psi-jack/formula-sudoers
1
0
Fork 0
mirror of synced 2024-11-21 08:25:34 -05:00
Code Issues Releases Wiki Activity

refactor: change pillar calls

Browse source
This commit is contained in:
Eric Veiras Galisson 2020-08-24 17:26:54 +02:00
parent ee173b0041
commit d5002c3c25
18 changed files with 929 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
sudoers/defaults.yaml
View file

@ -3,3 +3,9 @@
---
sudoers:
pkg: sudo
manage_main_config: true
configpath: /etc
group: root
execprefix: /usr/sbin
includedir: /etc/sudoers.d
included_files: {}

24
sudoers/included.sls
View file

@ -1,31 +1,35 @@
{% from "sudoers/map.jinja" import sudoers with context %}
# -*- coding: utf-8 -*-
# vim: ft=sls
{#- Get the `tplroot` from `tpldir` #}
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_config_file = tplroot ~ '.config.file' %}
{%- from tplroot ~ "/map.jinja" import sudoers with context %}
include:
- sudoers
{% do sudoers.update(pillar.get('sudoers', {})) %}
{% set includedir = sudoers.get('includedir', '/etc/sudoers.d') %}
{% set included_files = sudoers.get('included_files', {}) %}
{% for included_file,spec in included_files.items() -%}
{% set included_files = sudoers.included_files %}
{% for included_file, spec in included_files.items() -%}
sudoers include {{ included_file }}:
file.managed:
{% if '/' in included_file %}
- name: {{ included_file }}
{% else %}
- name: {{ includedir }}/{{ included_file }}
- name: {{ sudoers.includedir }}/{{ included_file }}
{% endif %}
- user: root
- group: {{ sudoers.get('group', 'root') }}
- group: {{ sudoers.group }}
- mode: 440
- makedirs: True
- template: jinja
- source: salt://sudoers/files/sudoers
- check_cmd: {{ sudoers.get('execprefix', '/usr/sbin') }}/visudo -c -f
- check_cmd: {{ sudoers.execprefix }}/visudo -c -f
- context:
included: True
sudoers: {{ spec|json }}
{% if salt['pillar.get']('sudoers:manage_main_config', True) %}
{% if sudoers.manage_main_config %}
- require:
- file: {{ sudoers.get('configpath', '/etc') }}/sudoers
- file: {{ sudoers.configpath }}/sudoers
{% endif %}
{% endfor %}

18
sudoers/init.sls
View file

@ -1,19 +1,25 @@
{% from "sudoers/map.jinja" import sudoers with context %}
# -*- coding: utf-8 -*-
# vim: ft=sls
{#- Get the `tplroot` from `tpldir` #}
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_config_file = tplroot ~ '.config.file' %}
{%- from tplroot ~ "/map.jinja" import sudoers with context %}
sudo:
pkg.installed:
- name: {{ sudoers.pkg }}
{% if salt['pillar.get']('sudoers:manage_main_config', True) %}
{% if sudoers.manage_main_config %}
{{ sudoers.get('configpath', '/etc') }}/sudoers:
{{ sudoers.configpath }}/sudoers:
file.managed:
- user: root
- group: {{ sudoers.get('group', 'root') }}
- group: {{ sudoers.group }}
- mode: 440
- template: jinja
- source: salt://sudoers/files/sudoers
- check_cmd: {{ sudoers.get('execprefix', '/usr/sbin') }}/visudo -c -f
- check_cmd: {{ sudoers.execprefix }}/visudo -c -f
- context:
included: False
- require:
@ -21,7 +27,7 @@ sudo:
{% else %}
{{ sudoers.get('configpath', '/etc') }}/sudoers:
{{ sudoers.configpath }}/sudoers:
test.show_notification:
- name: Skipping management of main sudoers file
- text: Pillar manage_main_config is False

2
test/integration/default/controls/_mapdata_spec.rb
View file

@ -8,6 +8,6 @@ control '`map.jinja` YAML dump' do
describe file('/tmp/salt_mapdata_dump.yaml') do
it { should exist }
its('content') { should include mapdata_dump }
its('content') { should eq mapdata_dump }
end
end

64
test/integration/default/files/_mapdata/amazonlinux-1.yaml
View file

@ -2,4 +2,68 @@
# Amazon Linux AMI-2018
---
sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/amazonlinux-2.yaml
View file

@ -2,4 +2,68 @@
# Amazon Linux-2
---
sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/arch-base-latest.yaml
View file

@ -2,4 +2,68 @@
# Arch
---
sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/centos-6.yaml
View file

@ -2,4 +2,68 @@
# CentOS-6
---
sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/centos-7.yaml
View file

@ -2,4 +2,68 @@
# CentOS Linux-7
---
sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/centos-8.yaml
View file

@ -2,4 +2,68 @@
# CentOS Linux-8
---
sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/debian-10.yaml
View file

@ -2,4 +2,68 @@
# Debian-10
---
sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/debian-9.yaml
View file

@ -2,4 +2,68 @@
# Debian-9
---
sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/fedora-31.yaml
View file

@ -2,4 +2,68 @@
# Fedora-31
---
sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/fedora-32.yaml
View file

@ -2,4 +2,68 @@
# Fedora-32
---
sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/opensuse-15.yaml
View file

@ -2,4 +2,68 @@
# Leap-15
---
sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/ubuntu-16.yaml
View file

@ -2,4 +2,68 @@
# Ubuntu-16.04
---
sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/ubuntu-18.yaml
View file

@ -2,4 +2,68 @@
# Ubuntu-18.04
---
sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

64
test/integration/default/files/_mapdata/ubuntu-20.yaml
View file

@ -2,4 +2,68 @@
# Ubuntu-20.04
---
sudoers:
aliases:
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
arch: amd64
configpath: /etc
defaults:
command_list:
PROCESSES: noexec
generic:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
host_list:
www1: log_year, logfile=/var/log/sudo.log
runas_list:
root: '!set_logname'
user_list:
ADMINS: '!lecture'
johndoe: '!requiretty'
execprefix: /usr/sbin
group: root
groups:
sudo:
- ALL=(ALL) ALL
- 'ALL=(nodejs) NOPASSWD: ALL'
included_files:
/etc/sudoers.d/extra-file:
users:
foo:
- ALL=(ALL) ALL
extra-file-2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
extra-file-3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: true
netgroups:
sysadmins:
- ALL=(ALL) ALL
pkg: sudo
users:
johndoe:
- ALL=(ALL) ALL
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
kitchen:
- 'ALL=(root) NOPASSWD: ALL'