Browse files

Change manage_sudoers parameter to only exclude the /etc/sudoers.d re…

…source
  • Loading branch information...
1 parent cf86d6c commit 29b59c7657e4d3e296a4e1fe9a450db690f8d14b @domcleal domcleal committed Mar 14, 2013
Showing with 27 additions and 27 deletions.
  1. +23 −23 manifests/config.pp
  2. +1 −1 manifests/init.pp
  3. +3 −3 manifests/params.pp
View
46 manifests/config.pp
@@ -39,34 +39,34 @@
notify => Class['foreman_proxy::service'],
}
- if $foreman_proxy::manage_sudoers {
- if $foreman_proxy::use_sudoersd {
+ if $foreman_proxy::use_sudoersd {
+ if $foreman_proxy::manage_sudoersd {
file { '/etc/sudoers.d':
ensure => directory,
}
+ }
- file { '/etc/sudoers.d/foreman-proxy':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => 0440,
- content => "foreman-proxy ALL = NOPASSWD : ${foreman_proxy::puppetca_cmd} *, ${foreman_proxy::puppetrun_cmd} *
+ file { '/etc/sudoers.d/foreman-proxy':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => 0440,
+ content => "foreman-proxy ALL = NOPASSWD : ${foreman_proxy::puppetca_cmd} *, ${foreman_proxy::puppetrun_cmd} *
Defaults:foreman-proxy !requiretty\n",
- require => File['/etc/sudoers.d'],
- }
- } else {
- augeas { 'sudo-foreman-proxy':
- context => '/files/etc/sudoers',
- changes => [
- "set spec[user = '${foreman_proxy::user}']/user ${foreman_proxy::user}",
- "set spec[user = '${foreman_proxy::user}']/host_group/host ALL",
- "set spec[user = '${foreman_proxy::user}']/host_group/command[1] '${foreman_proxy::puppetca_cmd} *'",
- "set spec[user = '${foreman_proxy::user}']/host_group/command[2] '${foreman_proxy::puppetrun_cmd} *'",
- "set spec[user = '${foreman_proxy::user}']/host_group/command[1]/tag NOPASSWD",
- "set Defaults[type = ':${foreman_proxy::user}']/type :${foreman_proxy::user}",
- "set Defaults[type = ':${foreman_proxy::user}']/requiretty/negate ''",
- ],
- }
+ require => File['/etc/sudoers.d'],
+ }
+ } else {
+ augeas { 'sudo-foreman-proxy':
+ context => '/files/etc/sudoers',
+ changes => [
+ "set spec[user = '${foreman_proxy::user}']/user ${foreman_proxy::user}",
+ "set spec[user = '${foreman_proxy::user}']/host_group/host ALL",
+ "set spec[user = '${foreman_proxy::user}']/host_group/command[1] '${foreman_proxy::puppetca_cmd} *'",
+ "set spec[user = '${foreman_proxy::user}']/host_group/command[2] '${foreman_proxy::puppetrun_cmd} *'",
+ "set spec[user = '${foreman_proxy::user}']/host_group/command[1]/tag NOPASSWD",
+ "set Defaults[type = ':${foreman_proxy::user}']/type :${foreman_proxy::user}",
+ "set Defaults[type = ':${foreman_proxy::user}']/requiretty/negate ''",
+ ],
}
}
}
View
2 manifests/init.pp
@@ -10,7 +10,7 @@
$ssl_cert = $foreman_proxy::params::ssl_cert,
$ssl_key = $foreman_proxy::params::ssl_key,
$trusted_hosts = $foreman_proxy::params::trusted_hosts,
- $manage_sudoers = $foreman_proxy::params::manage_sudoers,
+ $manage_sudoersd = $foreman_proxy::params::manage_sudoersd,
$use_sudoersd = $foreman_proxy::params::use_sudoersd,
$puppetca = $foreman_proxy::params::puppetca,
$autosign_location = $foreman_proxy::params::autosign_location,
View
6 manifests/params.pp
@@ -28,9 +28,9 @@
# Only hosts listed will be permitted, empty array to disable authorization
$trusted_hosts = []
- # Whether to manage sudo rules or not. When reusing this module, this may be
- # disabled to use a dedicated sudo module instead.
- $manage_sudoers = true
+ # Whether to manage File['/etc/sudoers.d'] or not. When reusing this module, this may be
+ # disabled to let a dedicated sudo module manage it instead.
+ $manage_sudoersd = true
# Should we assume a sudoers.d dir exists ( 'false' will use augeas instead )
case $::operatingsystem {

0 comments on commit 29b59c7

Please sign in to comment.