Merge pull request #78 from noelmcloughlin/append

feat(ordering): optionally append includefiles to main config
This commit is contained in:
N 2021-08-29 00:57:26 +01:00 committed by GitHub
commit cd81da881c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
61 changed files with 961 additions and 9 deletions

View File

@ -137,19 +137,19 @@ rubocop:
# default-rockylinux-8-tiamat-py3: {extends: '.test_instance'} # default-rockylinux-8-tiamat-py3: {extends: '.test_instance'}
default-debian-11-master-py3: {extends: '.test_instance'} default-debian-11-master-py3: {extends: '.test_instance'}
default-debian-10-master-py3: {extends: '.test_instance'} default-debian-10-master-py3: {extends: '.test_instance'}
default-debian-9-master-py3: {extends: '.test_instance'} appended-debian-9-master-py3: {extends: '.test_instance'}
default-ubuntu-2004-master-py3: {extends: '.test_instance'} default-ubuntu-2004-master-py3: {extends: '.test_instance'}
default-ubuntu-1804-master-py3: {extends: '.test_instance'} default-ubuntu-1804-master-py3: {extends: '.test_instance'}
default-centos-8-master-py3: {extends: '.test_instance'} default-centos-8-master-py3: {extends: '.test_instance'}
default-centos-7-master-py3: {extends: '.test_instance'} appended-centos-7-master-py3: {extends: '.test_instance'}
default-fedora-34-master-py3: {extends: '.test_instance'} default-fedora-34-master-py3: {extends: '.test_instance'}
default-fedora-33-master-py3: {extends: '.test_instance'} default-fedora-33-master-py3: {extends: '.test_instance'}
default-opensuse-leap-153-master-py3: {extends: '.test_instance'} default-opensuse-leap-153-master-py3: {extends: '.test_instance'}
default-opensuse-leap-152-master-py3: {extends: '.test_instance'} appended-opensuse-leap-152-master-py3: {extends: '.test_instance'}
default-opensuse-tmbl-latest-master-py3: {extends: '.test_instance'} default-opensuse-tmbl-latest-master-py3: {extends: '.test_instance'}
default-amazonlinux-2-master-py3: {extends: '.test_instance'} default-amazonlinux-2-master-py3: {extends: '.test_instance'}
default-oraclelinux-8-master-py3: {extends: '.test_instance'} default-oraclelinux-8-master-py3: {extends: '.test_instance'}
default-oraclelinux-7-master-py3: {extends: '.test_instance'} appended-oraclelinux-7-master-py3: {extends: '.test_instance'}
default-arch-base-latest-master-py3: {extends: '.test_instance'} default-arch-base-latest-master-py3: {extends: '.test_instance'}
default-gentoo-stage3-latest-master-py3: {extends: '.test_instance'} default-gentoo-stage3-latest-master-py3: {extends: '.test_instance'}
default-gentoo-stage3-systemd-master-py3: {extends: '.test_instance'} default-gentoo-stage3-systemd-master-py3: {extends: '.test_instance'}

View File

@ -51,7 +51,7 @@ Set up the sudoers file
``sudoers.included`` ``sudoers.included``
^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^
Set up an additional sudoers included file Set up an additional sudoers included file.
Testing Testing

View File

@ -463,3 +463,23 @@ suites:
verifier: verifier:
inspec_tests: inspec_tests:
- path: test/integration/default - path: test/integration/default
- name: appended
provisioner:
state_top:
base:
'*':
- sudoers._mapdata
- sudoers
- sudoers.included
pillars:
top.sls:
base:
'*':
- kitchen
- sudoers
pillars_from_files:
kitchen.sls: test/salt/pillar/kitchen.sls
sudoers.sls: test/salt/pillar/appended.sls
verifier:
inspec_tests:
- path: test/integration/appended

