From 751eff7218883b18628306d1b9f9251ac4b3b361 Mon Sep 17 00:00:00 2001 From: noelmcloughlin Date: Thu, 19 Aug 2021 00:05:27 +0100 Subject: [PATCH] feat(ordering): optionally append includefiles to main config --- docs/README.rst | 2 +- pillar.example | 6 ++++++ sudoers/defaults.yaml | 1 + sudoers/included/init.sls | 5 +++++ sudoers/{included.sls => included/install.sls} | 4 ++++ test/integration/default/files/_mapdata/almalinux-8.yaml | 1 + test/integration/default/files/_mapdata/amazonlinux-1.yaml | 1 + test/integration/default/files/_mapdata/amazonlinux-2.yaml | 1 + .../default/files/_mapdata/arch-base-latest.yaml | 1 + test/integration/default/files/_mapdata/centos-6.yaml | 1 + test/integration/default/files/_mapdata/centos-7.yaml | 1 + test/integration/default/files/_mapdata/centos-8.yaml | 1 + test/integration/default/files/_mapdata/debian-10.yaml | 1 + test/integration/default/files/_mapdata/debian-11.yaml | 1 + test/integration/default/files/_mapdata/debian-9.yaml | 1 + test/integration/default/files/_mapdata/fedora-31.yaml | 1 + test/integration/default/files/_mapdata/fedora-32.yaml | 1 + test/integration/default/files/_mapdata/fedora-33.yaml | 1 + test/integration/default/files/_mapdata/fedora-34.yaml | 1 + test/integration/default/files/_mapdata/gentoo-2-sysd.yaml | 1 + test/integration/default/files/_mapdata/gentoo-2-sysv.yaml | 1 + test/integration/default/files/_mapdata/opensuse-15.yaml | 1 + .../default/files/_mapdata/opensuse-tumbleweed.yaml | 1 + test/integration/default/files/_mapdata/oraclelinux-7.yaml | 1 + test/integration/default/files/_mapdata/oraclelinux-8.yaml | 1 + test/integration/default/files/_mapdata/rockylinux-8.yaml | 1 + test/integration/default/files/_mapdata/ubuntu-16.yaml | 1 + test/integration/default/files/_mapdata/ubuntu-18.yaml | 1 + test/integration/default/files/_mapdata/ubuntu-20.yaml | 1 + 29 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 sudoers/included/init.sls rename sudoers/{included.sls => included/install.sls} (85%) diff --git a/docs/README.rst b/docs/README.rst index 8a4ade6..1496757 100644 --- a/docs/README.rst +++ b/docs/README.rst @@ -51,7 +51,7 @@ Set up the sudoers file ``sudoers.included`` ^^^^^^^^^^^^^^^^^^^^ -Set up an additional sudoers included file +Set up an additional sudoers included file. Testing diff --git a/pillar.example b/pillar.example index 966a743..45733fd 100644 --- a/pillar.example +++ b/pillar.example @@ -63,3 +63,9 @@ sudoers: netgroups: other_netgroup: - 'ALL=(ALL) ALL' + # ordering is important. The sudoers manpage says when multiple + # entries match, the last match is used. However, if we do not + # manage the main config, our included files may not match last. + # To guarantee included files match last, set 'true' below to append + # each '#include ' to sudoers file. + append_included_files_to_endof_main_config: true diff --git a/sudoers/defaults.yaml b/sudoers/defaults.yaml index 09224b0..bda5a43 100644 --- a/sudoers/defaults.yaml +++ b/sudoers/defaults.yaml @@ -10,3 +10,4 @@ sudoers: execprefix: /usr/sbin includedir: /etc/sudoers.d included_files: {} + append_included_files_to_endof_main_config: false diff --git a/sudoers/included/init.sls b/sudoers/included/init.sls new file mode 100644 index 0000000..d3e5518 --- /dev/null +++ b/sudoers/included/init.sls @@ -0,0 +1,5 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls + +include: + - .install diff --git a/sudoers/included.sls b/sudoers/included/install.sls similarity index 85% rename from sudoers/included.sls rename to sudoers/included/install.sls index 97e8215..cf5da06 100644 --- a/sudoers/included.sls +++ b/sudoers/included/install.sls @@ -40,5 +40,9 @@ sudoers include {{ included_file }}: - file: {{ sudoers.configpath }}/sudoers - require_in: - file: {{ sudoers.includedir }} + {% elif sudoers.append_included_files_to_endof_main_config %} + file.append: + - name: {{ sudoers.configpath }}/sudoers + - text: '#include {{ sudoers.configpath }}/sudoers.d/{{ included_file }}' {% endif %} {% endfor %} diff --git a/test/integration/default/files/_mapdata/almalinux-8.yaml b/test/integration/default/files/_mapdata/almalinux-8.yaml index 4c21eb8..9ad7bf1 100644 --- a/test/integration/default/files/_mapdata/almalinux-8.yaml +++ b/test/integration/default/files/_mapdata/almalinux-8.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/amazonlinux-1.yaml b/test/integration/default/files/_mapdata/amazonlinux-1.yaml index a689dc0..39d4b9e 100644 --- a/test/integration/default/files/_mapdata/amazonlinux-1.yaml +++ b/test/integration/default/files/_mapdata/amazonlinux-1.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/amazonlinux-2.yaml b/test/integration/default/files/_mapdata/amazonlinux-2.yaml index f519fc8..7a9de20 100644 --- a/test/integration/default/files/_mapdata/amazonlinux-2.yaml +++ b/test/integration/default/files/_mapdata/amazonlinux-2.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/arch-base-latest.yaml b/test/integration/default/files/_mapdata/arch-base-latest.yaml index a2a9517..ee86623 100644 --- a/test/integration/default/files/_mapdata/arch-base-latest.yaml +++ b/test/integration/default/files/_mapdata/arch-base-latest.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/centos-6.yaml b/test/integration/default/files/_mapdata/centos-6.yaml index 4238e45..218ffe3 100644 --- a/test/integration/default/files/_mapdata/centos-6.yaml +++ b/test/integration/default/files/_mapdata/centos-6.