-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Making sudoers for puppetrun_cmd conditional #271
Conversation
Opinions? anybody? |
I think that it's a good idea. Not sure how the exact implementation is going to look, but I was thinking about a base class ( |
Indeed, I definitely agree that the puppetrun command should only be in the sudo rules when that provider's active. Refactoring can be done separately, if needed at all. |
My updated commit does the following in Augeas:
Not sure if we should do the last |
Not an expert on augeas but can't you start with an rm for all and then add everything back? That would make it easier to extend. |
@ekohl fixing specs, than you can see the template |
Updated the change, please review. The Augeas part has been refactored so it is easier to understand (I hope) |
Please review, waiting on you guys 😉 🎐 |
I can't say too much about the augeas part, but at least in my install, the result seems correct. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes all look fine to me too, untested at the moment. Please also remove the "WIP" from the commit message & title if it's ready to be reviewed/merged.
rm spec[user = '<%= user %>'][<%=index%>]/host_group/command[position() > 1]<%# delete any other command in the rule %> | ||
<% end -%> | ||
<%- # TODO: should we delete all other rules for user?? -%> | ||
rm spec[user = '<%= user %>'][position() > <%= index %>]<%# delete any other rule for the user %> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think the templates should do this, it should probably be limited in what it manages as sudoers might be maintained by further Augeas resources - the point of this method I think is to allow the user to customise the sudoers file in addition to using this module.
Refactor augeas for sudo rules fixes #269
Removed TODO there, ready to merge @domcleal It was marked WIP due to the TODO you commented on 😉 |
Works well, thanks. Tests will currently error due to a regression in stdlib. |
merged, danke @lazyfrosch! |
Refactor augeas for sudo rules closes theforemanGH-269 closes theforemanGH-271
Not yet done, but to be the base of discussion.
It would be a good idea to only setup the sudo command if
puppetrun_provider
is actuallypuppet
. Which is not set by default.I'd like to get the opinion of the team.
intend to fix #269