psi-jack/formula-sudoers
1
0
Fork 0
mirror of synced 2024-11-22 00:35:36 -05:00
Code Issues Releases Wiki Activity

Merge pull request #65 from daks/map.jinja

Browse source 
Map.jinja refactoring
This commit is contained in:
Imran Iqbal 2020-08-26 19:22:57 +01:00 committed by GitHub
commit 6e0dc536f5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
23 changed files with 1089 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
sudoers/defaults.yaml Normal file
View file

@ -0,0 +1,11 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
sudoers:
pkg: sudo
manage_main_config: true
configpath: /etc
group: root
execprefix: /usr/sbin
includedir: /etc/sudoers.d
included_files: {}

22
sudoers/included.sls
View file

@ -1,31 +1,35 @@
{% from "sudoers/map.jinja" import sudoers with context %} # -*- coding: utf-8 -*-
# vim: ft=sls
{#- Get the `tplroot` from `tpldir` #}
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_config_file = tplroot ~ '.config.file' %}
{%- from tplroot ~ "/map.jinja" import sudoers with context %}
include: include:
- sudoers - sudoers
{% do sudoers.update(pillar.get('sudoers', {})) %} {% set included_files = sudoers.included_files %}
{% set includedir = sudoers.get('includedir', '/etc/sudoers.d') %}
{% set included_files = sudoers.get('included_files', {}) %}
{% for included_file, spec in included_files.items() -%} {% for included_file, spec in included_files.items() -%}
sudoers include {{ included_file }}: sudoers include {{ included_file }}:
file.managed: file.managed:
{% if '/' in included_file %} {% if '/' in included_file %}
- name: {{ included_file }} - name: {{ included_file }}
{% else %} {% else %}
- name: {{ includedir }}/{{ included_file }} - name: {{ sudoers.includedir }}/{{ included_file }}
{% endif %} {% endif %}
- user: root - user: root
- group: {{ sudoers.get('group', 'root') }} - group: {{ sudoers.group }}
- mode: 440 - mode: 440
- makedirs: True - makedirs: True
- template: jinja - template: jinja
- source: salt://sudoers/files/sudoers - source: salt://sudoers/files/sudoers
- check_cmd: {{ sudoers.get('execprefix', '/usr/sbin') }}/visudo -c -f - check_cmd: {{ sudoers.execprefix }}/visudo -c -f
- context: - context:
included: True included: True
sudoers: {{ spec|json }} sudoers: {{ spec|json }}
{% if salt['pillar.get']('sudoers:manage_main_config', True) %} {% if sudoers.manage_main_config %}
- require: - require:
- file: {{ sudoers.get('configpath', '/etc') }}/sudoers - file: {{ sudoers.configpath }}/sudoers
{% endif %} {% endif %}
{% endfor %} {% endfor %}

18
sudoers/init.sls
View file

@ -1,19 +1,25 @@
{% from "sudoers/map.jinja" import sudoers with context %} # -*- coding: utf-8 -*-
# vim: ft=sls
{#- Get the `tplroot` from `tpldir` #}
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_config_file = tplroot ~ '.config.file' %}
{%- from tplroot ~ "/map.jinja" import sudoers with context %}
sudo: sudo:
pkg.installed: pkg.installed:
- name: {{ sudoers.pkg }} - name: {{ sudoers.pkg }}
{% if salt['pillar.get']('sudoers:manage_main_config', True) %} {% if sudoers.manage_main_config %}
{{ sudoers.get('configpath', '/etc') }}/sudoers: {{ sudoers.configpath }}/sudoers:
file.managed: file.managed:
- user: root - user: root
- group: {{ sudoers.get('group', 'root') }} - group: {{ sudoers.group }}
- mode: 440 - mode: 440
- template: jinja - template: jinja
- source: salt://sudoers/files/sudoers - source: salt://sudoers/files/sudoers
- check_cmd: {{ sudoers.get('execprefix', '/usr/sbin') }}/visudo -c -f - check_cmd: {{ sudoers.execprefix }}/visudo -c -f
- context: - context:
included: False included: False
- require: - require:
@ -21,7 +27,7 @@ sudo:
{% else %} {% else %}
{{ sudoers.get('configpath', '/etc') }}/sudoers: {{ sudoers.configpath }}/sudoers:
test.show_notification: test.show_notification:
- name: Skipping management of main sudoers file - name: Skipping management of main sudoers file
- text: Pillar manage_main_config is False - text: Pillar manage_main_config is False