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/centos-7.yaml b/test/integration/default/files/_mapdata/centos-7.yaml index 7b86d8e..9aca1ea 100644 --- a/test/integration/default/files/_mapdata/centos-7.yaml +++ b/test/integration/default/files/_mapdata/centos-7.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/centos-8.yaml b/test/integration/default/files/_mapdata/centos-8.yaml index 9620af3..279f146 100644 --- a/test/integration/default/files/_mapdata/centos-8.yaml +++ b/test/integration/default/files/_mapdata/centos-8.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/debian-10.yaml b/test/integration/default/files/_mapdata/debian-10.yaml index 5c31c02..1190147 100644 --- a/test/integration/default/files/_mapdata/debian-10.yaml +++ b/test/integration/default/files/_mapdata/debian-10.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/debian-11.yaml b/test/integration/default/files/_mapdata/debian-11.yaml index 1010f71..3439e02 100644 --- a/test/integration/default/files/_mapdata/debian-11.yaml +++ b/test/integration/default/files/_mapdata/debian-11.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/debian-9.yaml b/test/integration/default/files/_mapdata/debian-9.yaml index 0cda77d..abd9e80 100644 --- a/test/integration/default/files/_mapdata/debian-9.yaml +++ b/test/integration/default/files/_mapdata/debian-9.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/fedora-31.yaml b/test/integration/default/files/_mapdata/fedora-31.yaml index 065c42e..72d4ace 100644 --- a/test/integration/default/files/_mapdata/fedora-31.yaml +++ b/test/integration/default/files/_mapdata/fedora-31.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/fedora-32.yaml b/test/integration/default/files/_mapdata/fedora-32.yaml index eb0444f..49e7670 100644 --- a/test/integration/default/files/_mapdata/fedora-32.yaml +++ b/test/integration/default/files/_mapdata/fedora-32.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/fedora-33.yaml b/test/integration/default/files/_mapdata/fedora-33.yaml index 6b34652..e675a7d 100644 --- a/test/integration/default/files/_mapdata/fedora-33.yaml +++ b/test/integration/default/files/_mapdata/fedora-33.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/fedora-34.yaml b/test/integration/default/files/_mapdata/fedora-34.yaml index 8a3f160..cac8f9e 100644 --- a/test/integration/default/files/_mapdata/fedora-34.yaml +++ b/test/integration/default/files/_mapdata/fedora-34.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/gentoo-2-sysd.yaml b/test/integration/default/files/_mapdata/gentoo-2-sysd.yaml index 6d64092..c9667fa 100644 --- a/test/integration/default/files/_mapdata/gentoo-2-sysd.yaml +++ b/test/integration/default/files/_mapdata/gentoo-2-sysd.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/gentoo-2-sysv.yaml b/test/integration/default/files/_mapdata/gentoo-2-sysv.yaml index 6d64092..c9667fa 100644 --- a/test/integration/default/files/_mapdata/gentoo-2-sysv.yaml +++ b/test/integration/default/files/_mapdata/gentoo-2-sysv.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/opensuse-15.yaml b/test/integration/default/files/_mapdata/opensuse-15.yaml index cea5d34..cefe024 100644 --- a/test/integration/default/files/_mapdata/opensuse-15.yaml +++ b/test/integration/default/files/_mapdata/opensuse-15.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml b/test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml index 56d4593..a6c8c6d 100644 --- a/test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml +++ b/test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/oraclelinux-7.yaml b/test/integration/default/files/_mapdata/oraclelinux-7.yaml index 30eb8fc..af582c3 100644 --- a/test/integration/default/files/_mapdata/oraclelinux-7.yaml +++ b/test/integration/default/files/_mapdata/oraclelinux-7.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/oraclelinux-8.yaml b/test/integration/default/files/_mapdata/oraclelinux-8.yaml index 44e9fbf..cd2b938 100644 --- a/test/integration/default/files/_mapdata/oraclelinux-8.yaml +++ b/test/integration/default/files/_mapdata/oraclelinux-8.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/rockylinux-8.yaml b/test/integration/default/files/_mapdata/rockylinux-8.yaml index 6743acb..edde249 100644 --- a/test/integration/default/files/_mapdata/rockylinux-8.yaml +++ b/test/integration/default/files/_mapdata/rockylinux-8.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/ubuntu-16.yaml b/test/integration/default/files/_mapdata/ubuntu-16.yaml index c845ce1..3d5f07f 100644 --- a/test/integration/default/files/_mapdata/ubuntu-16.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-16.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/ubuntu-18.yaml b/test/integration/default/files/_mapdata/ubuntu-18.yaml index a5daca6..61b0809 100644 --- a/test/integration/default/files/_mapdata/ubuntu-18.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-18.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/ubuntu-20.yaml b/test/integration/default/files/_mapdata/ubuntu-20.yaml index 57da8ab..aaa99fb 100644 --- a/test/integration/default/files/_mapdata/ubuntu-20.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-20.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: