From 6a18ec6c5f94746c35c7e03e02101369bd08ce95 Mon Sep 17 00:00:00 2001 From: Peter Souter Date: Thu, 12 May 2016 17:49:58 +0100 Subject: [PATCH 1/3] Updates Gemfile for latest Beaker FreeBSD support --- Gemfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Gemfile b/Gemfile index 4d8f42a..2cb75b5 100644 --- a/Gemfile +++ b/Gemfile @@ -16,9 +16,12 @@ group :development do gem "vagrant-wrapper" gem "puppet-blacksmith" gem "guard-rake" + gem 'listen', '<= 3.0.6', :require => false end group :system_tests do gem 'beaker-rspec', :require => false gem 'serverspec', :require => false + gem 'signet', git: "https://github.com/google/signet.git" + gem 'specinfra' end From f8415b820302641a7323d62a6bcf6726fe85299e Mon Sep 17 00:00:00 2001 From: Peter Souter Date: Thu, 12 May 2016 17:50:24 +0100 Subject: [PATCH 2/3] Adds new params class for FreeBSD changes --- manifests/init.pp | 19 +++++++++++-------- manifests/params.pp | 23 +++++++++++++++++++++++ manifests/sudoers.pp | 12 ++++++++++-- 3 files changed, 44 insertions(+), 10 deletions(-) create mode 100644 manifests/params.pp diff --git a/manifests/init.pp b/manifests/init.pp index 5783ee8..04729c5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -38,11 +38,14 @@ # Copyright 2015 Arnoud de Jonge # class sudo ( - $sudoers = {}, - $manage_sudoersd = false, - $manage_package = true, - $sudoers_file = '' -) { + $sudoers = {}, + $manage_sudoersd = false, + $manage_package = true, + $sudoers_file = '', + $root_group = $::sudo::params::root_group, + $sudoers_directory = $::sudo::params::sudoers_directory, + $sudoers_file_path = $::sudo::params::sudoers_file_path, +) inherits sudo::params { create_resources('sudo::sudoers', $sudoers) @@ -52,10 +55,10 @@ } } - file { '/etc/sudoers.d': + file { $sudoers_directory: ensure => directory, owner => 'root', - group => 'root', + group => $root_group, mode => '0750', purge => $manage_sudoersd, recurse => $manage_sudoersd, @@ -63,7 +66,7 @@ } if $sudoers_file =~ /^puppet:\/\// { - file { '/etc/sudoers': + file { $sudoers_file_path: ensure => file, owner => 'root', group => 'root', diff --git a/manifests/params.pp b/manifests/params.pp new file mode 100644 index 0000000..4850a83 --- /dev/null +++ b/manifests/params.pp @@ -0,0 +1,23 @@ +# == Class: sudo::params +# +# +class sudo::params +{ + + case $::osfamily { + 'FreeBSD': { + $root_group = 'wheel' + $sudoers_directory = '/usr/local/etc/sudoers.d' + $sudoers_file_path = '/usr/local/etc/sudoers' + $validate_cmd = '/usr/local/sbin/visudo -c -f %' + } + default: { + $root_group = 'root' + $sudoers_directory = '/etc/sudoers.d' + $sudoers_file_path = '/etc/sudoers' + $validate_cmd = '/usr/sbin/visudo -c -f %' + } + } + + +} diff --git a/manifests/sudoers.pp b/manifests/sudoers.pp index 8dddab8..97aebc0 100644 --- a/manifests/sudoers.pp +++ b/manifests/sudoers.pp @@ -68,13 +68,21 @@ $runas = ['root'], $tags = [], $defaults = [], + $sudoers_directory = $::sudo::params::sudoers_directory, + $validate_cmd = $::sudo::params::visudo_path, + $root_group = $::sudo::params::root_group, ) { + # The base class must be included first because it is used by parameter defaults + if ! defined(Class['sudo']) { + fail('You must include the sudo base class before using any sudo::sudoers defined resources. Add `include ::sudo:` to your manifest') + } + # filename as per the manual or aliases as per the sudoer spec must not # contain dots. # As having dots in a username is legit, let's fudge $sane_name = regsubst($name, '\.', '_', 'G') - $sudoers_user_file = "/etc/sudoers.d/${sane_name}" + $sudoers_user_file = "${sudoers_directory}/${sane_name}" if $sane_name !