diff --git a/sudoers/defaults.yaml b/sudoers/defaults.yaml index e26a286..6115c5b 100644 --- a/sudoers/defaults.yaml +++ b/sudoers/defaults.yaml @@ -3,3 +3,9 @@ --- sudoers: pkg: sudo + manage_main_config: true + configpath: /etc + group: root + execprefix: /usr/sbin + includedir: /etc/sudoers.d + included_files: {} diff --git a/sudoers/included.sls b/sudoers/included.sls index c9df483..1b6490c 100644 --- a/sudoers/included.sls +++ b/sudoers/included.sls @@ -1,31 +1,35 @@ -{% from "sudoers/map.jinja" import sudoers with context %} +# -*- coding: utf-8 -*- +# vim: ft=sls + +{#- Get the `tplroot` from `tpldir` #} +{%- set tplroot = tpldir.split('/')[0] %} +{%- set sls_config_file = tplroot ~ '.config.file' %} +{%- from tplroot ~ "/map.jinja" import sudoers with context %} include: - sudoers -{% do sudoers.update(pillar.get('sudoers', {})) %} -{% set includedir = sudoers.get('includedir', '/etc/sudoers.d') %} -{% set included_files = sudoers.get('included_files', {}) %} -{% for included_file,spec in included_files.items() -%} +{% set included_files = sudoers.included_files %} +{% for included_file, spec in included_files.items() -%} sudoers include {{ included_file }}: file.managed: {% if '/' in included_file %} - name: {{ included_file }} {% else %} - - name: {{ includedir }}/{{ included_file }} + - name: {{ sudoers.includedir }}/{{ included_file }} {% endif %} - user: root - - group: {{ sudoers.get('group', 'root') }} + - group: {{ sudoers.group }} - mode: 440 - makedirs: True - template: jinja - source: salt://sudoers/files/sudoers - - check_cmd: {{ sudoers.get('execprefix', '/usr/sbin') }}/visudo -c -f + - check_cmd: {{ sudoers.execprefix }}/visudo -c -f - context: included: True sudoers: {{ spec|json }} - {% if salt['pillar.get']('sudoers:manage_main_config', True) %} + {% if sudoers.manage_main_config %} - require: - - file: {{ sudoers.get('configpath', '/etc') }}/sudoers + - file: {{ sudoers.configpath }}/sudoers {% endif %} {% endfor %} diff --git a/sudoers/init.sls b/sudoers/init.sls index 0a964f0..362b3e8 100644 --- a/sudoers/init.sls +++ b/sudoers/init.sls @@ -1,19 +1,25 @@ -{% from "sudoers/map.jinja" import sudoers with context %} +# -*- coding: utf-8 -*- +# vim: ft=sls + +{#- Get the `tplroot` from `tpldir` #} +{%- set tplroot = tpldir.split('/')[0] %} +{%- set sls_config_file = tplroot ~ '.config.file' %} +{%- from tplroot ~ "/map.jinja" import sudoers with context %} sudo: pkg.installed: - name: {{ sudoers.pkg }} -{% if salt['pillar.get']('sudoers:manage_main_config', True) %} +{% if sudoers.manage_main_config %} -{{ sudoers.get('configpath', '/etc') }}/sudoers: +{{ sudoers.configpath }}/sudoers: file.managed: - user: root - - group: {{ sudoers.get('group', 'root') }} + - group: {{ sudoers.group }} - mode: 440 - template: jinja - source: salt://sudoers/files/sudoers - - check_cmd: {{ sudoers.get('execprefix', '/usr/sbin') }}/visudo -c -f + - check_cmd: {{ sudoers.execprefix }}/visudo -c -f - context: included: False - require: @@ -21,7 +27,7 @@ sudo: {% else %} -{{ sudoers.get('configpath', '/etc') }}/sudoers: +{{ sudoers.configpath }}/sudoers: test.show_notification: - name: Skipping management of main sudoers file - text: Pillar manage_main_config is False diff --git a/test/integration/default/controls/_mapdata_spec.rb b/test/integration/default/controls/_mapdata_spec.rb index bd3e990..7e49d30 100644 --- a/test/integration/default/controls/_mapdata_spec.rb +++ b/test/integration/default/controls/_mapdata_spec.rb @@ -8,6 +8,6 @@ control '`map.jinja` YAML dump' do describe file('/tmp/salt_mapdata_dump.yaml') do it { should exist } - its('content') { should include mapdata_dump } + its('content') { should eq mapdata_dump } end end diff --git a/test/integration/default/files/_mapdata/amazonlinux-1.yaml b/test/integration/default/files/_mapdata/amazonlinux-1.yaml index 07b23f8..edef984 100644 --- a/test/integration/default/files/_mapdata/amazonlinux-1.yaml +++ b/test/integration/default/files/_mapdata/amazonlinux-1.yaml @@ -2,4 +2,68 @@ # Amazon Linux AMI-2018 --- sudoers: + aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 + users: + ADMINS: + - millert + - dowdy + - mikef + arch: amd64 + configpath: /etc + defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' + execprefix: /usr/sbin + group: root + groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' + included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: true + netgroups: + sysadmins: + - ALL=(ALL) ALL pkg: sudo + users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/amazonlinux-2.yaml b/test/integration/default/files/_mapdata/amazonlinux-2.yaml index e42b341..5852272 100644 --- a/test/integration/default/files/_mapdata/amazonlinux-2.yaml +++ b/test/integration/default/files/_mapdata/amazonlinux-2.yaml @@ -2,4 +2,68 @@ # Amazon Linux-2 --- sudoers: + aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 + users: + ADMINS: + - millert + - dowdy + - mikef + arch: amd64 + configpath: /etc + defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' + execprefix: /usr/sbin + group: root + groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' + included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: true + netgroups: + sysadmins: + - ALL=(ALL) ALL pkg: sudo + users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/arch-base-latest.yaml b/test/integration/default/files/_mapdata/arch-base-latest.yaml index c9dbfc3..035e66a 100644 --- a/test/integration/default/files/_mapdata/arch-base-latest.yaml +++ b/test/integration/default/files/_mapdata/arch-base-latest.yaml @@ -2,4 +2,68 @@ # Arch --- sudoers: + aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 + users: + ADMINS: + - millert + - dowdy + - mikef + arch: amd64 + configpath: /etc + defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' + execprefix: /usr/sbin + group: root + groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' + included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: true + netgroups: + sysadmins: + - ALL=(ALL) ALL pkg: sudo + users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/centos-6.yaml b/test/integration/default/files/_mapdata/centos-6.yaml index 9f1a778..24115e8 100644 --- a/test/integration/default/files/_mapdata/centos-6.yaml +++ b/test/integration/default/files/_mapdata/centos-6.yaml @@ -2,4 +2,68 @@ # CentOS-6 --- sudoers: + aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 + users: + ADMINS: + - millert + - dowdy + - mikef + arch: amd64 + configpath: /etc + defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' + execprefix: /usr/sbin + group: root + groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' + included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: true + netgroups: + sysadmins: + - ALL=(ALL) ALL pkg: sudo + users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/centos-7.yaml b/test/integration/default/files/_mapdata/centos-7.yaml index db20b1d..3ff7930 100644 --- a/test/integration/default/files/_mapdata/centos-7.yaml +++ b/test/integration/default/files/_mapdata/centos-7.yaml @@ -2,4 +2,68 @@ # CentOS Linux-7 --- sudoers: + aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 + users: + ADMINS: + - millert + - dowdy + - mikef + arch: amd64 + configpath: /etc + defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' + execprefix: /usr/sbin + group: root + groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' + included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: true + netgroups: + sysadmins: + - ALL=(ALL) ALL pkg: sudo + users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/centos-8.yaml b/test/integration/default/files/_mapdata/centos-8.yaml index 3093f8c..e3e1d7e 100644 --- a/test/integration/default/files/_mapdata/centos-8.yaml +++ b/test/integration/default/files/_mapdata/centos-8.yaml @@ -2,4 +2,68 @@ # CentOS Linux-8 --- sudoers: + aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 + users: + ADMINS: + - millert + - dowdy + - mikef + arch: amd64 + configpath: /etc + defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' + execprefix: /usr/sbin + group: root + groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' + included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: true + netgroups: + sysadmins: + - ALL=(ALL) ALL pkg: sudo + users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/debian-10.yaml b/test/integration/default/files/_mapdata/debian-10.yaml index f8357d5..a20a280 100644 --- a/test/integration/default/files/_mapdata/debian-10.yaml +++ b/test/integration/default/files/_mapdata/debian-10.yaml @@ -2,4 +2,68 @@ # Debian-10 --- sudoers: + aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 + users: + ADMINS: + - millert + - dowdy + - mikef + arch: amd64 + configpath: /etc + defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' + execprefix: /usr/sbin + group: root + groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' + included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: true + netgroups: + sysadmins: + - ALL=(ALL) ALL pkg: sudo + users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/debian-9.yaml b/test/integration/default/files/_mapdata/debian-9.yaml index f280c9f..0eb7db2 100644 --- a/test/integration/default/files/_mapdata/debian-9.yaml +++ b/test/integration/default/files/_mapdata/debian-9.yaml @@ -2,4 +2,68 @@ # Debian-9 --- sudoers: + aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 + users: + ADMINS: + - millert + - dowdy + - mikef + arch: amd64 + configpath: /etc + defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' + execprefix: /usr/sbin + group: root + groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' + included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: true + netgroups: + sysadmins: + - ALL=(ALL) ALL pkg: sudo + users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/fedora-31.yaml b/test/integration/default/files/_mapdata/fedora-31.yaml index 1aaf4af..22fb5b5 100644 --- a/test/integration/default/files/_mapdata/fedora-31.yaml +++ b/test/integration/default/files/_mapdata/fedora-31.yaml @@ -2,4 +2,68 @@ # Fedora-31 --- sudoers: + aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 + users: + ADMINS: + - millert + - dowdy + - mikef + arch: amd64 + configpath: /etc + defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' + execprefix: /usr/sbin + group: root + groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' + included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: true + netgroups: + sysadmins: + - ALL=(ALL) ALL pkg: sudo + users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/fedora-32.yaml b/test/integration/default/files/_mapdata/fedora-32.yaml index 671d375..04d31e3 100644 --- a/test/integration/default/files/_mapdata/fedora-32.yaml +++ b/test/integration/default/files/_mapdata/fedora-32.yaml @@ -2,4 +2,68 @@ # Fedora-32 --- sudoers: + aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 + users: + ADMINS: + - millert + - dowdy + - mikef + arch: amd64 + configpath: /etc + defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' + execprefix: /usr/sbin + group: root + groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' + included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: true + netgroups: + sysadmins: + - ALL=(ALL) ALL pkg: sudo + users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/opensuse-15.yaml b/test/integration/default/files/_mapdata/opensuse-15.yaml index 611c6ef..f2cbe4f 100644 --- a/test/integration/default/files/_mapdata/opensuse-15.yaml +++ b/test/integration/default/files/_mapdata/opensuse-15.yaml @@ -2,4 +2,68 @@ # Leap-15 --- sudoers: + aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 + users: + ADMINS: + - millert + - dowdy + - mikef + arch: amd64 + configpath: /etc + defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' + execprefix: /usr/sbin + group: root + groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' + included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: true + netgroups: + sysadmins: + - ALL=(ALL) ALL pkg: sudo + users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/ubuntu-16.yaml b/test/integration/default/files/_mapdata/ubuntu-16.yaml index 4f1629b..53e020c 100644 --- a/test/integration/default/files/_mapdata/ubuntu-16.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-16.yaml @@ -2,4 +2,68 @@ # Ubuntu-16.04 --- sudoers: + aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 + users: + ADMINS: + - millert + - dowdy + - mikef + arch: amd64 + configpath: /etc + defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' + execprefix: /usr/sbin + group: root + groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' + included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: true + netgroups: + sysadmins: + - ALL=(ALL) ALL pkg: sudo + users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/ubuntu-18.yaml b/test/integration/default/files/_mapdata/ubuntu-18.yaml index 2b9d0d4..ddc1737 100644 --- a/test/integration/default/files/_mapdata/ubuntu-18.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-18.yaml @@ -2,4 +2,68 @@ # Ubuntu-18.04 --- sudoers: + aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 + users: + ADMINS: + - millert + - dowdy + - mikef + arch: amd64 + configpath: /etc + defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' + execprefix: /usr/sbin + group: root + groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' + included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: true + netgroups: + sysadmins: + - ALL=(ALL) ALL pkg: sudo + users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/default/files/_mapdata/ubuntu-20.yaml b/test/integration/default/files/_mapdata/ubuntu-20.yaml index c961135..aad863a 100644 --- a/test/integration/default/files/_mapdata/ubuntu-20.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-20.yaml @@ -2,4 +2,68 @@ # Ubuntu-20.04 --- sudoers: + aliases: + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 + users: + ADMINS: + - millert + - dowdy + - mikef + arch: amd64 + configpath: /etc + defaults: + command_list: + PROCESSES: noexec + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_list: + www1: log_year, logfile=/var/log/sudo.log + runas_list: + root: '!set_logname' + user_list: + ADMINS: '!lecture' + johndoe: '!requiretty' + execprefix: /usr/sbin + group: root + groups: + sudo: + - ALL=(ALL) ALL + - 'ALL=(nodejs) NOPASSWD: ALL' + included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - ALL=(ALL) ALL + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: true + netgroups: + sysadmins: + - ALL=(ALL) ALL pkg: sudo + users: + johndoe: + - ALL=(ALL) ALL + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + kitchen: + - 'ALL=(root) NOPASSWD: ALL'