72
sudoers/map.jinja
View file

@ -1,17 +1,55 @@
{% set sudoers = salt['grains.filter_by']({ # -*- coding: utf-8 -*-
'Debian': {'pkg': 'sudo'}, # vim: ft=jinja
'Ubuntu': {'pkg': 'sudo'},
'CentOS': {'pkg': 'sudo'}, {#- Get the `tplroot` from `tpldir` #}
'Fedora': {'pkg': 'sudo'}, {%- set tplroot = tpldir.split('/')[0] %}
'RedHat': {'pkg': 'sudo'}, {#- Start imports as #}
'Amazon': {'pkg': 'sudo'}, {%- import_yaml tplroot ~ "/defaults.yaml" as default_settings %}
'Gentoo': {'pkg': 'app-admin/sudo'}, {%- import_yaml tplroot ~ "/osarchmap.yaml" as osarchmap %}
'Mint': {'pkg': 'sudo'}, {%- import_yaml tplroot ~ "/osfamilymap.yaml" as osfamilymap %}
'Arch': {'pkg': 'sudo'}, {%- import_yaml tplroot ~ "/osmap.yaml" as osmap %}
'Suse': {'pkg': 'sudo'}, {%- import_yaml tplroot ~ "/osfingermap.yaml" as osfingermap %}
'FreeBSD': {'pkg': 'sudo',
'configpath': '/usr/local/etc', {#- Retrieve the config dict only once #}
'includedir': '/usr/local/etc/sudoers.d', {%- set _config = salt['config.get'](tplroot, default={}) %}
'execprefix': '/usr/local/sbin',
'group': 'wheel'}, {%- set defaults = salt['grains.filter_by'](
}, merge=salt['pillar.get']('sudoers:lookup')) %} default_settings,
default=tplroot,
merge=salt['grains.filter_by'](
osarchmap,
grain='osarch',
merge=salt['grains.filter_by'](
osfamilymap,
grain='os_family',
merge=salt['grains.filter_by'](
osmap,
grain='os',
merge=salt['grains.filter_by'](
osfingermap,
grain='osfinger',
merge=salt['grains.filter_by'](
_config,
default='lookup'
)
)
)
)
)
)
%}
{%- set config = salt['grains.filter_by'](
{'defaults': defaults},
default='defaults',
merge=_config
)
%}
{%- set sudoers = config %}
{#- Post-processing for specific non-YAML customisations #}
{%- if grains.os == 'MacOS' %}
{%- set macos_group = salt['cmd.run']("stat -f '%Sg' /dev/console") %}
{%- do sudoers.update({'rootgroup': macos_group}) %}
{%- endif %}

35
sudoers/osarchmap.yaml Normal file
View file

@ -0,0 +1,35 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
#
# Setup variables using grains['osarch'] based logic.
# You just need to add the key:values for an `osarch` that differ
# from `defaults.yaml`.
# Only add an `osarch` which is/will be supported by the formula.
#
# If you do not need to provide defaults via the `osarch` grain,
# you will need to provide at least an empty dict in this file, e.g.
# osarch: {}
---
amd64:
arch: amd64
x86_64:
arch: amd64
386:
arch: 386
arm64:
arch: arm64
armv6l:
arch: armv6l
armv7l:
arch: armv7l
ppc64le:
arch: ppc64le
s390x:
arch: s390x

38
sudoers/osfamilymap.yaml Normal file
View file

@ -0,0 +1,38 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
#
# Setup variables using grains['os_family'] based logic.
# You just need to add the key:values for an `os_family` that differ
# from `defaults.yaml` + `osarch.yaml`.
# Only add an `os_family` which is/will be supported by the formula.
#
# If you do not need to provide defaults via the `os_family` grain,
# you will need to provide at least an empty dict in this file, e.g.
# osfamilymap: {}
---
Debian: {}
RedHat: {}
Suse: {}
Gentoo:
pkg: app-admin/sudo
Arch: {}
Alpine: {}
FreeBSD:
configpath: /usr/local/etc
includedir: /usr/local/etc/sudoers.d
execprefix: /usr/local/sbin
group: wheel
OpenBSD: {}
Solaris: {}
Windows: {}
MacOS: {}

14
sudoers/osfingermap.yaml Normal file
View file

@ -0,0 +1,14 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
#
# Setup variables using grains['osfinger'] based logic.
# You just need to add the key:values for an `osfinger` that differ
# from `defaults.yaml` + `osarch.yaml` + `os_family.yaml` + `osmap.yaml`.
# Only add an `osfinger` which is/will be supported by the formula.
#
# If you do not need to provide defaults via the `os_finger` grain,
# you will need to provide at least an empty dict in this file, e.g.
# osfingermap: {}
---
# os: Debian
osfingermap: {}

13
sudoers/osmap.yaml Normal file
View file

@ -0,0 +1,13 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
#
# Setup variables using grains['os'] based logic.
# You just need to add the key:values for an `os` that differ
# from `defaults.yaml` + `osarch.yaml` + `os_family.yaml`.
# Only add an `os` which is/will be supported by the formula.
#
# If you do not need to provide defaults via the `os` grain,
# you will need to provide at least an empty dict in this file, e.g.
# osmap: {}
---
osmap: {}

2
test/integration/default/controls/_mapdata_spec.rb
View file

@ -8,6 +8,6 @@ control '`map.jinja` YAML dump' do
describe file('/tmp/salt_mapdata_dump.yaml') do describe file('/tmp/salt_mapdata_dump.yaml') do
it { should exist } it { should exist }
its('content') { should include mapdata_dump } its('content') { should eq mapdata_dump }
end end
end end

64
test/integration/default/files/_mapdata/amazonlinux-1.yaml
View file

@ -2,4 +2,68 @@
# Amazon Linux AMI-2018 # Amazon Linux AMI-2018
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/amazonlinux-2.yaml
View file

@ -2,4 +2,68 @@
# Amazon Linux-2 # Amazon Linux-2
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/arch-base-latest.yaml
View file

@ -2,4 +2,68 @@
# Arch # Arch
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/centos-6.yaml
View file

@ -2,4 +2,68 @@
# CentOS-6 # CentOS-6
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/centos-7.yaml
View file

@ -2,4 +2,68 @@
# CentOS Linux-7 # CentOS Linux-7
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/centos-8.yaml
View file

@ -2,4 +2,68 @@
# CentOS Linux-8 # CentOS Linux-8
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/debian-10.yaml
View file

@ -2,4 +2,68 @@
# Debian-10 # Debian-10
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/debian-9.yaml
View file

@ -2,4 +2,68 @@
# Debian-9 # Debian-9
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/fedora-31.yaml
View file

@ -2,4 +2,68 @@
# Fedora-31 # Fedora-31
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/fedora-32.yaml
View file

@ -2,4 +2,68 @@
# Fedora-32 # Fedora-32
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/opensuse-15.yaml
View file

@ -2,4 +2,68 @@
# Leap-15 # Leap-15
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/ubuntu-16.yaml
View file

@ -2,4 +2,68 @@
# Ubuntu-16.04 # Ubuntu-16.04
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/ubuntu-18.yaml
View file

@ -2,4 +2,68 @@
# Ubuntu-18.04 # Ubuntu-18.04
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/ubuntu-20.yaml
View file

@ -2,4 +2,68 @@
# Ubuntu-20.04 # Ubuntu-20.04
--- ---
sudoers: sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'