-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding $use_sudoers bool #321
Conversation
…not the module would manage /etc/sudoers.
…sd and the addition of use_sudoers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Default changes current behaviour, it should be enabled by default.
$use_sudoersd = true | ||
|
||
# Add contents to /etc/sudoers (true). Defaults to false. | ||
$use_sudoers = false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should default to true
, so that the current behaviour of setting $use_sudoersd to false still works as intended. A default of false will change that so it suddenly no longer adds any entry. Both should be disabled manually to get your preferred behaviour of no sudoers management.
Nitpick: delete the second blank line below here too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense to me. Pushed a new commit with those changes.
… current default behavior.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally I think the change is OK, but I'm a bit confused about the spec changes - the context changes are difficult to read.
end | ||
end | ||
|
||
context 'when puppetrun_provider == puppetrun' do | ||
context 'when use_sudoers => true' do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the same as the parent context I think? (use_sudoersd => false, but use_sudoers => true - now the default)
It's a little confusing having it twice and moving tests inside this context.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, yeah, I think I see what you're saying. It doesn't help that git diff makes this look really odd.
The general flow is:
use_sudoersd => false
use_sudoers => false
use_sudoers => true (because it use to default to false)
puppetca => false
puppetrun_cmd == "puppetrun"
I think you're saying that I shouldn't need the use_sudoers => true
context anymore, and all the tests under that context should stay put, just not be nested in the context... is that correct?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool, pushing those changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Otherwise all good.
end | ||
|
||
it "should not modify #{etc_dir}/sudoers" do | ||
should_not contain_file("#{etc_dir}/sudoers") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is an Augeas resource, not a file. The example still passes with the proposed change reverted.
It should probably be should_not contain_augeas('sudo-foreman-proxy')
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll update that, thanks.
…hich is the correct check, instead of 'contain_file'.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In general it looks correct.
# $use_sudoersd:: Add a file to /etc/sudoers.d (true). | ||
# type:Boolean | ||
# | ||
# $use_sudoers:: Add contents to /etc/sudoers (true). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe mention that this is ignored if use_sudoersd
is set to true?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will do - new commit points that out. It was already there in params.pp, so I only updated init.pp.
Thanks! |
Added new use_sudoers boolean as an additional control to whether or not the module would manage /etc/sudoers.
This change is because the "puppet" bool is used to control two different actions (configure puppet module in the smart proxy and add content to sudoers or sudoers.d) and should be separated in certain circumstances:
I created $use_sudoers (which is very similar to $use_sudoersd) to tell the module whether or not it can touch /etc/sudoers. If you set both $use_sudoersd and $use_sudoers to true, then the module should touch sudoers.d (due to the if/else statement's order). If you set them both to false, the module will leave sudoers and sudoers.d alone.
Opened a feature request about this: http://projects.theforeman.org/issues/18142