includedir: false +users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/arch-base-latest.yaml b/test/integration/default/files/_mapdata/arch-base-latest.yaml index 66d0d5f..0a9406c 100644 --- a/test/integration/default/files/_mapdata/arch-base-latest.yaml +++ b/test/integration/default/files/_mapdata/arch-base-latest.yaml @@ -1,70 +1,69 @@ # yamllint disable rule:indentation rule:line-length # Arch --- -sudoers: - aliases: - commands: - PROCESSES: - - /usr/bin/nice - - /bin/kill - - /usr/bin/renice - - /usr/bin/pkill - - /usr/bin/top - hosts: - WEBSERVERS: - - www1 - - www2 - - www3 - users: - ADMINS: - - millert - - dowdy - - mikef - arch: amd64 - configpath: /etc - defaults: - command_list: - PROCESSES: noexec - generic: - - env_reset - - mail_badpass - - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - host_list: - www1: log_year, logfile=/var/log/sudo.log - runas_list: - root: '!set_logname' - user_list: - ADMINS: '!lecture' - johndoe: '!requiretty' - execprefix: /usr/sbin - group: root - groups: - sudo: - - ALL=(ALL) ALL - - 'ALL=(nodejs) NOPASSWD: ALL' - included_files: - /etc/sudoers.d/extra-file: - users: - foo: - - ALL=(ALL) ALL - extra-file-2: - groups: - bargroup: - - 'ALL=(ALL) NOPASSWD: ALL' - extra-file-3: - netgroups: - other_netgroup: - - ALL=(ALL) ALL - includedir: /etc/sudoers.d - manage_main_config: true - netgroups: - sysadmins: - - ALL=(ALL) ALL - pkg: sudo - purge_includedir: false +aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 users: - johndoe: - - ALL=(ALL) ALL - - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - kitchen: - - 'ALL=(root) NOPASSWD: ALL' + ADMINS: + - millert + - dowdy + - mikef +arch: amd64 +configpath: /etc +defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' +execprefix: /usr/sbin +group: root +groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' +included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL +includedir: /etc/sudoers.d +manage_main_config: true +netgroups: + sysadmins: + - ALL=(ALL) ALL +pkg: sudo +purge_includedir: false +users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/centos-6.yaml b/test/integration/default/files/_mapdata/centos-6.yaml index b690c79..cc7a84e 100644 --- a/test/integration/default/files/_mapdata/centos-6.yaml +++ b/test/integration/default/files/_mapdata/centos-6.yaml @@ -1,70 +1,69 @@ # yamllint disable rule:indentation rule:line-length # CentOS-6 --- -sudoers: - aliases: - commands: - PROCESSES: - - /usr/bin/nice - - /bin/kill - - /usr/bin/renice - - /usr/bin/pkill - - /usr/bin/top - hosts: - WEBSERVERS: - - www1 - - www2 - - www3 - users: - ADMINS: - - millert - - dowdy - - mikef - arch: amd64 - configpath: /etc - defaults: - command_list: - PROCESSES: noexec - generic: - - env_reset - - mail_badpass - - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - host_list: - www1: log_year, logfile=/var/log/sudo.log - runas_list: - root: '!set_logname' - user_list: - ADMINS: '!lecture' - johndoe: '!requiretty' - execprefix: /usr/sbin - group: root - groups: - sudo: - - ALL=(ALL) ALL - - 'ALL=(nodejs) NOPASSWD: ALL' - included_files: - /etc/sudoers.d/extra-file: - users: - foo: - - ALL=(ALL) ALL - extra-file-2: - groups: - bargroup: - - 'ALL=(ALL) NOPASSWD: ALL' - extra-file-3: - netgroups: - other_netgroup: - - ALL=(ALL) ALL - includedir: /etc/sudoers.d - manage_main_config: true - netgroups: - sysadmins: - - ALL=(ALL) ALL - pkg: sudo - purge_includedir: false +aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 users: - johndoe: - - ALL=(ALL) ALL - - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - kitchen: - - 'ALL=(root) NOPASSWD: ALL' + ADMINS: + - millert + - dowdy + - mikef +arch: amd64 +configpath: /etc +defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' +execprefix: /usr/sbin +group: root +groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' +included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL +includedir: /etc/sudoers.d +manage_main_config: true +netgroups: + sysadmins: + - ALL=(ALL) ALL +pkg: sudo +purge_includedir: false +users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/centos-7.yaml b/test/integration/default/files/_mapdata/centos-7.yaml index 2bb1c53..d075933 100644 --- a/test/integration/default/files/_mapdata/centos-7.yaml +++ b/test/integration/default/files/_mapdata/centos-7.yaml @@ -1,70 +1,69 @@ # yamllint disable rule:indentation rule:line-length # CentOS Linux-7 --- -sudoers: - aliases: - commands: - PROCESSES: - - /usr/bin/nice - - /bin/kill - - /usr/bin/renice - - /usr/bin/pkill - - /usr/bin/top - hosts: - WEBSERVERS: - - www1 - - www2 - - www3 - users: - ADMINS: - - millert - - dowdy - - mikef - arch: amd64 - configpath: /etc - defaults: - command_list: - PROCESSES: noexec - generic: - - env_reset - - mail_badpass - - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - host_list: - www1: log_year, logfile=/var/log/sudo.log - runas_list: - root: '!set_logname' - user_list: - ADMINS: '!lecture' - johndoe: '!requiretty' - execprefix: /usr/sbin - group: root - groups: - sudo: - - ALL=(ALL) ALL - - 'ALL=(nodejs) NOPASSWD: ALL' - included_files: - /etc/sudoers.d/extra-file: - users: - foo: - - ALL=(ALL) ALL - extra-file-2: - groups: - bargroup: - - 'ALL=(ALL) NOPASSWD: ALL' - extra-file-3: - netgroups: - other_netgroup: - - ALL=(ALL) ALL - includedir: /etc/sudoers.d - manage_main_config: true - netgroups: - sysadmins: - - ALL=(ALL) ALL - pkg: sudo - purge_includedir: false +aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 users: - johndoe: - - ALL=(ALL) ALL - - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - kitchen: - - 'ALL=(root) NOPASSWD: ALL' + ADMINS: + - millert + - dowdy + - mikef +arch: amd64 +configpath: /etc +defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' +execprefix: /usr/sbin +group: root +groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' +included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL +includedir: /etc/sudoers.d +manage_main_config: true +netgroups: + sysadmins: + - ALL=(ALL) ALL +pkg: sudo +purge_includedir: false +users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/centos-8.yaml b/test/integration/default/files/_mapdata/centos-8.yaml index bac8e20..38f574d 100644 --- a/test/integration/default/files/_mapdata/centos-8.yaml +++ b/test/integration/default/files/_mapdata/centos-8.yaml @@ -1,70 +1,69 @@ # yamllint disable rule:indentation rule:line-length # CentOS Linux-8 --- -sudoers: - aliases: - commands: - PROCESSES: - - /usr/bin/nice - - /bin/kill - - /usr/bin/renice - - /usr/bin/pkill - - /usr/bin/top - hosts: - WEBSERVERS: - - www1 - - www2 - - www3 - users: - ADMINS: - - millert - - dowdy - - mikef - arch: amd64 - configpath: /etc - defaults: - command_list: - PROCESSES: noexec - generic: - - env_reset - - mail_badpass - - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - host_list: - www1: log_year, logfile=/var/log/sudo.log - runas_list: - root: '!set_logname' - user_list: - ADMINS: '!lecture' - johndoe: '!requiretty' - execprefix: /usr/sbin - group: root - groups: - sudo: - - ALL=(ALL) ALL - - 'ALL=(nodejs) NOPASSWD: ALL' - included_files: - /etc/sudoers.d/extra-file: - users: - foo: - - ALL=(ALL) ALL - extra-file-2: - groups: - bargroup: - - 'ALL=(ALL) NOPASSWD: ALL' - extra-file-3: - netgroups: - other_netgroup: - - ALL=(ALL) ALL - includedir: /etc/sudoers.d - manage_main_config: true - netgroups: - sysadmins: - - ALL=(ALL) ALL - pkg: sudo - purge_includedir: false +aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 users: - johndoe: - - ALL=(ALL) ALL - - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - kitchen: - - 'ALL=(root) NOPASSWD: ALL' + ADMINS: + - millert + - dowdy + - mikef +arch: amd64 +configpath: /etc +defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' +execprefix: /usr/sbin +group: root +groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' +included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL +includedir: /etc/sudoers.d +manage_main_config: true +netgroups: + sysadmins: + - ALL=(ALL) ALL +pkg: sudo +purge_includedir: false +users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/debian-10.yaml b/test/integration/default/files/_mapdata/debian-10.yaml index 0492b71..a1d3032 100644 --- a/test/integration/default/files/_mapdata/debian-10.yaml +++ b/test/integration/default/files/_mapdata/debian-10.yaml @@ -1,70 +1,69 @@ # yamllint disable rule:indentation rule:line-length # Debian-10 --- -sudoers: - aliases: - commands: - PROCESSES: - - /usr/bin/nice - - /bin/kill - - /usr/bin/renice - - /usr/bin/pkill - - /usr/bin/top - hosts: - WEBSERVERS: - - www1 - - www2 - - www3 - users: - ADMINS: - - millert - - dowdy - - mikef - arch: amd64 - configpath: /etc - defaults: - command_list: - PROCESSES: noexec - generic: - - env_reset - - mail_badpass - - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - host_list: - www1: log_year, logfile=/var/log/sudo.log - runas_list: - root: '!set_logname' - user_list: - ADMINS: '!lecture' - johndoe: '!requiretty' - execprefix: /usr/sbin - group: root - groups: - sudo: - - ALL=(ALL) ALL - - 'ALL=(nodejs) NOPASSWD: ALL' - included_files: - /etc/sudoers.d/extra-file: - users: - foo: - - ALL=(ALL) ALL - extra-file-2: - groups: - bargroup: - - 'ALL=(ALL) NOPASSWD: ALL' - extra-file-3: - netgroups: - other_netgroup: - - ALL=(ALL) ALL - includedir: /etc/sudoers.d - manage_main_config: true - netgroups: - sysadmins: - - ALL=(ALL) ALL - pkg: sudo - purge_includedir: false +aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 users: - johndoe: - - ALL=(ALL) ALL - - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - kitchen: - - 'ALL=(root) NOPASSWD: ALL' + ADMINS: + - millert + - dowdy + - mikef +arch: amd64 +configpath: /etc +defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' +execprefix: /usr/sbin +group: root +groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' +included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL +includedir: /etc/sudoers.d +manage_main_config: true +netgroups: + sysadmins: + - ALL=(ALL) ALL +pkg: sudo +purge_includedir: false +users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/debian-9.yaml b/test/integration/default/files/_mapdata/debian-9.yaml index 2931695..f386a43 100644 --- a/test/integration/default/files/_mapdata/debian-9.yaml +++ b/test/integration/default/files/_mapdata/debian-9.yaml @@ -1,70 +1,69 @@ # yamllint disable rule:indentation rule:line-length # Debian-9 --- -sudoers: - aliases: - commands: - PROCESSES: - - /usr/bin/nice - - /bin/kill - - /usr/bin/renice - - /usr/bin/pkill - - /usr/bin/top - hosts: - WEBSERVERS: - - www1 - - www2 - - www3 - users: - ADMINS: - - millert - - dowdy - - mikef - arch: amd64 - configpath: /etc - defaults: - command_list: - PROCESSES: noexec - generic: - - env_reset - - mail_badpass - - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - host_list: - www1: log_year, logfile=/var/log/sudo.log - runas_list: - root: '!set_logname' - user_list: - ADMINS: '!lecture' - johndoe: '!requiretty' - execprefix: /usr/sbin - group: root - groups: - sudo: - - ALL=(ALL) ALL - - 'ALL=(nodejs) NOPASSWD: ALL' - included_files: - /etc/sudoers.d/extra-file: - users: - foo: - - ALL=(ALL) ALL - extra-file-2: - groups: - bargroup: - - 'ALL=(ALL) NOPASSWD: ALL' - extra-file-3: - netgroups: - other_netgroup: - - ALL=(ALL) ALL - includedir: /etc/sudoers.d - manage_main_config: true - netgroups: - sysadmins: - - ALL=(ALL) ALL - pkg: sudo - purge_includedir: false +aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 users: - johndoe: - - ALL=(ALL) ALL - - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - kitchen: - - 'ALL=(root) NOPASSWD: ALL' + ADMINS: + - millert + - dowdy + - mikef +arch: amd64 +configpath: /etc +defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' +execprefix: /usr/sbin +group: root +groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' +included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL +includedir: /etc/sudoers.d +manage_main_config: true +netgroups: + sysadmins: + - ALL=(ALL) ALL +pkg: sudo +purge_includedir: false +users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/fedora-31.yaml b/test/integration/default/files/_mapdata/fedora-31.yaml index d9ee555..dc1c7c5 100644 --- a/test/integration/default/files/_mapdata/fedora-31.yaml +++ b/test/integration/default/files/_mapdata/fedora-31.yaml @@ -1,70 +1,69 @@ # yamllint disable rule:indentation rule:line-length # Fedora-31 --- -sudoers: - aliases: - commands: - PROCESSES: - - /usr/bin/nice - - /bin/kill - - /usr/bin/renice - - /usr/bin/pkill - - /usr/bin/top - hosts: - WEBSERVERS: - - www1 - - www2 - - www3 - users: - ADMINS: - - millert - - dowdy - - mikef - arch: amd64 - configpath: /etc - defaults: - command_list: - PROCESSES: noexec - generic: - - env_reset - - mail_badpass - - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - host_list: - www1: log_year, logfile=/var/log/sudo.log - runas_list: - root: '!set_logname' - user_list: - ADMINS: '!lecture' - johndoe: '!requiretty' - execprefix: /usr/sbin - group: root - groups: - sudo: - - ALL=(ALL) ALL - - 'ALL=(nodejs) NOPASSWD: ALL' - included_files: - /etc/sudoers.d/extra-file: - users: - foo: - - ALL=(ALL) ALL - extra-file-2: - groups: - bargroup: - - 'ALL=(ALL) NOPASSWD: ALL' - extra-file-3: - netgroups: - other_netgroup: - - ALL=(ALL) ALL - includedir: /etc/sudoers.d - manage_main_config: true - netgroups: - sysadmins: - - ALL=(ALL) ALL - pkg: sudo - purge_includedir: false +aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 users: - johndoe: - - ALL=(ALL) ALL - - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - kitchen: - - 'ALL=(root) NOPASSWD: ALL' + ADMINS: + - millert + - dowdy + - mikef +arch: amd64 +configpath: /etc +defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' +execprefix: /usr/sbin +group: root +groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' +included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL +includedir: /etc/sudoers.d +manage_main_config: true +netgroups: + sysadmins: + - ALL=(ALL) ALL +pkg: sudo +purge_includedir: false +users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/fedora-32.yaml b/test/integration/default/files/_mapdata/fedora-32.yaml index c07e8ec..785cd50 100644 --- a/test/integration/default/files/_mapdata/fedora-32.yaml +++ b/test/integration/default/files/_mapdata/fedora-32.yaml @@ -1,70 +1,69 @@ # yamllint disable rule:indentation rule:line-length # Fedora-32 --- -sudoers: - aliases: - commands: - PROCESSES: - - /usr/bin/nice - - /bin/kill - - /usr/bin/renice - - /usr/bin/pkill - - /usr/bin/top - hosts: - WEBSERVERS: - - www1 - - www2 - - www3 - users: - ADMINS: - - millert - - dowdy - - mikef - arch: amd64 - configpath: /etc - defaults: - command_list: - PROCESSES: noexec - generic: - - env_reset - - mail_badpass - - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - host_list: - www1: log_year, logfile=/var/log/sudo.log - runas_list: - root: '!set_logname' - user_list: - ADMINS: '!lecture' - johndoe: '!requiretty' - execprefix: /usr/sbin - group: root - groups: - sudo: - - ALL=(ALL) ALL - - 'ALL=(nodejs) NOPASSWD: ALL' - included_files: - /etc/sudoers.d/extra-file: - users: - foo: - - ALL=(ALL) ALL - extra-file-2: - groups: - bargroup: - - 'ALL=(ALL) NOPASSWD: ALL' - extra-file-3: - netgroups: - other_netgroup: - - ALL=(ALL) ALL - includedir: /etc/sudoers.d - manage_main_config: true - netgroups: - sysadmins: - - ALL=(ALL) ALL - pkg: sudo - purge_includedir: false +aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 users: - johndoe: - - ALL=(ALL) ALL - - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - kitchen: - - 'ALL=(root) NOPASSWD: ALL' + ADMINS: + - millert + - dowdy + - mikef +arch: amd64 +configpath: /etc +defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' +execprefix: /usr/sbin +group: root +groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' +included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL +includedir: /etc/sudoers.d +manage_main_config: true +netgroups: + sysadmins: + - ALL=(ALL) ALL +pkg: sudo +purge_includedir: false +users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/opensuse-15.yaml b/test/integration/default/files/_mapdata/opensuse-15.yaml index 5a757b5..c21354e 100644 --- a/test/integration/default/files/_mapdata/opensuse-15.yaml +++ b/test/integration/default/files/_mapdata/opensuse-15.yaml @@ -1,70 +1,69 @@ # yamllint disable rule:indentation rule:line-length # Leap-15 --- -sudoers: - aliases: - commands: - PROCESSES: - - /usr/bin/nice - - /bin/kill - - /usr/bin/renice - - /usr/bin/pkill - - /usr/bin/top - hosts: - WEBSERVERS: - - www1 - - www2 - - www3 - users: - ADMINS: - - millert - - dowdy - - mikef - arch: amd64 - configpath: /etc - defaults: - command_list: - PROCESSES: noexec - generic: - - env_reset - - mail_badpass - - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - host_list: - www1: log_year, logfile=/var/log/sudo.log - runas_list: - root: '!set_logname' - user_list: - ADMINS: '!lecture' - johndoe: '!requiretty' - execprefix: /usr/sbin - group: root - groups: - sudo: - - ALL=(ALL) ALL - - 'ALL=(nodejs) NOPASSWD: ALL' - included_files: - /etc/sudoers.d/extra-file: - users: - foo: - - ALL=(ALL) ALL - extra-file-2: - groups: - bargroup: - - 'ALL=(ALL) NOPASSWD: ALL' - extra-file-3: - netgroups: - other_netgroup: - - ALL=(ALL) ALL - includedir: /etc/sudoers.d - manage_main_config: true - netgroups: - sysadmins: - - ALL=(ALL) ALL - pkg: sudo - purge_includedir: false +aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 users: - johndoe: - - ALL=(ALL) ALL - - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - kitchen: - - 'ALL=(root) NOPASSWD: ALL' + ADMINS: + - millert + - dowdy + - mikef +arch: amd64 +configpath: /etc +defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' +execprefix: /usr/sbin +group: root +groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' +included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL +includedir: /etc/sudoers.d +manage_main_config: true +netgroups: + sysadmins: + - ALL=(ALL) ALL +pkg: sudo +purge_includedir: false +users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/ubuntu-16.yaml b/test/integration/default/files/_mapdata/ubuntu-16.yaml index fbf96f4..2c61653 100644 --- a/test/integration/default/files/_mapdata/ubuntu-16.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-16.yaml @@ -1,70 +1,69 @@ # yamllint disable rule:indentation rule:line-length # Ubuntu-16.04 --- -sudoers: - aliases: - commands: - PROCESSES: - - /usr/bin/nice - - /bin/kill - - /usr/bin/renice - - /usr/bin/pkill - - /usr/bin/top - hosts: - WEBSERVERS: - - www1 - - www2 - - www3 - users: - ADMINS: - - millert - - dowdy - - mikef - arch: amd64 - configpath: /etc - defaults: - command_list: - PROCESSES: noexec - generic: - - env_reset - - mail_badpass - - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - host_list: - www1: log_year, logfile=/var/log/sudo.log - runas_list: - root: '!set_logname' - user_list: - ADMINS: '!lecture' - johndoe: '!requiretty' - execprefix: /usr/sbin - group: root - groups: - sudo: - - ALL=(ALL) ALL - - 'ALL=(nodejs) NOPASSWD: ALL' - included_files: - /etc/sudoers.d/extra-file: - users: - foo: - - ALL=(ALL) ALL - extra-file-2: - groups: - bargroup: - - 'ALL=(ALL) NOPASSWD: ALL' - extra-file-3: - netgroups: - other_netgroup: - - ALL=(ALL) ALL - includedir: /etc/sudoers.d - manage_main_config: true - netgroups: - sysadmins: - - ALL=(ALL) ALL - pkg: sudo - purge_includedir: false +aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 users: - johndoe: - - ALL=(ALL) ALL - - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - kitchen: - - 'ALL=(root) NOPASSWD: ALL' + ADMINS: + - millert + - dowdy + - mikef +arch: amd64 +configpath: /etc +defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' +execprefix: /usr/sbin +group: root +groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' +included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL +includedir: /etc/sudoers.d +manage_main_config: true +netgroups: + sysadmins: + - ALL=(ALL) ALL +pkg: sudo +purge_includedir: false +users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/ubuntu-18.yaml b/test/integration/default/files/_mapdata/ubuntu-18.yaml index a514554..646c083 100644 --- a/test/integration/default/files/_mapdata/ubuntu-18.