1
0
Fork 0
mirror of synced 2024-12-21 05:31:09 -05:00

Merge pull request #66 from daks/purge-included-dir

New feature to purge included dir
This commit is contained in:
Imran Iqbal 2020-11-24 21:19:40 +00:00 committed by GitHub
commit a56d54ee1d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 36 additions and 30 deletions

View file

@ -4,6 +4,8 @@
sudoers: sudoers:
# By default the main sudoers file is managed by this formula (False to skip) # By default the main sudoers file is managed by this formula (False to skip)
manage_main_config: true manage_main_config: true
# By default the included directory is not purged from unwanted files
purge_includedir: false
users: users:
johndoe: johndoe:
- 'ALL=(ALL) ALL' - 'ALL=(ALL) ALL'

View file

@ -4,6 +4,7 @@
sudoers: sudoers:
pkg: sudo pkg: sudo
manage_main_config: true manage_main_config: true
purge_includedir: false
configpath: /etc configpath: /etc
group: root group: root
execprefix: /usr/sbin execprefix: /usr/sbin

View file

@ -9,6 +9,13 @@
include: include:
- sudoers - sudoers
{{ sudoers.includedir }}:
file.directory:
- user: root
- group: {{ sudoers.group }}
- mode: 440
- clean: {{ sudoers.purge_includedir }}
{% set included_files = sudoers.included_files %} {% set included_files = sudoers.included_files %}
{% for included_file, spec in included_files.items() -%} {% for included_file, spec in included_files.items() -%}
sudoers include {{ included_file }}: sudoers include {{ included_file }}:

View file

@ -61,6 +61,7 @@ sudoers:
sysadmins: sysadmins:
- ALL=(ALL) ALL - ALL=(ALL) ALL
pkg: sudo pkg: sudo
purge_includedir: false
users: users:
johndoe: johndoe:
- ALL=(ALL) ALL - ALL=(ALL) ALL

View file

@ -61,6 +61,7 @@ sudoers:
sysadmins: sysadmins:
- ALL=(ALL) ALL - ALL=(ALL) ALL
pkg: sudo pkg: sudo
purge_includedir: false
users: users:
johndoe: johndoe:
- ALL=(ALL) ALL - ALL=(ALL) ALL

View file

@ -61,6 +61,7 @@ sudoers:
sysadmins: sysadmins:
- ALL=(ALL) ALL - ALL=(ALL) ALL
pkg: sudo pkg: sudo
purge_includedir: false
users: users:
johndoe: johndoe:
- ALL=(ALL) ALL - ALL=(ALL) ALL

View file

@ -61,6 +61,7 @@ sudoers:
sysadmins: sysadmins:
- ALL=(ALL) ALL - ALL=(ALL) ALL
pkg: sudo pkg: sudo
purge_includedir: false
users: users:
johndoe: johndoe:
- ALL=(ALL) ALL - ALL=(ALL) ALL

View file

@ -61,6 +61,7 @@ sudoers:
sysadmins: sysadmins:
- ALL=(ALL) ALL - ALL=(ALL) ALL
pkg: sudo pkg: sudo
purge_includedir: false
users: users:
johndoe: johndoe:
- ALL=(ALL) ALL - ALL=(ALL) ALL

View file

@ -61,6 +61,7 @@ sudoers:
sysadmins: sysadmins:
- ALL=(ALL) ALL - ALL=(ALL) ALL
pkg: sudo pkg: sudo
purge_includedir: false
users: users:
johndoe: johndoe:
- ALL=(ALL) ALL - ALL=(ALL) ALL

View file

@ -61,6 +61,7 @@ sudoers:
sysadmins: sysadmins:
- ALL=(ALL) ALL - ALL=(ALL) ALL
pkg: sudo pkg: sudo
purge_includedir: false
users: users:
johndoe: johndoe:
- ALL=(ALL) ALL - ALL=(ALL) ALL

View file

@ -61,6 +61,7 @@ sudoers:
sysadmins: sysadmins:
- ALL=(ALL) ALL - ALL=(ALL) ALL
pkg: sudo pkg: sudo
purge_includedir: false
users: users:
johndoe: johndoe:
- ALL=(ALL) ALL - ALL=(ALL) ALL

