1
0
Fork 0
mirror of synced 2025-01-04 12:12:54 -05:00

Merge pull request #69 from myii/test/compare-mapdata-using-yaml

test(map): standardise `map.jinja` verification
This commit is contained in:
Imran Iqbal 2020-12-22 12:35:55 +00:00 committed by GitHub
commit 4933e91cf7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
20 changed files with 962 additions and 971 deletions

View file

@ -19,8 +19,11 @@
/docs/AUTHORS.rst @saltstack-formulas/ssf /docs/AUTHORS.rst @saltstack-formulas/ssf
/docs/CHANGELOG.rst @saltstack-formulas/ssf /docs/CHANGELOG.rst @saltstack-formulas/ssf
/docs/TOFS_pattern.rst @saltstack-formulas/ssf /docs/TOFS_pattern.rst @saltstack-formulas/ssf
/*/_mapdata/ @saltstack-formulas/ssf
/*/libsaltcli.jinja @saltstack-formulas/ssf /*/libsaltcli.jinja @saltstack-formulas/ssf
/*/libtofs.jinja @saltstack-formulas/ssf /*/libtofs.jinja @saltstack-formulas/ssf
/test/integration/**/_mapdata_spec.rb @saltstack-formulas/ssf
/test/integration/**/libraries/system.rb @saltstack-formulas/ssf
/test/integration/**/inspec.yml @saltstack-formulas/ssf /test/integration/**/inspec.yml @saltstack-formulas/ssf
/test/integration/**/README.md @saltstack-formulas/ssf /test/integration/**/README.md @saltstack-formulas/ssf
/.gitignore @saltstack-formulas/ssf /.gitignore @saltstack-formulas/ssf

View file

@ -3,14 +3,12 @@
--- ---
{#- Get the `tplroot` from `tpldir` #} {#- Get the `tplroot` from `tpldir` #}
{%- set tplroot = tpldir.split('/')[0] %} {%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ "/map.jinja" import sudoers with context %} {%- from tplroot ~ "/map.jinja" import sudoers as mapdata with context %}
{%- set map = { {%- do salt['log.debug']('### MAP.JINJA DUMP ###\n' ~ mapdata | yaml(False)) %}
'sudoers': sudoers,
} %}
{%- do salt['log.debug']('### MAP.JINJA DUMP ###\n' ~ map | yaml(False)) %}
{%- set output_file = '/tmp/salt_mapdata_dump.yaml' %} {%- set output_dir = '/temp' if grains.os_family == 'Windows' else '/tmp' %}
{%- set output_file = output_dir ~ '/salt_mapdata_dump.yaml' %}
{{ tplroot }}-mapdata-dump: {{ tplroot }}-mapdata-dump:
file.managed: file.managed:
@ -18,4 +16,4 @@
- source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja - source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja
- template: jinja - template: jinja
- context: - context:
map: {{ map | yaml }} map: {{ mapdata | yaml }}

View file

@ -1,13 +1,23 @@
# frozen_string_literal: true # frozen_string_literal: true
require 'yaml'
control '`map.jinja` YAML dump' do control '`map.jinja` YAML dump' do
title 'should contain the lines' title 'should match the comparison file'
# Strip the `platform[:finger]` version number down to the "OS major release"
mapdata_file = "_mapdata/#{system.platform[:finger].split('.').first}.yaml" mapdata_file = "_mapdata/#{system.platform[:finger].split('.').first}.yaml"
mapdata_dump = inspec.profile.file(mapdata_file)
describe file('/tmp/salt_mapdata_dump.yaml') do # Load the mapdata from profile https://docs.chef.io/inspec/profiles/#profile-files
it { should exist } mapdata_dump = YAML.safe_load(inspec.profile.file(mapdata_file))
its('content') { should eq mapdata_dump }
# Derive the location of the dumped mapdata
output_dir = platform[:family] == 'windows' ? '/temp' : '/tmp'
output_file = "#{output_dir}/salt_mapdata_dump.yaml"
describe 'File content' do
it 'should match profile map data exactly' do
expect(yaml(output_file).params).to eq(mapdata_dump)
end
end end
end end

