From 0fbaed2a6ae399827b1de6cac9fdd73b98364d5f Mon Sep 17 00:00:00 2001 From: Kenneth Wilke Date: Mon, 19 Aug 2013 17:06:34 -0500 Subject: [PATCH 1/9] starting some stuff out here --- README.rst | 2 +- pillar.example | 19 +++++++++++++++++++ sudoers/files/sudoers | 24 ++++++++++++++++++++++++ sudoers/init.sls | 10 ++++++++++ 4 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 pillar.example create mode 100644 sudoers/files/sudoers create mode 100644 sudoers/init.sls diff --git a/README.rst b/README.rst index 27d508a..2b244f5 100644 --- a/README.rst +++ b/README.rst @@ -1,7 +1,7 @@ sudoers ======= -Set up the sudoers file +Set up the sudoers file (WORK IN PROGRESS) .. note:: diff --git a/pillar.example b/pillar.example new file mode 100644 index 0000000..ca66c07 --- /dev/null +++ b/pillar.example @@ -0,0 +1,19 @@ +sudoers: + users: + # Simple user + johndoe: + - commands: + - ALL + # Defaults + janedoe: + - hosts: ALL + - runas: ALL + - commands: + - ALL + groups: + sudo: + - commands: + # Command tags + - ALL: + - NOPASSWD + #include: /etc/sudoers.d diff --git a/sudoers/files/sudoers b/sudoers/files/sudoers new file mode 100644 index 0000000..f3b3b48 --- /dev/null +++ b/sudoers/files/sudoers @@ -0,0 +1,24 @@ +{% set sudoers = pillar.get('sudoers', {}) %} +{% set users = sudoers.get('users', {} %} +{% set groups = sudoers.get('users', {} %} +{% set includedir = sudoers.get('includedir', None) %} + +# +# This file is managed by salt +# +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification + + +# Group privilege specification + +{% if includes %} +includedir {{ includedir }} +{% else %} +#includedir /etc/sudoers.d +{% endif %} diff --git a/sudoers/init.sls b/sudoers/init.sls new file mode 100644 index 0000000..75ce735 --- /dev/null +++ b/sudoers/init.sls @@ -0,0 +1,10 @@ +sudo: + pkg.installed + +/etc/sudoers: + file.managed: + - user: root + - group: root + - mode: 440 + - template: jinja + - source: salt://sudoders/files/sudoers From abd8e8c67a9f986d72e4789ca4f480aa34a6a9b9 Mon Sep 17 00:00:00 2001 From: Kenneth Wilke Date: Tue, 20 Aug 2013 12:10:47 -0500 Subject: [PATCH 2/9] sudoers_prepare test --- pillar.example | 19 +++++-------------- sudoers/files/sudoers | 6 +++--- sudoers/files/sudoers_prepare.py | 2 ++ sudoers/init.sls | 6 +++--- 4 files changed, 13 insertions(+), 20 deletions(-) create mode 100644 sudoers/files/sudoers_prepare.py diff --git a/pillar.example b/pillar.example index ca66c07..04621c4 100644 --- a/pillar.example +++ b/pillar.example @@ -2,18 +2,9 @@ sudoers: users: # Simple user johndoe: - - commands: - - ALL - # Defaults - janedoe: - - hosts: ALL - - runas: ALL - - commands: - - ALL - groups: - sudo: - - commands: - # Command tags - - ALL: - - NOPASSWD + - ALL: ALL + # List of users + janedoe,marydoe: + # Multiple hosts + - ALL: ALL #include: /etc/sudoers.d diff --git a/sudoers/files/sudoers b/sudoers/files/sudoers index f3b3b48..d5e23e6 100644 --- a/sudoers/files/sudoers +++ b/sudoers/files/sudoers @@ -1,6 +1,4 @@ {% set sudoers = pillar.get('sudoers', {}) %} -{% set users = sudoers.get('users', {} %} -{% set groups = sudoers.get('users', {} %} {% set includedir = sudoers.get('includedir', None) %} # @@ -13,7 +11,9 @@ # Cmnd alias specification # User privilege specification - +{%- for userspec in users %} +{{ userspec }} +{%- endfor %} # Group privilege specification diff --git a/sudoers/files/sudoers_prepare.py b/sudoers/files/sudoers_prepare.py new file mode 100644 index 0000000..70b6c7e --- /dev/null +++ b/sudoers/files/sudoers_prepare.py @@ -0,0 +1,2 @@ +def run(**kwargs): + print kwargs diff --git a/sudoers/init.sls b/sudoers/init.sls index 75ce735..86fd038 100644 --- a/sudoers/init.sls +++ b/sudoers/init.sls @@ -1,10 +1,10 @@ sudo: pkg.installed -/etc/sudoers: +/etc/sudoers.test: file.managed: - user: root - group: root - mode: 440 - - template: jinja - - source: salt://sudoders/files/sudoers + - template: py + - source: salt://sudoers/files/sudoers.py From c070486ddce20306f4ca086524ec84641aa3f8ee Mon Sep 17 00:00:00 