~ /^[A-Za-z][A-Za-z0-9_]*$/ { fail "Will not create sudoers file \"${sudoers_user_file}\" (for user \"${name}\") should consist of letters numbers or underscores." @@ -88,7 +96,7 @@ file { $sudoers_user_file: content => template('sudo/sudoers.erb'), owner => 'root', - group => 'root', + group => $root_group, mode => '0440', } if versioncmp($::puppetversion, '3.5') >= 0 { From ce3324a2492c5fa1dac3235f4bd2a92497cfe37e Mon Sep 17 00:00:00 2001 From: Peter Souter Date: Thu, 12 May 2016 17:50:44 +0100 Subject: [PATCH 3/3] Updates Beaker tests for FreeBSD support --- spec/acceptance/class_spec.rb | 8 +++- spec/acceptance/creating_a_sudoers_file.rb | 45 +++++++++++++++++++++ spec/acceptance/nodesets/freebsd-10-x64.yml | 11 +++++ spec/spec_helper_acceptance.rb | 11 +++-- 4 files changed, 71 insertions(+), 4 deletions(-) create mode 100644 spec/acceptance/creating_a_sudoers_file.rb create mode 100644 spec/acceptance/nodesets/freebsd-10-x64.yml diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 4346f17..cf7a348 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -13,7 +13,13 @@ class { 'sudo': } apply_manifest(pp, :catch_changes => true) end - describe file('/etc/sudoers.d/') do + if fact('osfamily') =~ /freebsd/i + @folder_dir = '/usr/local/etc/sudoers.d' + else + @folder_dir = '/etc/sudoers.d/' + end + + describe file(@folder_dir) do it { should be_mode 750 } it { should be_owned_by 'root' } end diff --git a/spec/acceptance/creating_a_sudoers_file.rb b/spec/acceptance/creating_a_sudoers_file.rb new file mode 100644 index 0000000..b707c0d --- /dev/null +++ b/spec/acceptance/creating_a_sudoers_file.rb @@ -0,0 +1,45 @@ +require 'spec_helper_acceptance' + +describe 'sudo::sudoers' do + + context 'creating a sudoers file' do + it 'should work idempotently with no errors' do + pp = <<-EOS + group { 'janedoe': + ensure => present; + } + -> + user { 'janedoe' : + gid => 'janedoe', + home => '/home/janedoe', + shell => '/bin/sh', + managehome => true, + membership => minimum, + } + -> + class {'::sudo':} + -> + sudo::sudoers { 'Jane_Hello_World_Sudo': + ensure => 'present', + comment => 'Allow Jane to Sudo Hello World', + users => ['janedoe'], + runas => ['root'], + tags => ['NOPASSWD'], + cmnds => ['/bin/echo Hello World'], + } + EOS + + # Run it twice and test for idempotency + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) + end + + describe command("su - janedoe -c 'sudo echo Hello World'") do + its(:stdout) { should match /Hello World/ } + end + + describe command("su - janedoe -c 'sudo echo I cant do this'") do + its(:stderr) { should match /no tty present and no askpass program specified/ } + end + end +end diff --git a/spec/acceptance/nodesets/freebsd-10-x64.yml b/spec/acceptance/nodesets/freebsd-10-x64.yml new file mode 100644 index 0000000..d58c30b --- /dev/null +++ b/spec/acceptance/nodesets/freebsd-10-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + freebsd-10-x64: + roles: + - master + platform: freebsd-10-x64 + box : petems/freebsd-101-w_rsync + box_url : https://atlas.hashicorp.com/petems/boxes/freebsd-101-w_rsync + hypervisor : vagrant +CONFIG: + log_level: verbose + type: foss diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index b4ee7dc..d61f040 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -1,9 +1,14 @@ -require 'beaker-rspec/spec_helper' -require 'beaker-rspec/helpers/serverspec' +require 'beaker-rspec' hosts.each do |host| # Install Puppet - install_puppet + if host['platform'] =~ /freebsd/ + # Beaker tries to install sysutils/puppet + # It's now been renamed to sysutils/puppet38 + host.install_package('sysutils/puppet38') + else + install_puppet + end end RSpec.configure do |c|