Linux-Help
/
formula-sudoers
mirror of
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #4 from carlosperello/master 

Added support for managing included files
This commit is contained in:
Joseph Hall 2014-02-16 06:26:40 -07:00
parent 9459832ed2 1eb65dec29
commit 66ff6d8fee
7 changed files with 66 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
AUTHORS Normal file
View File

@ -0,0 +1,2 @@
Kenneth Wilke <kenneth.wilke@rackspace.com>
Carlos Perelló Marín <carlos@pemas.net>

22
LICENSE
View File

@ -1,15 +1,13 @@
epel Copyright (c) 2013-2014 Salt Stack Formulas
====
Install the EPEL RPM and GPG key on RHEL 5/6 or CentOS 5/6. Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.. note:: http://www.apache.org/licenses/LICENSE-2.0
See the full `Salt Formulas installation and usage instructions Unless required by applicable law or agreed to in writing, software
<http://docs.saltstack.com/topics/conventions/formulas.html>`_. distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Available states See the License for the specific language governing permissions and
---------------- limitations under the License.
``epel``
Installs the GPG key and EPEL RPM package for the current OS.

5
README.rst
View File

@ -1,7 +1,7 @@
sudoers sudoers
======= =======
Set up the sudoers file Set up sudo and the sudoers included files.
.. note:: .. note::
@ -13,3 +13,6 @@ Available states
``sudoers`` ``sudoers``
Set up the sudoers file Set up the sudoers file
``sudoers.included``
Set up an additional sudoers included file

6
pillar.example
View File

@ -26,3 +26,9 @@ sudoers:
- /usr/bin/pkill - /usr/bin/pkill
- /usr/bin/top - /usr/bin/top
includedir: /etc/sudoers.d includedir: /etc/sudoers.d
included_files:
/etc/sudoers.d/extra-file:
users:
foo: 'ALL=(ALL) ALL'
groups:
bargroup: 'ALL=(ALL) NOPASSWD: ALL'

31
sudoers/files/sudoers
View File

@ -1,13 +1,30 @@
{% set sudoers = pillar.get('sudoers', {}) %} {%- if (not included) %}
{%- set defaults = sudoers.get('defaults', []) %} {%- set sudoers = pillar.get('sudoers', {}) %}
{%- if grains['os_family'] == 'Debian' %}
{%- set defaults = sudoers.get('defaults', [
'env_reset',
'mail_badpass',
'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
]) %}
{%- set users = sudoers.get('users', {'root': 'ALL=(ALL:ALL) ALL'}) %}
{%- set groups = sudoers.get('groups', {'sudo': 'ALL=(ALL:ALL) ALL'}) %}
{%- else %}
{%- set defaults = sudoers.get('defaults', []) %}
{%- set users = sudoers.get('users', {}) %}
{%- set groups = sudoers.get('groups', {}) %}
{%- endif %}
{%- set includedir = sudoers.get('includedir', '/etc/sudoers.d') -%}
{%- else %}
{%- set defaults = sudoers.get('defaults', []) %}
{%- set users = sudoers.get('users', {}) %}
{%- set groups = sudoers.get('groups', {}) %}
{%- set includedir = sudoers.get('includedir', None) %}
{%- endif %}
{%- set aliases = sudoers.get('aliases', {}) %} {%- set aliases = sudoers.get('aliases', {}) %}
{%- set host_aliases = aliases.get('hosts', {}) %} {%- set host_aliases = aliases.get('hosts', {}) %}
{%- set user_aliases = aliases.get('users', {}) %} {%- set user_aliases = aliases.get('users', {}) %}
{%- set command_aliases = aliases.get('commands', {}) %} {%- set command_aliases = aliases.get('commands', {}) %}
{%- set runas_aliases = aliases.get('runas', {}) %} {%- set runas_aliases = aliases.get('runas', {}) -%}
{%- set users = sudoers.get('users', {}) %}
{%- set groups = sudoers.get('groups', {}) %}
{%- set includedir = sudoers.get('includedir', None) -%}
# #
# This file is managed by salt # This file is managed by salt
# #
@ -47,6 +64,4 @@ Runas_Alias {{ name }} = {{ ",".join(runas) }}
{% if includedir %} {% if includedir %}
#includedir {{ includedir }} #includedir {{ includedir }}
{% else %}
#includedir /etc/sudoers.d
{% endif %} {% endif %}

19
sudoers/included.sls Normal file
View File

@ -0,0 +1,19 @@
include:
- sudoers
{% set sudoers = pillar.get('sudoers', {}) %}
{% set included_files = sudoers.get('included_files', []) %}
{% for included_file,spec in included_files.items() -%}
{{ included_file }}:
file.managed:
- user: root
- group: root
- mode: 440
- template: jinja
- source: salt://sudoers/files/sudoers
- context:
included: True
sudoers: {{ spec }}
- require:
- file: /etc/sudoers
{% endfor %}

2
sudoers/init.sls
View File

@ -11,5 +11,7 @@ sudo:
- mode: 440 - mode: 440
- template: jinja - template: jinja
- source: salt://sudoers/files/sudoers - source: salt://sudoers/files/sudoers
- context:
included: False
- require: - require:
- pkg: sudo - pkg: sudo