Merge pull request #2 from Oefenweb/initial-working-version

Initial working version
Oefenweb · Aug 25, 2015 · 7c13809 · 7c13809
2 parents 1a41be4 + a4e1894
commit 7c13809
Show file tree

Hide file tree

Showing 10 changed files with 71 additions and 71 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -38,9 +38,6 @@ install:
   # Install Ansible.
   - if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible; else pip install ansible==$ANSIBLE_VERSION; fi
 
-  # Add ansible.cfg to pick up roles path.
-  - printf "[defaults]\nroles_path = ../" > ansible.cfg
-
 script:
   # Check the role/playbook's syntax.
   - ansible-playbook -i tests/inventory tests/test.yml --syntax-check
@@ -57,4 +54,6 @@ script:
 
 notifications:
   email: false
-
+  hipchat:
+    rooms:
+      secure: lBUbBELlSnblttgr37EJ7tMvUYgKETZGPOa/eN4zCUPW13zVKHuNKMkY9Mc8rqxV+VJAXag8YijzN3YOTqRNLLHuu0eipp3wmDd3ku8CK/r/E6nqz6EK+zv2absAzzFVxf74LjGpqFgMvvxvm8/F6FlS7EODVRCmqsG6MnguU+ixb4TJkn8DcAOlu7+VmdejXMo5ZwgLMRO6HF9xk0i7679y5p3NalRmzTUDuZzw9tn8qbCJzqvNe/pXovbD/G8YWinsRd3aVQF5Sh0dd8rRnxDh4luhrKPmfEc61ug15uVdH4UPI0nqhexCtK8f5vkahbbXHbmW2pKiDLv6WVroqe3dSivZSieeSo1rqYrEXPMj5khDdZpKLkQl1pgyhemqRyHm89i/BIHB9rEPgiv4uKWc+dAWw9iNjsCFgWWVW4JsG+VY/DBkck/7sAxFHW6i3+x73qr42I8+3tE4N1AURD7qg2uGo6Ut/CLQG/LqQf/5hZ2JEBqSO9QaU8iJNsAZf7DVcdf3aLP7l2thMjaJtGAYLMPF2r64tY+mMYmZm177EK7U9F10XdlXGUHiqr80cj6kmuwF99oIpj9qo1btKm+uo17ZfTtTL8D/zC8ICG73GeDceC0CpCfEpiJFK2Cc5Oa6TUwPnB2zjfCrpT3d3p3X26Zh/r377k2hRFW1qcA=
diff --git a/README.md b/README.md
@@ -2,49 +2,50 @@
 
 [![Build Status](https://travis-ci.org/Oefenweb/ansible-sudoers.svg?branch=master)](https://travis-ci.org/Oefenweb/ansible-sudoers) [![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-sudoers-blue.svg)](https://galaxy.ansible.com/list#/roles/4827)
 
-Manage sudoers in Debian-like systems.
+Manage sudoers and sudoers.d in Debian-like systems.
 
 #### Requirements
 
 None
 
 #### Variables
 
-* `sudoers_sudoers`: sudoers configuration file declarations
-* `sudoers_sudoers.defaults`: [default: see `defaults/main.yml`]: Default configuration options.
-* `sudoers_sudoers.host_aliases`: [default: `[]`]: A list of aliases of type Host_Alias.
-* `sudoers_sudoers.host_aliases.name`: Name of the alias.
-* `sudoers_sudoers.host_aliases.members`: Member(s) of the alias.
-* `sudoers_sudoers.user_aliases`: [default: `[]`]: A list of aliases of type User_Alias.
-* `sudoers_sudoers.user_aliases.name`: Name of the alias.
-* `sudoers_sudoers.user_aliases.members`: Member(s) of the alias.
-* `sudoers_sudoers.cmnd_aliases`: [default: `[]`]: A list of aliases of type Cmnd_Alias.
-* `sudoers_sudoers.cmnd_aliases.name`: Name of the alias.
-* `sudoers_sudoers.cmnd_aliases.members`: Member(s) of the alias.
-* `sudoers_sudoers.runas_aliases`: [default: `[]`]: A list of aliases of type Runas_Alias.
-* `sudoers_sudoers.runas_aliases.name`: Name of the alias.
-* `sudoers_sudoers.runas_aliases.members`: Member(s) of the alias.
-* `sudoers_sudoers.privileges`: [default: see `defaults/main.yml`]: List of privileges.
-* `sudoers_sudoers.privileges.name`: Name of user or group (group should be prefixed with '%').
-* `sudoers_sudoers.privileges.entry`: A privilege entry.
-* `sudoers_sudoers_d_files` [default: `{}`]: sudoers configuration file declarations
+* `sudoers_sudoers`: `/etc/sudoers` file declarations
+* `sudoers_sudoers.defaults`: [default: see `defaults/main.yml`]: Default configuration options
+* `sudoers_sudoers.host_aliases`: [default: `[]`]: A list of aliases of type `Host_Alias`
+* `sudoers_sudoers.host_aliases.name`: Name of the alias
+* `sudoers_sudoers.host_aliases.members`: Member(s) of the alias
+* `sudoers_sudoers.user_aliases`: [default: `[]`]: A list of aliases of type `User_Alias`
+* `sudoers_sudoers.user_aliases.name`: Name of the alias
+* `sudoers_sudoers.user_aliases.members`: Member(s) of the alias
+* `sudoers_sudoers.cmnd_aliases`: [default: `[]`]: A list of aliases of type `Cmnd_Alias`
+* `sudoers_sudoers.cmnd_aliases.name`: Name of the alias
+* `sudoers_sudoers.cmnd_aliases.members`: Member(s) of the alias
+* `sudoers_sudoers.runas_aliases`: [default: `[]`]: A list of aliases of type `Runas_Alias`
+* `sudoers_sudoers.runas_aliases.name`: Name of the alias
+* `sudoers_sudoers.runas_aliases.members`: Member(s) of the alias
+* `sudoers_sudoers.privileges`: [default: see `defaults/main.yml`]: List of privileges
+* `sudoers_sudoers.privileges.name`: Name of user or group (group should be prefixed with '%')
+* `sudoers_sudoers.privileges.entry`: A privilege entry
+
+* `sudoers_sudoers_d_files` [default: `{}`]: `/etc/sudoers.d/*` file(s) declarations
 * `sudoers_sudoers_d_files.key`: The name of the sudoers configuration file (e.g `vagrant`)
-* `sudoers_sudoers_d_files.key.defaults` [default: `[]`]: Default configuration options.
-* `sudoers_sudoers_d_files.key.host_aliases` [default: `[]`]: A list of aliases of type Host_Alias.
-* `sudoers_sudoers_d_files.key.host_aliases.name`: Name of the alias.
-* `sudoers_sudoers_d_files.key.host_aliases.members`: Member(s) of the alias.
-* `sudoers_sudoers_d_files.key.user_aliases` [default: `[]`]: A list of aliases of type User_Alias.
-* `sudoers_sudoers_d_files.key.user_aliases.name`: Name of the alias.
-* `sudoers_sudoers_d_files.key.user_aliases.members`: Member(s) of the alias.
-* `sudoers_sudoers_d_files.key.cmnd_aliases` [default: `[]`]: A list of aliases of type Cmnd_Alias.
-* `sudoers_sudoers_d_files.key.cmnd_aliases.name`: Name of the alias.
-* `sudoers_sudoers_d_files.key.cmnd_aliases.members`: Member(s) of the alias.
-* `sudoers_sudoers_d_files.key.runas_aliases` [default: `[]`]: A list of aliases of type Runas_Alias.
-* `sudoers_sudoers_d_files.key.runas_aliases.name`: Name of the alias.
-* `sudoers_sudoers_d_files.key.runas_aliases.members`: Member(s) of the alias.
-* `sudoers_sudoers_d_files.key.privileges` [default: `[]`]: List of privileges.
-* `sudoers_sudoers_d_files.key.privileges.name`: Name of user or group (group should be prefixed with '%').
-* `sudoers_sudoers_d_files.key.privileges.entry`: A privilege entry.
+* `sudoers_sudoers_d_files.key.defaults` [default: `[]`]: Default configuration options
+* `sudoers_sudoers_d_files.key.host_aliases` [default: `[]`]: A list of aliases of type `Host_Alias`
+* `sudoers_sudoers_d_files.key.host_aliases.name`: Name of the alias
+* `sudoers_sudoers_d_files.key.host_aliases.members`: Member(s) of the alias
+* `sudoers_sudoers_d_files.key.user_aliases` [default: `[]`]: A list of aliases of type `User_Alias`
+* `sudoers_sudoers_d_files.key.user_aliases.name`: Name of the alias
+* `sudoers_sudoers_d_files.key.user_aliases.members`: Member(s) of the alias
+* `sudoers_sudoers_d_files.key.cmnd_aliases` [default: `[]`]: A list of aliases of type `Cmnd_Alias`
+* `sudoers_sudoers_d_files.key.cmnd_aliases.name`: Name of the alias
+* `sudoers_sudoers_d_files.key.cmnd_aliases.members`: Member(s) of the alias
+* `sudoers_sudoers_d_files.key.runas_aliases` [default: `[]`]: A list of aliases of type `Runas_Alias`
+* `sudoers_sudoers_d_files.key.runas_aliases.name`: Name of the alias
+* `sudoers_sudoers_d_files.key.runas_aliases.members`: Member(s) of the alias
+* `sudoers_sudoers_d_files.key.privileges` [default: `[]`]: List of privileges
+* `sudoers_sudoers_d_files.key.privileges.name`: Name of user or group (group should be prefixed with '%')
+* `sudoers_sudoers_d_files.key.privileges.entry`: A privilege entry
 
