Add missing cookbook files
This commit is contained in:
Greg Karékinian
@@ -1,15 +0,0 @@
|
||||
<!-- This is a generated file. Please do not edit directly -->
|
||||
|
||||
# Maintainers
|
||||
|
||||
This file lists how this cookbook project is maintained. When making changes to the system, this file tells you who needs to review your patch - you need a review from an existing maintainer for the cookbook to provide a :+1: on your pull request. Additionally, you need to not receive a veto from a Lieutenant or the Project Lead.
|
||||
|
||||
Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) for details on the process and how to become a maintainer or the project lead.
|
||||
|
||||
# Project Maintainer
|
||||
* [Tim Smith](https://github.com/tas50)
|
||||
|
||||
# Maintainers
|
||||
* [Jennifer Davis](https://github.com/sigje)
|
||||
* [Tim Smith](https://github.com/tas50)
|
||||
* [Thom May](https://github.com/thommay)
|
||||
@@ -1,9 +0,0 @@
|
||||
if defined?(ChefSpec)
|
||||
def install_sudo(resource_name)
|
||||
ChefSpec::Matchers::ResourceMatcher.new(:sudo, :install, resource_name)
|
||||
end
|
||||
|
||||
def remove_sudo(resource_name)
|
||||
ChefSpec::Matchers::ResourceMatcher.new(:sudo, :remove, resource_name)
|
||||
end
|
||||
end
|
||||
@@ -1,165 +0,0 @@
|
||||
#
|
||||
# Author:: Bryan W. Berry (<bryan.berry@gmail.com>)
|
||||
# Author:: Seth Vargo (<sethvargo@gmail.com>)
|
||||
# Cookbook:: sudo
|
||||
# Provider:: default
|
||||
#
|
||||
# Copyright:: 2011-2016, Bryan w. Berry
|
||||
# Copyright:: 2012-2016, Seth Vargo
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
use_inline_resources
|
||||
|
||||
# This LWRP supports whyrun mode
|
||||
def whyrun_supported?
|
||||
true
|
||||
end
|
||||
|
||||
# Ensure that the inputs are valid (we cannot just use the resource for this)
|
||||
def check_inputs(user, group, foreign_template, _foreign_vars)
|
||||
# if group, user, and template are nil, throw an exception
|
||||
if user.nil? && group.nil? && foreign_template.nil?
|
||||
raise 'You must provide a user, group, or template!'
|
||||
elsif !user.nil? && !group.nil? && !template.nil?
|
||||
raise 'You cannot specify user, group, and template!'
|
||||
end
|
||||
end
|
||||
|
||||
# Validate the given resource (template) by writing it out to a file and then
|
||||
# ensuring that file's contents pass `visudo -c`
|
||||
def validate_fragment!(resource)
|
||||
file = Tempfile.new('sudoer')
|
||||
|
||||
begin
|
||||
file.write(capture(resource))
|
||||
file.rewind
|
||||
|
||||
cmd = Mixlib::ShellOut.new("visudo -cf #{file.path}").run_command
|
||||
unless cmd.exitstatus == 0
|
||||
Chef::Log.error("Fragment validation failed: \n\n")
|
||||
Chef::Log.error(file.read)
|
||||
Chef::Application.fatal!("Template #{file.path} failed fragment validation!")
|
||||
end
|
||||
ensure
|
||||
file.close
|
||||
file.unlink
|
||||
end
|
||||
end
|
||||
|
||||
# Render a single sudoer template. This method has two modes:
|
||||
# 1. using the :template option - the user can specify a template
|
||||
# that exists in the local cookbook for writing out the attributes
|
||||
# 2. using the built-in template (recommended) - simply pass the
|
||||
# desired variables to the method and the correct template will be
|
||||
# written out for the user
|
||||
def render_sudoer
|
||||
if new_resource.template
|
||||
Chef::Log.debug('Template attribute provided, all other attributes ignored.')