View file

@ -1,70 +1,69 @@
# yamllint disable rule:indentation rule:line-length # yamllint disable rule:indentation rule:line-length
# Amazon Linux AMI-2018 # Amazon Linux AMI-2018
--- ---
sudoers: aliases:
aliases: commands:
commands: PROCESSES:
PROCESSES: - /usr/bin/nice
- /usr/bin/nice - /bin/kill
- /bin/kill - /usr/bin/renice
- /usr/bin/renice - /usr/bin/pkill
- /usr/bin/pkill - /usr/bin/top
- /usr/bin/top hosts:
hosts: WEBSERVERS:
WEBSERVERS: - www1
- www1 - www2
- www2 - www3
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users: users:
johndoe: ADMINS:
- ALL=(ALL) ALL - millert
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - dowdy
kitchen: - mikef
- 'ALL=(root) NOPASSWD: ALL' arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -1,70 +1,69 @@
# yamllint disable rule:indentation rule:line-length # yamllint disable rule:indentation rule:line-length
# Amazon Linux-2 # Amazon Linux-2
--- ---
sudoers: aliases:
aliases: commands:
commands: PROCESSES:
PROCESSES: - /usr/bin/nice
- /usr/bin/nice - /bin/kill
- /bin/kill - /usr/bin/renice
- /usr/bin/renice - /usr/bin/pkill
- /usr/bin/pkill - /usr/bin/top
- /usr/bin/top hosts:
hosts: WEBSERVERS:
WEBSERVERS: - www1
- www1 - www2
- www2 - www3
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users: users:
johndoe: ADMINS:
- ALL=(ALL) ALL - millert
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - dowdy
kitchen: - mikef
- 'ALL=(root) NOPASSWD: ALL' arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -1,70 +1,69 @@
# yamllint disable rule:indentation rule:line-length # yamllint disable rule:indentation rule:line-length
# Arch # Arch
--- ---
sudoers: aliases:
aliases: commands:
commands: PROCESSES:
PROCESSES: - /usr/bin/nice
- /usr/bin/nice - /bin/kill
- /bin/kill - /usr/bin/renice
- /usr/bin/renice - /usr/bin/pkill
- /usr/bin/pkill - /usr/bin/top
- /usr/bin/top hosts:
hosts: WEBSERVERS:
WEBSERVERS: - www1
- www1 - www2
- www2 - www3
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users: users:
johndoe: ADMINS:
- ALL=(ALL) ALL - millert
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - dowdy
kitchen: - mikef
- 'ALL=(root) NOPASSWD: ALL' arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -1,70 +1,69 @@
# yamllint disable rule:indentation rule:line-length # yamllint disable rule:indentation rule:line-length
# CentOS-6 # CentOS-6
--- ---
sudoers: aliases:
aliases: commands:
commands: PROCESSES:
PROCESSES: - /usr/bin/nice
- /usr/bin/nice - /bin/kill
- /bin/kill - /usr/bin/renice
- /usr/bin/renice - /usr/bin/pkill
- /usr/bin/pkill - /usr/bin/top
- /usr/bin/top hosts:
hosts: WEBSERVERS:
WEBSERVERS: - www1
- www1 - www2
- www2 - www3
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users: users:
johndoe: ADMINS:
- ALL=(ALL) ALL - millert
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - dowdy
kitchen: - mikef
- 'ALL=(root) NOPASSWD: ALL' arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -1,70 +1,69 @@
# yamllint disable rule:indentation rule:line-length # yamllint disable rule:indentation rule:line-length
# CentOS Linux-7 # CentOS Linux-7
--- ---
sudoers: aliases:
aliases: commands:
commands: PROCESSES:
PROCESSES: - /usr/bin/nice
- /usr/bin/nice - /bin/kill
- /bin/kill - /usr/bin/renice
- /usr/bin/renice - /usr/bin/pkill
- /usr/bin/pkill - /usr/bin/top
- /usr/bin/top hosts:
hosts: WEBSERVERS:
WEBSERVERS: - www1
- www1 - www2
- www2 - www3
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users: users:
johndoe: ADMINS:
- ALL=(ALL) ALL - millert
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - dowdy
kitchen: - mikef
- 'ALL=(root) NOPASSWD: ALL' arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -1,70 +1,69 @@
# yamllint disable rule:indentation rule:line-length # yamllint disable rule:indentation rule:line-length
# CentOS Linux-8 # CentOS Linux-8
--- ---
sudoers: aliases:
aliases: commands:
commands: PROCESSES:
PROCESSES: - /usr/bin/nice
- /usr/bin/nice - /bin/kill
- /bin/kill - /usr/bin/renice
- /usr/bin/renice - /usr/bin/pkill
- /usr/bin/pkill - /usr/bin/top
- /usr/bin/top hosts:
hosts: WEBSERVERS:
WEBSERVERS: - www1
- www1 - www2
- www2 - www3
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users: users:
johndoe: ADMINS:
- ALL=(ALL) ALL - millert
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - dowdy
kitchen: - mikef
- 'ALL=(root) NOPASSWD: ALL' arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -1,70 +1,69 @@
# yamllint disable rule:indentation rule:line-length # yamllint disable rule:indentation rule:line-length
# Debian-10 # Debian-10
--- ---
sudoers: aliases:
aliases: commands:
commands: PROCESSES:
PROCESSES: - /usr/bin/nice
- /usr/bin/nice - /bin/kill
- /bin/kill - /usr/bin/renice
- /usr/bin/renice - /usr/bin/pkill
- /usr/bin/pkill - /usr/bin/top
- /usr/bin/top hosts:
hosts: WEBSERVERS:
WEBSERVERS: - www1
- www1 - www2
- www2 - www3
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users: users:
johndoe: ADMINS:
- ALL=(ALL) ALL - millert
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - dowdy
kitchen: - mikef
- 'ALL=(root) NOPASSWD: ALL' arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -1,70 +1,69 @@
