Merge pull request #2 from KennethWilke/master

start of sudoers formula
This commit is contained in:
Seth House 2013-08-20 14:56:07 -07:00
commit f4346aa211
4 changed files with 109 additions and 0 deletions

28
pillar.example Normal file
View File

@ -0,0 +1,28 @@
sudoers:
users:
johndoe: 'ALL=(ALL) ALL'
groups:
sudo: 'ALL=(ALL) NOPASSWD: ALL'
defaults:
- env_reset
- mail_badpass
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
aliases:
hosts:
WEBSERVERS:
- www1
- www2
- www3
users:
ADMINS:
- millert
- dowdy
- mikef
commands:
PROCESSES:
- /usr/bin/nice
- /bin/kill
- /usr/bin/renice
- /usr/bin/pkill
- /usr/bin/top
includedir: /etc/sudoers.d

52
sudoers/files/sudoers Normal file
View File

@ -0,0 +1,52 @@
{% set sudoers = pillar.get('sudoers', {}) %}
{%- set defaults = sudoers.get('defaults', []) %}
{%- set aliases = sudoers.get('aliases', {}) %}
{%- set host_aliases = aliases.get('hosts', {}) %}
{%- set user_aliases = aliases.get('users', {}) %}
{%- set command_aliases = aliases.get('commands', {}) %}
{%- set runas_aliases = aliases.get('runas', {}) %}
{%- set users = sudoers.get('users', {}) %}
{%- set groups = sudoers.get('groups', {}) %}
{%- set includedir = sudoers.get('includedir', None) -%}
#
# This file is managed by salt
#
{% for default in defaults -%}
Defaults {{ default }}
{% endfor %}
# Host alias specification
{%- for name,hosts in host_aliases.items() %}
Host_Alias {{ name }} = {{ ",".join(hosts) }}
{%- endfor %}
# User alias specification
{%- for name,users in user_aliases.items() %}
User_Alias {{ name }} = {{ ",".join(users) }}
{%- endfor %}
# Cmnd alias specification
{%- for name,commands in command_aliases.items() %}
Cmnd_Alias {{ name }} = {{ ",".join(commands) }}
{%- endfor %}
# Runas alias specification
{%- for name,runas in runas_aliases.items() %}
Runas_Alias {{ name }} = {{ ",".join(runas) }}
{%- endfor %}
# User privilege specification
{%- for user,spec in users.items() %}
{{ user }} {{ spec }}
{%- endfor %}
# Group privilege specification
{%- for group,spec in groups.items() %}
%{{ group }} {{ spec }}
{%- endfor %}
{% if includedir %}
includedir {{ includedir }}
{% else %}
#includedir /etc/sudoers.d
{% endif %}

15
sudoers/init.sls Normal file
View File

@ -0,0 +1,15 @@
{% from "sudoers/package-map.jinja" import pkgs with context %}
sudo:
pkg.installed:
- name: {{ pkgs.sudo }}
/etc/sudoers:
file.managed:
- user: root
- group: root
- mode: 440
- template: jinja
- source: salt://sudoers/files/sudoers
- require:
- pkg: sudo

14
sudoers/package-map.jinja Normal file
View File

@ -0,0 +1,14 @@
{% set package_table = {
'Debian': {'sudo': 'sudo'},
'Ubuntu': {'sudo': 'sudo'},
'CentOS': {'sudo': 'sudo'},
'Fedora': {'sudo': 'sudo'},
'RedHat': {'sudo': 'sudo'},
'Gentoo': {'sudo': 'app-admin/sudo'}
} %}
{% if 'package_table' in pillar %}
{% set pkgs = pillar['package_table'] %}
{% elif grains['os'] in package_table %}
{% set pkgs = package_table[grains['os']] %}
{% endif %}