View file

@ -61,6 +61,7 @@ sudoers:
sysadmins: sysadmins:
- ALL=(ALL) ALL - ALL=(ALL) ALL
pkg: sudo pkg: sudo
purge_includedir: false
users: users:
johndoe: johndoe:
- ALL=(ALL) ALL - ALL=(ALL) ALL

View file

@ -61,6 +61,7 @@ sudoers:
sysadmins: sysadmins:
- ALL=(ALL) ALL - ALL=(ALL) ALL
pkg: sudo pkg: sudo
purge_includedir: false
users: users:
johndoe: johndoe:
- ALL=(ALL) ALL - ALL=(ALL) ALL

View file

@ -61,6 +61,7 @@ sudoers:
sysadmins: sysadmins:
- ALL=(ALL) ALL - ALL=(ALL) ALL
pkg: sudo pkg: sudo
purge_includedir: false
users: users:
johndoe: johndoe:
- ALL=(ALL) ALL - ALL=(ALL) ALL

View file

@ -61,6 +61,7 @@ sudoers:
sysadmins: sysadmins:
- ALL=(ALL) ALL - ALL=(ALL) ALL
pkg: sudo pkg: sudo
purge_includedir: false
users: users:
johndoe: johndoe:
- ALL=(ALL) ALL - ALL=(ALL) ALL

View file

@ -61,6 +61,7 @@ sudoers:
sysadmins: sysadmins:
- ALL=(ALL) ALL - ALL=(ALL) ALL
pkg: sudo pkg: sudo
purge_includedir: false
users: users:
johndoe: johndoe:
- ALL=(ALL) ALL - ALL=(ALL) ALL

View file

@ -61,6 +61,7 @@ sudoers:
sysadmins: sysadmins:
- ALL=(ALL) ALL - ALL=(ALL) ALL
pkg: sudo pkg: sudo
purge_includedir: false
users: users:
johndoe: johndoe:
- ALL=(ALL) ALL - ALL=(ALL) ALL

View file

@ -4,47 +4,18 @@
# Author: Daniel Dehennin <daniel.dehennin@ac-dijon.fr> # Author: Daniel Dehennin <daniel.dehennin@ac-dijon.fr>
# Copyright (C) 2020 Daniel Dehennin <daniel.dehennin@ac-dijon.fr> # Copyright (C) 2020 Daniel Dehennin <daniel.dehennin@ac-dijon.fr>
HOSTNAME_CMDS = %w[hostname hostnamectl].freeze
HOSTNAME_CMDS_OPT = {
'hostname' => '-s',
'hostnamectl' => '--static'
}.freeze
class SystemResource < Inspec.resource(1) class SystemResource < Inspec.resource(1)
name 'system' name 'system'
attr_reader :platform attr_reader :platform
attr_reader :hostname
def initialize def initialize
super
@platform = build_platform @platform = build_platform
@hostname = found_hostname
end end
private private
def found_hostname
cmd = guess_hostname_cmd
unless cmd.exit_status.zero?
raise Inspec::Exceptions::ResourceSkipped,
"Error running '#{cmd}': #{cmd.stderr}"
end
cmd.stdout.chomp
end
def guess_hostname_cmd
HOSTNAME_CMDS.each do |cmd|
if inspec.command(cmd).exist?
return inspec.command("#{cmd} #{HOSTNAME_CMDS_OPT[cmd]}")
end
end
raise Inspec::Exceptions::ResourceSkipped,
"Error: #{@platform[:finger]}} has none of #{HOSTNAME_CMDS.join(', ')}"
end
def build_platform def build_platform
{ {
family: build_platform_family, family: build_platform_family,
@ -79,11 +50,22 @@ class SystemResource < Inspec.resource(1)
inspec.platform[:release].gsub(/2018.*/, '1') inspec.platform[:release].gsub(/2018.*/, '1')
when 'arch' when 'arch'
'base-latest' 'base-latest'
when 'gentoo'
"#{inspec.platform[:release].split('.')[0]}-#{derive_gentoo_init_system}"
else else
inspec.platform[:release] inspec.platform[:release]
end end
end end
def derive_gentoo_init_system
case inspec.command('systemctl').exist?
when true
'sysd'
else
'sysv'
end
end
def build_platform_finger def build_platform_finger
"#{build_platform_name}-#{build_finger_release}" "#{build_platform_name}-#{build_finger_release}"
end end