# yamllint disable rule:indentation rule:line-length # yamllint disable rule:indentation rule:line-length
# Debian-9 # Debian-9
--- ---
sudoers: aliases:
aliases: commands:
commands: PROCESSES:
PROCESSES: - /usr/bin/nice
- /usr/bin/nice - /bin/kill
- /bin/kill - /usr/bin/renice
- /usr/bin/renice - /usr/bin/pkill
- /usr/bin/pkill - /usr/bin/top
- /usr/bin/top hosts:
hosts: WEBSERVERS:
WEBSERVERS: - www1
- www1 - www2
- www2 - www3
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users: users:
johndoe: ADMINS:
- ALL=(ALL) ALL - millert
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - dowdy
kitchen: - mikef
- 'ALL=(root) NOPASSWD: ALL' arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -1,70 +1,69 @@
# yamllint disable rule:indentation rule:line-length # yamllint disable rule:indentation rule:line-length
# Fedora-31 # Fedora-31
--- ---
sudoers: aliases:
aliases: commands:
commands: PROCESSES:
PROCESSES: - /usr/bin/nice
- /usr/bin/nice - /bin/kill
- /bin/kill - /usr/bin/renice
- /usr/bin/renice - /usr/bin/pkill
- /usr/bin/pkill - /usr/bin/top
- /usr/bin/top hosts:
hosts: WEBSERVERS:
WEBSERVERS: - www1
- www1 - www2
- www2 - www3
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users: users:
johndoe: ADMINS:
- ALL=(ALL) ALL - millert
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - dowdy
kitchen: - mikef
- 'ALL=(root) NOPASSWD: ALL' arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -1,70 +1,69 @@
# yamllint disable rule:indentation rule:line-length # yamllint disable rule:indentation rule:line-length
# Fedora-32 # Fedora-32
--- ---
sudoers: aliases:
aliases: commands:
commands: PROCESSES:
PROCESSES: - /usr/bin/nice
- /usr/bin/nice - /bin/kill
- /bin/kill - /usr/bin/renice
- /usr/bin/renice - /usr/bin/pkill
- /usr/bin/pkill - /usr/bin/top
- /usr/bin/top hosts:
hosts: WEBSERVERS:
WEBSERVERS: - www1
- www1 - www2
- www2 - www3
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users: users:
johndoe: ADMINS:
- ALL=(ALL) ALL - millert
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - dowdy
kitchen: - mikef
- 'ALL=(root) NOPASSWD: ALL' arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -1,70 +1,69 @@
# yamllint disable rule:indentation rule:line-length # yamllint disable rule:indentation rule:line-length
# Leap-15 # Leap-15
--- ---
sudoers: aliases:
aliases: commands:
commands: PROCESSES:
PROCESSES: - /usr/bin/nice
- /usr/bin/nice - /bin/kill
- /bin/kill - /usr/bin/renice
- /usr/bin/renice - /usr/bin/pkill
- /usr/bin/pkill - /usr/bin/top
- /usr/bin/top hosts:
hosts: WEBSERVERS:
WEBSERVERS: - www1
- www1 - www2
- www2 - www3
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users: users:
johndoe: ADMINS:
- ALL=(ALL) ALL - millert
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - dowdy
kitchen: - mikef
- 'ALL=(root) NOPASSWD: ALL' arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -1,70 +1,69 @@
# yamllint disable rule:indentation rule:line-length # yamllint disable rule:indentation rule:line-length
# Ubuntu-16.04 # Ubuntu-16.04
--- ---
sudoers: aliases:
aliases: commands:
commands: PROCESSES:
PROCESSES: - /usr/bin/nice
- /usr/bin/nice - /bin/kill
- /bin/kill - /usr/bin/renice
- /usr/bin/renice - /usr/bin/pkill
- /usr/bin/pkill - /usr/bin/top
- /usr/bin/top hosts:
hosts: WEBSERVERS:
WEBSERVERS: - www1
- www1 - www2
- www2 - www3
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users: users:
johndoe: ADMINS:
- ALL=(ALL) ALL - millert
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - dowdy
kitchen: - mikef
- 'ALL=(root) NOPASSWD: ALL' arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -1,70 +1,69 @@
# yamllint disable rule:indentation rule:line-length # yamllint disable rule:indentation rule:line-length
# Ubuntu-18.04 # Ubuntu-18.04
--- ---
sudoers: aliases:
aliases: commands:
commands: PROCESSES:
PROCESSES: - /usr/bin/nice
- /usr/bin/nice - /bin/kill
- /bin/kill - /usr/bin/renice
- /usr/bin/renice - /usr/bin/pkill
- /usr/bin/pkill - /usr/bin/top
- /usr/bin/top hosts:
hosts: WEBSERVERS:
WEBSERVERS: - www1
- www1 - www2
- www2 - www3
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users: users:
johndoe: ADMINS:
- ALL=(ALL) ALL - millert
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - dowdy
kitchen: - mikef
- 'ALL=(root) NOPASSWD: ALL' arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -1,70 +1,69 @@
# yamllint disable rule:indentation rule:line-length # yamllint disable rule:indentation rule:line-length
# Ubuntu-20.04 # Ubuntu-20.04
--- ---
sudoers: aliases:
aliases: commands:
commands: PROCESSES:
PROCESSES: - /usr/bin/nice
- /usr/bin/nice - /bin/kill
- /bin/kill - /usr/bin/renice
- /usr/bin/renice - /usr/bin/pkill
- /usr/bin/pkill - /usr/bin/top
- /usr/bin/top hosts:
hosts: WEBSERVERS:
WEBSERVERS: - www1
- www1 - www2
- www2 - www3
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users: users:
johndoe: ADMINS:
- ALL=(ALL) ALL - millert
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd' - dowdy
kitchen: - mikef
- 'ALL=(root) NOPASSWD: ALL' arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
purge_includedir: false
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View file