2001 From: Kenneth Wilke Date: Tue, 20 Aug 2013 12:11:24 -0500 Subject: [PATCH 3/9] fixed test source --- sudoers/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sudoers/init.sls b/sudoers/init.sls index 86fd038..fbb9fdb 100644 --- a/sudoers/init.sls +++ b/sudoers/init.sls @@ -7,4 +7,4 @@ sudo: - group: root - mode: 440 - template: py - - source: salt://sudoers/files/sudoers.py + - source: salt://sudoers/files/sudoers_prepare.py From 2569c87704e876f7d4fc1a54349b5b9b43707f38 Mon Sep 17 00:00:00 2001 From: Kenneth Wilke Date: Tue, 20 Aug 2013 12:12:21 -0500 Subject: [PATCH 4/9] changed print to return in prepare run --- sudoers/files/sudoers_prepare.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sudoers/files/sudoers_prepare.py b/sudoers/files/sudoers_prepare.py index 70b6c7e..8cc975f 100644 --- a/sudoers/files/sudoers_prepare.py +++ b/sudoers/files/sudoers_prepare.py @@ -1,2 +1,2 @@ def run(**kwargs): - print kwargs + return str(kwargs) From 2983c198f78082132e65735b58459eab3578dbf3 Mon Sep 17 00:00:00 2001 From: Kenneth Wilke Date: Tue, 20 Aug 2013 12:21:46 -0500 Subject: [PATCH 5/9] pillar test --- sudoers/files/sudoers_prepare.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sudoers/files/sudoers_prepare.py b/sudoers/files/sudoers_prepare.py index 8cc975f..806d1e1 100644 --- a/sudoers/files/sudoers_prepare.py +++ b/sudoers/files/sudoers_prepare.py @@ -1,2 +1,2 @@ -def run(**kwargs): - return str(kwargs) +def run(): + return str(__pillar__) From 117cc16056e5b89376ce4c4c28717cfb127dec56 Mon Sep 17 00:00:00 2001 From: Kenneth Wilke Date: Tue, 20 Aug 2013 12:26:23 -0500 Subject: [PATCH 6/9] grains test --- sudoers/files/sudoers_prepare.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sudoers/files/sudoers_prepare.py b/sudoers/files/sudoers_prepare.py index 806d1e1..7ca0528 100644 --- a/sudoers/files/sudoers_prepare.py +++ b/sudoers/files/sudoers_prepare.py @@ -1,2 +1,4 @@ + + def run(): - return str(__pillar__) + return str(__grains__) From dc805f24d874b1906c9d23cd3c959b45bbaf02c0 Mon Sep 17 00:00:00 2001 From: Kenneth Wilke Date: Tue, 20 Aug 2013 12:28:14 -0500 Subject: [PATCH 7/9] grains test --- sudoers/files/sudoers_prepare.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sudoers/files/sudoers_prepare.py b/sudoers/files/sudoers_prepare.py index 7ca0528..0ea4c06 100644 --- a/sudoers/files/sudoers_prepare.py +++ b/sudoers/files/sudoers_prepare.py @@ -1,4 +1,4 @@ def run(): - return str(__grains__) + return str(grains.get()) From ae22c79c93e4791664852e9dfaa13632fa71b2f5 Mon Sep 17 00:00:00 2001 From: Kenneth Wilke Date: Tue, 20 Aug 2013 12:29:00 -0500 Subject: [PATCH 8/9] pillar test again --- sudoers/files/sudoers_prepare.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sudoers/files/sudoers_prepare.py b/sudoers/files/sudoers_prepare.py index 0ea4c06..18f2663 100644 --- a/sudoers/files/sudoers_prepare.py +++ b/sudoers/files/sudoers_prepare.py @@ -1,4 +1,4 @@ def run(): - return str(grains.get()) + return str(pillar.get('sudoers')) From 95d90330685497dbad62bed280389f3d8dcc37e2 Mon Sep 17 00:00:00 2001 From: Kenneth Wilke Date: Tue, 20 Aug 2013 12:37:58 -0500 Subject: [PATCH 9/9] template proxy test --- sudoers/files/sudoers | 4 +--- sudoers/files/sudoers_prepare.py | 5 +++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/sudoers/files/sudoers b/sudoers/files/sudoers index d5e23e6..ddea2af 100644 --- a/sudoers/files/sudoers +++ b/sudoers/files/sudoers @@ -11,9 +11,7 @@ # Cmnd alias specification # User privilege specification -{%- for userspec in users %} -{{ userspec }} -{%- endfor %} +{{ users }} # Group privilege specification diff --git a/sudoers/files/sudoers_prepare.py b/sudoers/files/sudoers_prepare.py index 18f2663..428bdbc 100644 --- a/sudoers/files/sudoers_prepare.py +++ b/sudoers/files/sudoers_prepare.py @@ -1,4 +1,5 @@ - +import salt.renderers.jinja as jinja def run(): - return str(pillar.get('sudoers')) + sudoers = pillar.get('sudoers', {}) + return jinja.render('sudoers/files/sudoers', users=sudoers.get('users', {}))