View File

@ -63,3 +63,9 @@ sudoers:
netgroups: netgroups:
other_netgroup: other_netgroup:
- 'ALL=(ALL) ALL' - 'ALL=(ALL) ALL'
# ordering is important. The sudoers manpage says when multiple
# entries match, the last match is used. However, if we do not
# manage the main config, our included files may not match last.
# To guarantee included files match last, set 'true' below to append
# each '#include <includefile>' to sudoers file.
append_included_files_to_endof_main_config: true

View File

@ -10,3 +10,4 @@ sudoers:
execprefix: /usr/sbin execprefix: /usr/sbin
includedir: /etc/sudoers.d includedir: /etc/sudoers.d
included_files: {} included_files: {}
append_included_files_to_endof_main_config: false

View File

@ -0,0 +1,5 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
include:
- .install

View File

@ -18,13 +18,13 @@ include:
{% set included_files = sudoers.included_files %} {% set included_files = sudoers.included_files %}
{% for included_file, spec in included_files.items() -%} {% for included_file, spec in included_files.items() -%}
{%- if '/' not in included_file %}
{%- set included_file = sudoers.includedir ~ '/' ~ included_file %}
{%- endif %}
sudoers include {{ included_file }}: sudoers include {{ included_file }}:
file.managed: file.managed:
{% if '/' in included_file %}
- name: {{ included_file }} - name: {{ included_file }}
{% else %}
- name: {{ sudoers.includedir }}/{{ included_file }}
{% endif %}
- user: root - user: root
- group: {{ sudoers.group }} - group: {{ sudoers.group }}
- mode: 440 - mode: 440
@ -40,5 +40,15 @@ sudoers include {{ included_file }}:
- file: {{ sudoers.configpath }}/sudoers - file: {{ sudoers.configpath }}/sudoers
- require_in: - require_in:
- file: {{ sudoers.includedir }} - file: {{ sudoers.includedir }}
{% elif sudoers.append_included_files_to_endof_main_config %}
sudoers append {{ included_file }}:
file.append:
- name: {{ sudoers.configpath }}/sudoers
- text: '#include {{ included_file }}'
- require:
- file: sudoers include {{ included_file }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}

View File

@ -0,0 +1,50 @@
# InSpec Profile: `appended`
This shows the implementation of the `appended` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
## Verify a profile
InSpec ships with built-in features to verify a profile structure.
```bash
$ inspec check appended
Summary
-------
Location: appended
Profile: profile
Controls: 4
Timestamp: 2019-06-24T23:09:01+00:00
Valid: true
Errors
------
Warnings
--------
```
## Execute a profile
To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
```bash
$ inspec exec appended
..
Finished in 0.0025 seconds (files took 0.12449 seconds to load)
8 examples, 0 failures
```
## Execute a specific control from a profile
To run one control from the profile use `inspec exec /path/to/profile --controls name`.
```bash
$ inspec exec appended --controls package
.
Finished in 0.0025 seconds (files took 0.12449 seconds to load)
1 examples, 0 failures
```
See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb).

View File

@ -0,0 +1,47 @@
# frozen_string_literal: true
require 'yaml'
control 'sudoers._mapdata' do
title '`map.jinja` should match the reference file'
### Method
# The steps below for each file appear convoluted but they are both required
# and similar in nature:
# 1. The earliest method was to simply compare the files textually but this often
# led to false positives due to inconsistencies (e.g. spacing, ordering)
# 2. The next method was to load the files back into YAML structures and then
# compare but InSpec provided block diffs this way, unusable by end users
# 3. The final step was to dump the YAML structures back into a string to use
# for the comparison; this both worked and provided human-friendly diffs
### Comparison file for the specific platform
### Static, adjusted as part of code contributions, as map data is changed
# Strip the `platform[:finger]` version number down to the "OS major release"
platform_finger = system.platform[:finger].split('.').first.to_s
# Use that to set the path to the file (relative to the InSpec suite directory)
mapdata_file_path = "_mapdata/#{platform_finger}.yaml"
# Load the mapdata from profile, into a YAML structure
# https://docs.chef.io/inspec/profiles/#profile-files
mapdata_file_yaml = YAML.load(inspec.profile.file(mapdata_file_path))
# Dump the YAML back into a string for comparison
mapdata_file_dump = YAML.dump(mapdata_file_yaml)
### Output file produced by running the `_mapdata` state
### Dynamic, generated during Kitchen's `converge` phase
# Derive the location of the dumped mapdata (differs for Windows)
output_dir = platform[:family] == 'windows' ? '/temp' : '/tmp'
# Use that to set the path to the file (absolute path, i.e. within the container)
output_file_path = "#{output_dir}/salt_mapdata_dump.yaml"
# Load the output into a YAML structure using InSpec's `yaml` resource
# https://github.com/inspec/inspec/blob/49b7d10/lib/inspec/resources/yaml.rb#L29
output_file_yaml = yaml(output_file_path).params
# Dump the YAML back into a string for comparison
output_file_dump = YAML.dump(output_file_yaml)
describe 'File content' do
it 'should match profile map data exactly' do
expect(output_file_dump).to eq(mapdata_file_dump)
end
end
end