@ -2,37 +2,20 @@
This shows the implementation of the `share` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md). This shows the implementation of the `share` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
It's goal is to share the libraries between all profiles. Its goal is to share the libraries between all profiles.
## Verify a profile ## Libraries
InSpec ships with built-in features to verify a profile structure. ### `system`
```bash The `system` library provides easy access to system dependent information:
$ inspec check share
Summary
-------
Location: share
Profile: profile
Controls: 4
Timestamp: 2019-06-24T23:09:01+00:00
Valid: true
Errors - `system.platform`: based on `inspec.platform`, modify to values that are more consistent from a SaltStack perspective
------ - `system.platform[:family]` provide a family name for Arch and Gentoo
- `system.platform[:name]` append `linux` to both `amazon` and `oracle`; ensure Windows platforms are resolved as simply `windows`
Warnings - `system.platform[:release]` tweak Arch, Amazon Linux, Gentoo and Windows:
-------- - `Arch` is always `base-latest`
``` - `Amazon Linux` release `2018` is resolved as `1`
- `Gentoo` release is trimmed to its major version number and then the init system is appended (i.e. `sysv` or `sysd`)
## Execute a profile - `Windows` uses the widely-used release number (e.g. `8.1` or `2019-server`) in place of the actual system release version
- `system.platform[:finger]` is the concatenation of the name and the major release number (except for Ubuntu, which gives `ubuntu-20.04` for example)
To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
```bash
$ inspec exec share
..
Finished in 0.0025 seconds (files took 0.12449 seconds to load)
8 examples, 0 failures
```

