refactor: change pillar calls

saltstack-formulas · Aug 26, 2020 · d5002c3 · d5002c3
1 parent ee173b0
commit d5002c3
Show file tree

Hide file tree

Showing 18 changed files with 929 additions and 17 deletions.
diff --git a/sudoers/defaults.yaml b/sudoers/defaults.yaml
@@ -3,3 +3,9 @@
 ---
 sudoers:
   pkg: sudo
+  manage_main_config: true
+  configpath: /etc
+  group: root
+  execprefix: /usr/sbin
+  includedir: /etc/sudoers.d
+  included_files: {}
diff --git a/sudoers/included.sls b/sudoers/included.sls
@@ -1,31 +1,35 @@
-{% from "sudoers/map.jinja" import sudoers with context %}
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- set sls_config_file = tplroot ~ '.config.file' %}
+{%- from tplroot ~ "/map.jinja" import sudoers with context %}
 
 include:
   - sudoers
 
-{% do sudoers.update(pillar.get('sudoers', {})) %}
-{% set includedir = sudoers.get('includedir', '/etc/sudoers.d') %}
-{% set included_files = sudoers.get('included_files', {}) %}
-{% for included_file,spec in included_files.items() -%}
+{% set included_files = sudoers.included_files %}
+{% for included_file, spec in included_files.items() -%}
 sudoers include {{ included_file }}:
   file.managed:
     {% if '/' in included_file %}
     - name: {{ included_file }}
     {% else %}
-    - name: {{ includedir }}/{{ included_file }}
+    - name: {{ sudoers.includedir }}/{{ included_file }}
     {% endif %}
     - user: root
-    - group: {{ sudoers.get('group', 'root') }}
+    - group: {{ sudoers.group }}
     - mode: 440
     - makedirs: True
     - template: jinja
     - source: salt://sudoers/files/sudoers
-    - check_cmd: {{ sudoers.get('execprefix', '/usr/sbin') }}/visudo -c -f
+    - check_cmd: {{ sudoers.execprefix }}/visudo -c -f
     - context:
         included: True
         sudoers: {{ spec|json }}
-    {% if salt['pillar.get']('sudoers:manage_main_config', True) %}
+    {% if sudoers.manage_main_config %}
     - require:
-      - file: {{ sudoers.get('configpath', '/etc') }}/sudoers
+      - file: {{ sudoers.configpath }}/sudoers
     {% endif %}
 {% endfor %}
diff --git a/sudoers/init.sls b/sudoers/init.sls
@@ -1,27 +1,33 @@
-{% from "sudoers/map.jinja" import sudoers with context %}
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- set sls_config_file = tplroot ~ '.config.file' %}
+{%- from tplroot ~ "/map.jinja" import sudoers with context %}
 
 sudo:
   pkg.installed:
     - name: {{ sudoers.pkg }}
 
-{% if salt['pillar.get']('sudoers:manage_main_config', True) %}
+{% if sudoers.manage_main_config %}
 
-{{ sudoers.get('configpath', '/etc') }}/sudoers:
+{{ sudoers.configpath }}/sudoers:
   file.managed:
     - user: root
-    - group: {{ sudoers.get('group', 'root') }}
+    - group: {{ sudoers.group }}
     - mode: 440
     - template: jinja
     - source: salt://sudoers/files/sudoers
-    - check_cmd: {{ sudoers.get('execprefix', '/usr/sbin') }}/visudo -c -f
+    - check_cmd: {{ sudoers.execprefix }}/visudo -c -f
     - context:
         included: False
     - require:
       - pkg: sudo
 