View File

@ -0,0 +1,38 @@
# frozen_string_literal: true
control 'Sudoers configuration' do
title 'should match desired lines'
describe file('/etc/sudoers') do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its('content') { should include '#include /etc/sudoers.d/extra-file1' }
its('content') { should include '#include /etc/sudoers.d/extra-file2' }
its('content') { should include '#include /etc/sudoers.d/extra-file3' }
end
describe file('/etc/sudoers.d/extra-file1') do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its('mode') { should cmp '0440' }
its('content') { should include 'foo ALL=(ALL) ALL' }
end
describe file('/etc/sudoers.d/extra-file2') do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its('mode') { should cmp '0440' }
its('content') { should include '%bargroup ALL=(ALL) NOPASSWD: ALL' }
end
describe file('/etc/sudoers.d/extra-file3') do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
its('mode') { should cmp '0440' }
its('content') { should include '+other_netgroup ALL=(ALL) ALL' }
end
end

View File

@ -0,0 +1,9 @@
# frozen_string_literal: true
control 'Sudo package' do
title 'should be installed'
describe package('sudo') do
it { should be_installed }
end
end

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,29 @@
# yamllint disable rule:indentation rule:line-length
# AlmaLinux-8
---
values:
append_included_files_to_endof_main_config: true
arch: amd64
configpath: /etc
execprefix: /usr/sbin
group: root
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- ALL=(ALL) ALL
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- ALL=(ALL) ALL
includedir: /etc/sudoers.d
manage_main_config: false
pkg: sudo
purge_includedir: false
users:
kitchen:
- 'ALL=(root) NOPASSWD: ALL'

View File

@ -0,0 +1,27 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
name: appended
title: sudoers formula
maintainer: SaltStack Formulas
license: Apache-2.0
summary: Verify that the sudoers formula is setup and configured correctly
depends:
- name: share
path: test/integration/share
supports:
- platform-name: debian
- platform-name: ubuntu
- platform-name: centos
- platform-name: fedora
- platform-name: opensuse
- platform-name: suse
- platform-name: freebsd
- platform-name: openbsd
- platform-name: amazon
- platform-name: oracle
- platform-name: arch
- platform-name: gentoo
- platform-name: almalinux
- platform-name: rocky
- platform: windows

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -20,6 +20,7 @@ values:
- millert - millert
- dowdy - dowdy
- mikef - mikef
append_included_files_to_endof_main_config: false
arch: amd64 arch: amd64
configpath: /etc configpath: /etc
defaults: defaults:

View File

@ -0,0 +1,19 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
sudoers:
manage_main_config: false
included_files:
/etc/sudoers.d/extra-file1:
users:
foo:
- 'ALL=(ALL) ALL'
/etc/sudoers.d/extra-file2:
groups:
bargroup:
- 'ALL=(ALL) NOPASSWD: ALL'
/etc/sudoers.d/extra-file3:
netgroups:
other_netgroup:
- 'ALL=(ALL) ALL'
append_included_files_to_endof_main_config: true