|
||||
|
||||
resource = template "#{node['authorization']['sudo']['prefix']}/sudoers.d/#{sudo_filename}" do
|
||||
source new_resource.template
|
||||
owner 'root'
|
||||
group node['root_group']
|
||||
mode '0440'
|
||||
variables new_resource.variables
|
||||
action :nothing
|
||||
end
|
||||
else
|
||||
sudoer = new_resource.user || ("%#{new_resource.group}".squeeze('%') if new_resource.group)
|
||||
|
||||
resource = template "#{node['authorization']['sudo']['prefix']}/sudoers.d/#{sudo_filename}" do
|
||||
source 'sudoer.erb'
|
||||
cookbook 'sudo'
|
||||
owner 'root'
|
||||
group node['root_group']
|
||||
mode '0440'
|
||||
variables sudoer: sudoer,
|
||||
host: new_resource.host,
|
||||
runas: new_resource.runas,
|
||||
nopasswd: new_resource.nopasswd,
|
||||
noexec: new_resource.noexec,
|
||||
commands: new_resource.commands,
|
||||
command_aliases: new_resource.command_aliases,
|
||||
defaults: new_resource.defaults,
|
||||
setenv: new_resource.setenv,
|
||||
env_keep_add: new_resource.env_keep_add,
|
||||
env_keep_subtract: new_resource.env_keep_subtract
|
||||
action :nothing
|
||||
end
|
||||
end
|
||||
|
||||
# Ensure that, adding this sudoer, would not break sudo
|
||||
validate_fragment!(resource)
|
||||
|
||||
resource.run_action(:create)
|
||||
|
||||
# Return whether the resource was updated so we can notify in the action
|
||||
resource.updated_by_last_action?
|
||||
end
|
||||
|
||||
# Default action - install a single sudoer
|
||||
action :install do
|
||||
target = "#{node['authorization']['sudo']['prefix']}/sudoers.d/"
|
||||
|
||||
package 'sudo' do
|
||||
not_if 'which sudo'
|
||||
end
|
||||
|
||||
unless ::File.exist?(target)
|
||||
sudoers_dir = directory target
|
||||
sudoers_dir.run_action(:create)
|
||||
end
|
||||
|
||||
Chef::Log.warn("#{sudo_filename} will be rendered, but will not take effect because node['authorization']['sudo']['include_sudoers_d'] is set to false!") unless node['authorization']['sudo']['include_sudoers_d']
|
||||
new_resource.updated_by_last_action(true) if render_sudoer
|
||||
end
|
||||
|
||||
# Removes a user from the sudoers group
|
||||
action :remove do
|
||||
resource = file "#{node['authorization']['sudo']['prefix']}/sudoers.d/#{sudo_filename}" do
|
||||
action :nothing
|
||||
end
|
||||
resource.run_action(:delete)
|
||||
new_resource.updated_by_last_action(true) if resource.updated_by_last_action?
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
# acording to the sudo man pages sudo will ignore files in an include dir that have a `.` or `~`
|
||||
# We convert either to `__`
|
||||
def sudo_filename
|
||||
new_resource.name.gsub(/[\.~]/, '__')
|
||||
end
|
||||
|
||||
# Capture a template to a string
|
||||
def capture(template)
|
||||
context = {}
|
||||
context.merge!(template.variables)
|
||||
context[:node] = node
|
||||
|
||||
eruby = Erubis::Eruby.new(::File.read(template_location(template)))
|
||||
eruby.evaluate(context)
|
||||
end
|
||||
|
||||
# Find the template
|
||||
def template_location(template)
|
||||
if template.local
|
||||
template.source
|
||||
else
|
||||
context = template.instance_variable_get('@run_context')
|
||||
cookbook = context.cookbook_collection[template.cookbook || template.cookbook_name]
|
||||
cookbook.preferred_filename_on_disk_location(node, :templates, template.source)
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user