 {% else %}
 
-{{ sudoers.get('configpath', '/etc') }}/sudoers:
+{{ sudoers.configpath }}/sudoers:
   test.show_notification:
     - name: Skipping management of main sudoers file
     - text: Pillar manage_main_config is False

diff --git a/test/integration/default/controls/_mapdata_spec.rb b/test/integration/default/controls/_mapdata_spec.rb
@@ -8,6 +8,6 @@
 
   describe file('/tmp/salt_mapdata_dump.yaml') do
     it { should exist }
-    its('content') { should include mapdata_dump }
+    its('content') { should eq mapdata_dump }
   end
 end
diff --git a/test/integration/default/files/_mapdata/amazonlinux-1.yaml b/test/integration/default/files/_mapdata/amazonlinux-1.yaml
@@ -2,4 +2,68 @@
 # Amazon Linux AMI-2018
 ---
 sudoers:
+  aliases:
+    commands:
+      PROCESSES:
+      - /usr/bin/nice
+      - /bin/kill
+      - /usr/bin/renice
+      - /usr/bin/pkill
+      - /usr/bin/top
+    hosts:
+      WEBSERVERS:
+      - www1
+      - www2
+      - www3
+    users:
+      ADMINS:
+      - millert
+      - dowdy
+      - mikef
+  arch: amd64
+  configpath: /etc
+  defaults:
+    command_list:
+      PROCESSES: noexec
+    generic:
+    - env_reset
+    - mail_badpass
+    - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    host_list:
+      www1: log_year, logfile=/var/log/sudo.log
+    runas_list:
+      root: '!set_logname'
+    user_list:
+      ADMINS: '!lecture'
+      johndoe: '!requiretty'
+  execprefix: /usr/sbin
+  group: root
+  groups:
+    sudo:
+    - ALL=(ALL) ALL
+    - 'ALL=(nodejs) NOPASSWD: ALL'
+  included_files:
+    /etc/sudoers.d/extra-file:
+      users:
+        foo:
+        - ALL=(ALL) ALL
+    extra-file-2:
+      groups:
+        bargroup:
+        - 'ALL=(ALL) NOPASSWD: ALL'
+    extra-file-3:
+      netgroups:
+        other_netgroup:
+        - ALL=(ALL) ALL
+  includedir: /etc/sudoers.d
+  manage_main_config: true
+  netgroups:
+    sysadmins:
+    - ALL=(ALL) ALL
   pkg: sudo
+  users:
+    johndoe:
+    - ALL=(ALL) ALL
+    - 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
+    kitchen:
+    - 'ALL=(root) NOPASSWD: ALL'
diff --git a/test/integration/default/files/_mapdata/amazonlinux-2.yaml b/test/integration/default/files/_mapdata/amazonlinux-2.yaml
@@ -2,4 +2,68 @@
 # Amazon Linux-2
 ---
 sudoers:
+  aliases:
+    commands:
+      PROCESSES:
+      - /usr/bin/nice
+      - /bin/kill
+      - /usr/bin/renice
+      - /usr/bin/pkill
+      - /usr/bin/top
+    hosts:
+      WEBSERVERS:
+      - www1
+      - www2
+      - www3
+    users:
+      ADMINS:
+      - millert
+      - dowdy
+      - mikef
+  arch: amd64
+  configpath: /etc
+  defaults:
+    command_list:
+      PROCESSES: noexec
+    generic:
+    - env_reset
+    - mail_badpass
+    - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    host_list:
+      www1: log_year, logfile=/var/log/sudo.log
+    runas_list:
+      root: '!set_logname'
+    user_list:
+      ADMINS: '!lecture'
+      johndoe: '!requiretty'
+  execprefix: /usr/sbin
+  group: root
+  groups:
+    sudo:
+    - ALL=(ALL) ALL
+    - 'ALL=(nodejs) NOPASSWD: ALL'
+  included_files:
+    /etc/sudoers.d/extra-file:
+      users:
+        foo:
+        - ALL=(ALL) ALL
+    extra-file-2:
+      groups:
+        bargroup:
+        - 'ALL=(ALL) NOPASSWD: ALL'
+    extra-file-3:
+      netgroups:
+        other_netgroup:
+        - ALL=(ALL) ALL
+  includedir: /etc/sudoers.d
+  manage_main_config: true
+  netgroups:
+    sysadmins:
+    - ALL=(ALL) ALL
   pkg: sudo
+  users:
+    johndoe:
+    - ALL=(ALL) ALL
+    - 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
+    kitchen:
+    - 'ALL=(root) NOPASSWD: ALL'
diff --git a/test/integration/default/files/_mapdata/arch-base-latest.yaml b/test/integration/default/files/_mapdata/arch-base-latest.yaml
@@ -2,4 +2,68 @@
 # Arch
 ---
 sudoers:
+  aliases:
+    commands:
+      PROCESSES:
+      - /usr/bin/nice
+      - /bin/kill
+      - /usr/bin/renice
+      - /usr/bin/pkill
+      - /usr/bin/top
+    hosts:
+      WEBSERVERS:
+      - www1
+      - www2
+      - www3
+    users:
+      ADMINS:
+      - millert
+      - dowdy
+      - mikef
+  arch: amd64
+  configpath: /etc
+  defaults:
+    command_list:
+      PROCESSES: noexec
+    generic:
+    - env_reset
+    - mail_badpass
+    - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    host_list:
+      www1: log_year, logfile=/var/log/sudo.log
+    runas_list:
+      root: '!set_logname'
+    user_list:
+      ADMINS: '!lecture'
+      johndoe: '!requiretty'
+  execprefix: /usr/sbin
+  group: root
+  groups:
+    sudo:
+    - ALL=(ALL) ALL
+    - 'ALL=(nodejs) NOPASSWD: ALL'
+  included_files:
+    /etc/sudoers.d/extra-file:
+      users:
+        foo:
+        - ALL=(ALL) ALL
+    extra-file-2:
+      groups:
+        bargroup:
+        - 'ALL=(ALL) NOPASSWD: ALL'
+    extra-file-3:
+      netgroups:
+        other_netgroup:
+        - ALL=(ALL) ALL
+  includedir: /etc/sudoers.d
+  manage_main_config: true
+  netgroups:
+    sysadmins:
+    - ALL=(ALL) ALL
   pkg: sudo
+  users:
+    johndoe:
+    - ALL=(ALL) ALL
+    - 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
+    kitchen:
+    - 'ALL=(root) NOPASSWD: ALL'
diff --git a/test/integration/default/files/_mapdata/centos-6.yaml b/test/integration/default/files/_mapdata/centos-6.yaml
@@ -2,4 +2,68 @@
 # CentOS-6
 ---
 sudoers:
+  aliases:
+    commands:
+      PROCESSES:
+      - /usr/bin/nice
+      - /bin/kill
+      - /usr/bin/renice
+      - /usr/bin/pkill
+      - /usr/bin/top
+    hosts:
+      WEBSERVERS:
+      - www1
+      - www2
+      - www3
+    users:
+      ADMINS:
+      - millert
+      - dowdy
+      - mikef
+  arch: amd64
+  configpath: /etc
+  defaults:
+    command_list:
+      PROCESSES: noexec
+    generic:
+    - env_reset
+    - mail_badpass
+    - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    host_list:
+      www1: log_year, logfile=/var/log/sudo.log
+    runas_list:
+      root: '!set_logname'
+    user_list:
+      ADMINS: '!lecture'
+      johndoe: '!requiretty'
+  execprefix: /usr/sbin
+  group: root
+  groups:
+    sudo:
+    - ALL=(ALL) ALL
+    - 'ALL=(nodejs) NOPASSWD: ALL'
+  included_files:
+    /etc/sudoers.d/extra-file:
+      users:
+        foo:
+        - ALL=(ALL) ALL
+    extra-file-2:
+      groups:
+        bargroup:
+        - 'ALL=(ALL) NOPASSWD: ALL'
+    extra-file-3:
+      netgroups:
+        other_netgroup:
+        - ALL=(ALL) ALL
+  includedir: /etc/sudoers.d
+  manage_main_config: true
+  netgroups:
+    sysadmins:
+    - ALL=(ALL) ALL
   pkg: sudo
+  users:
+    johndoe:
+    - ALL=(ALL) ALL
+    - 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
+    kitchen:
+    - 'ALL=(root) NOPASSWD: ALL'