psi-jack/formula-sudoers
1
0
Fork 0
mirror of synced 2024-12-21 22:21:07 -05:00
Code Issues Releases Wiki Activity

Added sudoers.included formula to manage included sudoers files

Browse source
This commit is contained in:
Carlos Perelló Marín 2014-02-09 18:32:22 +01:00
parent 9459832ed2
commit 461107d8db
5 changed files with 38 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
README.rst
View file

@ -1,7 +1,7 @@
sudoers sudoers
======= =======
Set up the sudoers file Set up sudo and the sudoers included files.
.. note:: .. note::
@ -13,3 +13,6 @@ Available states
``sudoers`` ``sudoers``
Set up the sudoers file Set up the sudoers file
``sudoers.included``
Set up an additional sudoers included file

6
pillar.example
View file

@ -26,3 +26,9 @@ sudoers:
- /usr/bin/pkill - /usr/bin/pkill
- /usr/bin/top - /usr/bin/top
includedir: /etc/sudoers.d includedir: /etc/sudoers.d
included_files:
/etc/sudoers.d/extra-file:
users:
foo: 'ALL=(ALL) ALL'
groups:
bargroup: 'ALL=(ALL) NOPASSWD: ALL'

12
sudoers/files/sudoers
View file

@ -1,4 +1,9 @@
{% set sudoers = pillar.get('sudoers', {}) %} {%- if (not included) %}
{%- set sudoers = pillar.get('sudoers', {}) %}
{%- set includedir = sudoers.get('includedir', '/etc/sudoers.d') -%}
{%- else %}
{%- set includedir = sudoers.get('includedir', None) %}
{%- endif %}
{%- set defaults = sudoers.get('defaults', []) %} {%- set defaults = sudoers.get('defaults', []) %}
{%- set aliases = sudoers.get('aliases', {}) %} {%- set aliases = sudoers.get('aliases', {}) %}
{%- set host_aliases = aliases.get('hosts', {}) %} {%- set host_aliases = aliases.get('hosts', {}) %}
@ -6,8 +11,7 @@
{%- set command_aliases = aliases.get('commands', {}) %} {%- set command_aliases = aliases.get('commands', {}) %}
{%- set runas_aliases = aliases.get('runas', {}) %} {%- set runas_aliases = aliases.get('runas', {}) %}
{%- set users = sudoers.get('users', {}) %} {%- set users = sudoers.get('users', {}) %}
{%- set groups = sudoers.get('groups', {}) %} {%- set groups = sudoers.get('groups', {}) -%}
{%- set includedir = sudoers.get('includedir', None) -%}
# #
# This file is managed by salt # This file is managed by salt
# #
@ -47,6 +51,4 @@ Runas_Alias {{ name }} = {{ ",".join(runas) }}
{% if includedir %} {% if includedir %}
#includedir {{ includedir }} #includedir {{ includedir }}
{% else %}
#includedir /etc/sudoers.d
{% endif %} {% endif %}

19
sudoers/included.sls Normal file
View file

@ -0,0 +1,19 @@
include:
- sudoers
{% set sudoers = pillar.get('sudoers', {}) %}
{% set included_files = sudoers.get('included_files', []) %}
{% for included_file,spec in included_files.items() -%}
{{ included_file }}:
file.managed:
- user: root
- group: root
- mode: 440
- template: jinja
- source: salt://sudoers/files/sudoers
- context:
included: True
sudoers: {{ spec }}
- require:
- file: /etc/sudoers
{% endfor %}

2
sudoers/init.sls
View file

@ -11,5 +11,7 @@ sudo:
- mode: 440 - mode: 440
- template: jinja - template: jinja
- source: salt://sudoers/files/sudoers - source: salt://sudoers/files/sudoers
- context:
included: False
- require: - require:
- pkg: sudo - pkg: sudo