puppet-sudo
puppet-sudo copied to clipboard
saz
Support modifying sudoers Defaults
This PR introduces a possibility to modify sudoers defaults without the need to provide whole configuration file.
However, it would be only possible to add new entries:
sudo::defaults:
mailto:
value: 'root'
would be converted to a line in /etc/sudoers
Defaults mailto=root
The sudoers syntax is fairly complex:
Default_Type ::= 'Defaults' |
'Defaults' '@' Host_List |
'Defaults' ':' User_List |
'Defaults' '!' Cmnd_List |
'Defaults' '>' Runas_List
Default_Entry ::= Default_Type Parameter_List
Parameter_List ::= Parameter |
Parameter ',' Parameter_List
Parameter ::= Parameter '=' Value |
Parameter '+=' Value |
Parameter '-=' Value |
'!'* Parameter
There's a possibility to add more complex configurations:
sudo::defaults:
mailto:
type: '@hosts_list'
operator: '+='
value: [email protected]
What a great idea. You just saved me a lot of time, too in implementing this. I'm going to play with your changes today.
Ruby 2.5 is EOL, probably could be updated to Ruby 2.6, right?
Ruby 2.5 status: eol release date: 2017-12-25 EOL date: 2021-04-05
@deric Would you be so kind as to slipstream my updates to your fork and resubmit this pull request?
@deric LGTM but I'd prefer, to have separate PRs for using hiera and the defaults part. Easier to spot any issues in each part.
@bschonec I've added your RHEL7 template modifications. @saz I understand the PR is modifying too many files. I've added a common Ruby function that formats the defaults config. Thus each OS template requires only single line change.