View file

@ -2,7 +2,7 @@
# vim: ft=yaml # vim: ft=yaml
--- ---
name: share name: share
title: sudoers formula title: InSpec shared resources
maintainer: SaltStack Formulas maintainer: SaltStack Formulas
license: Apache-2.0 license: Apache-2.0
summary: shared resources summary: shared resources
@ -15,4 +15,7 @@ supports:
- platform-name: suse - platform-name: suse
- platform-name: freebsd - platform-name: freebsd
- platform-name: amazon - platform-name: amazon
- platform-name: oracle
- platform-name: arch - platform-name: arch
- platform-name: gentoo
- platform: windows

View file

@ -27,8 +27,8 @@ class SystemResource < Inspec.resource(1)
def build_platform_family def build_platform_family
case inspec.platform[:name] case inspec.platform[:name]
when 'arch' when 'arch', 'gentoo'
'arch' inspec.platform[:name]
else else
inspec.platform[:family] inspec.platform[:family]
end end
@ -36,13 +36,16 @@ class SystemResource < Inspec.resource(1)
def build_platform_name def build_platform_name
case inspec.platform[:name] case inspec.platform[:name]
when 'amazon' when 'amazon', 'oracle'
'amazonlinux' "#{inspec.platform[:name]}linux"
when 'windows_8.1_pro', 'windows_server_2019_datacenter'
'windows'
else else
inspec.platform[:name] inspec.platform[:name]
end end
end end
# rubocop:disable Metrics/MethodLength
def build_platform_release def build_platform_release
case inspec.platform[:name] case inspec.platform[:name]
when 'amazon' when 'amazon'
@ -52,10 +55,15 @@ class SystemResource < Inspec.resource(1)
'base-latest' 'base-latest'
when 'gentoo' when 'gentoo'
"#{inspec.platform[:release].split('.')[0]}-#{derive_gentoo_init_system}" "#{inspec.platform[:release].split('.')[0]}-#{derive_gentoo_init_system}"
when 'windows_8.1_pro'
'8.1'
when 'windows_server_2019_datacenter'
'2019-server'
else else
inspec.platform[:release] inspec.platform[:release]
end end
end end
# rubocop:enable Metrics/MethodLength
def derive_gentoo_init_system def derive_gentoo_init_system
case inspec.command('systemctl').exist? case inspec.command('systemctl').exist?