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-18.yaml @@ -1,70 +1,69 @@ # yamllint disable rule:indentation rule:line-length # Ubuntu-18.04 --- -sudoers: - aliases: - commands: - PROCESSES: - - /usr/bin/nice - - /bin/kill - - /usr/bin/renice - - /usr/bin/pkill - - /usr/bin/top - hosts: - WEBSERVERS: - - www1 - - www2 - - www3 - users: - ADMINS: - - millert - - dowdy - - mikef - arch: amd64 - configpath: /etc - defaults: - command_list: - PROCESSES: noexec - generic: - - env_reset - - mail_badpass - - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - host_list: - www1: log_year, logfile=/var/log/sudo.log - runas_list: - root: '!set_logname' - user_list: - ADMINS: '!lecture' - johndoe: '!requiretty' - execprefix: /usr/sbin - group: root - groups: - sudo: - - ALL=(ALL) ALL - - 'ALL=(nodejs) NOPASSWD: ALL' - included_files: - /etc/sudoers.d/extra-file: - users: - foo: - - ALL=(ALL) ALL - extra-file-2: - groups: - bargroup: - - 'ALL=(ALL) NOPASSWD: ALL' - extra-file-3: - netgroups: - other_netgroup: - - ALL=(ALL) ALL - includedir: /etc/sudoers.d - manage_main_config: true - netgroups: - sysadmins: - - ALL=(ALL) ALL - pkg: sudo - purge_includedir: false +aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 users: - johndoe: - - ALL=(ALL) ALL - - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - kitchen: - - 'ALL=(root) NOPASSWD: ALL' + ADMINS: + - millert + - dowdy + - mikef +arch: amd64 +configpath: /etc +defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' +execprefix: /usr/sbin +group: root +groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' +included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL +includedir: /etc/sudoers.d +manage_main_config: true +netgroups: + sysadmins: + - ALL=(ALL) ALL +pkg: sudo +purge_includedir: false +users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/ubuntu-20.yaml b/test/integration/default/files/_mapdata/ubuntu-20.yaml index 76f85c0..c9fe179 100644 --- a/test/integration/default/files/_mapdata/ubuntu-20.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-20.yaml @@ -1,70 +1,69 @@ # yamllint disable rule:indentation rule:line-length # Ubuntu-20.04 --- -sudoers: - aliases: - commands: - PROCESSES: - - /usr/bin/nice - - /bin/kill - - /usr/bin/renice - - /usr/bin/pkill - - /usr/bin/top - hosts: - WEBSERVERS: - - www1 - - www2 - - www3 - users: - ADMINS: - - millert - - dowdy - - mikef - arch: amd64 - configpath: /etc - defaults: - command_list: - PROCESSES: noexec - generic: - - env_reset - - mail_badpass - - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - host_list: - www1: log_year, logfile=/var/log/sudo.log - runas_list: - root: '!set_logname' - user_list: - ADMINS: '!lecture' - johndoe: '!requiretty' - execprefix: /usr/sbin - group: root - groups: - sudo: - - ALL=(ALL) ALL - - 'ALL=(nodejs) NOPASSWD: ALL' - included_files: - /etc/sudoers.d/extra-file: - users: - foo: - - ALL=(ALL) ALL - extra-file-2: - groups: - bargroup: - - 'ALL=(ALL) NOPASSWD: ALL' - extra-file-3: - netgroups: - other_netgroup: - - ALL=(ALL) ALL - includedir: /etc/sudoers.d - manage_main_config: true - netgroups: - sysadmins: - - ALL=(ALL) ALL - pkg: sudo - purge_includedir: false +aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 users: - johndoe: - - ALL=(ALL) ALL - - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - kitchen: - - 'ALL=(root) NOPASSWD: ALL' + ADMINS: + - millert + - dowdy + - mikef +arch: amd64 +configpath: /etc +defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' +execprefix: /usr/sbin +group: root +groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' +included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL +includedir: /etc/sudoers.d +manage_main_config: true +netgroups: + sysadmins: + - ALL=(ALL) ALL +pkg: sudo +purge_includedir: false +users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/share/README.md b/test/integration/share/README.md index 06fd928..5bc510c 100644 --- a/test/integration/share/README.md +++ b/test/integration/share/README.md @@ -2,37 +2,20 @@ This shows the implementation of the `share` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md). -It's goal is to share the libraries between all profiles. +Its goal is to share the libraries between all profiles. -## Verify a profile +## Libraries -InSpec ships with built-in features to verify a profile structure. +### `system` -```bash -$ inspec check share -Summary -------- -Location: share -Profile: profile -Controls: 4 -Timestamp: 2019-06-24T23:09:01+00:00 -Valid: true +The `system` library provides easy access to system dependent information: -Errors ------- - -Warnings --------- -``` - -## Execute a profile - -To run all **supported** controls on a local machine use `inspec exec /path/to/profile`. - -```bash -$ inspec exec share -.. - -Finished in 0.0025 seconds (files took 0.12449 seconds to load) -8 examples, 0 failures -``` +- `system.platform`: based on `inspec.platform`, modify to values that are more consistent from a SaltStack perspective + - `system.platform[:family]` provide a family name for Arch and Gentoo + - `system.platform[:name]` append `linux` to both `amazon` and `oracle`; ensure Windows platforms are resolved as simply `windows` + - `system.platform[:release]` tweak Arch, Amazon Linux, Gentoo and Windows: + - `Arch` is always `base-latest` + - `Amazon Linux` release `2018` is resolved as `1` + - `Gentoo` release is trimmed to its major version number and then the init system is appended (i.e. `sysv` or `sysd`) + - `Windows` uses the widely-used release number (e.g. `8.1` or `2019-server`) in place of the actual system release version + - `system.platform[:finger]` is the concatenation of the name and the major release number (except for Ubuntu, which gives `ubuntu-20.04` for example) diff --git a/test/integration/share/inspec.yml b/test/integration/share/inspec.yml index 1305933..697417a 100644 --- a/test/integration/share/inspec.yml +++ b/test/integration/share/inspec.yml @@ -2,7 +2,7 @@ # vim: ft=yaml --- name: share -title: sudoers formula +title: InSpec shared resources maintainer: SaltStack Formulas license: Apache-2.0 summary: shared resources @@ -15,4 +15,7 @@ supports: - platform-name: suse - platform-name: freebsd - platform-name: amazon + - platform-name: oracle - platform-name: arch + - platform-name: gentoo + - platform: windows diff --git a/test/integration/share/libraries/system.rb b/test/integration/share/libraries/system.rb index 220493e..ef23499 100644 --- a/test/integration/share/libraries/system.rb +++ b/test/integration/share/libraries/system.rb @@ -27,8 +27,8 @@ class SystemResource < Inspec.resource(1) def build_platform_family case inspec.platform[:name] - when 'arch' - 'arch' + when 'arch', 'gentoo' + inspec.platform[:name] else inspec.platform[:family] end @@ -36,13 +36,16 @@ class SystemResource < Inspec.resource(1) def build_platform_name case inspec.platform[:name] - when 'amazon' - 'amazonlinux' + when 'amazon', 'oracle' + "#{inspec.platform[:name]}linux" + when 'windows_8.1_pro', 'windows_server_2019_datacenter' + 'windows' else inspec.platform[:name] end end + # rubocop:disable Metrics/MethodLength def build_platform_release case inspec.platform[:name] when 'amazon' @@ -52,10 +55,15 @@ class SystemResource < Inspec.resource(1) 'base-latest' when 'gentoo' "#{inspec.platform[:release].split('.')[0]}-#{derive_gentoo_init_system}" + when 'windows_8.1_pro' + '8.1' + when 'windows_server_2019_datacenter' + '2019-server' else inspec.platform[:release] end end + # rubocop:enable Metrics/MethodLength def derive_gentoo_init_system case inspec.command('systemctl').exist?