 ## Dependencies
 
@@ -118,7 +119,8 @@ MIT
 
 #### Author Information
 
-Mischa ter Smitten
+* Mark van Driel
+* Mischa ter Smitten
 
 #### Feedback, bug-reports, requests, ...
 

diff --git a/Vagrantfile b/Vagrantfile
@@ -3,8 +3,6 @@
 
 role = File.basename(File.expand_path(File.dirname(__FILE__)))
 
-File.open(File.dirname(__FILE__) + '/ansible.cfg', 'w') { |f| f.write("[defaults]\nroles_path = ../") }
-
 boxes = [
   {
     :name => "ubuntu-1004",

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -3,15 +3,14 @@
 sudoers_sudoers:
   defaults:
     - env_reset
-    - exempt_group=sudo
-    - mail_badpass
-    - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    - "{{ 'mail_badpass' if (ansible_distribution == 'Ubuntu' and ansible_distribution_version | version_compare('14.04', '>=') or ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8.0', '>=')) else '' }}"
+    - "{{ 'secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"' if (ansible_distribution == 'Ubuntu' and ansible_distribution_version | version_compare('12.04', '>=') or ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('7.0', '>=')) else '' }}"
   privileges:
     - name: root
-      entry: "ALL=(ALL:ALL) ALL"
-    - name: "%admin"
-      entry: "ALL=(ALL) ALL"
-    - name: "%sudo"
-      entry: "ALL=NOPASSWD:ALL"
+      entry: "{{ 'ALL=(ALL:ALL) ALL' if (ansible_distribution == 'Ubuntu' and ansible_distribution_version | version_compare('12.04', '>=') or ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('7.0', '>=')) else 'ALL=(ALL) ALL' }}"
+    - name: '%admin'
+      entry: 'ALL=(ALL) ALL'
+    - name: '%sudo'
+      entry: "{{ 'ALL=(ALL:ALL) ALL' if (ansible_distribution == 'Ubuntu' and ansible_distribution_version | version_compare('12.04', '>=') or ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('7.0', '>=')) else 'ALL=(ALL) ALL' }}"
 
 sudoers_sudoers_d_files: {}
diff --git a/meta/main.yml b/meta/main.yml
@@ -3,7 +3,7 @@
 galaxy_info:
   author: Mischa ter Smitten
   company: Oefenweb.nl B.V.
-  description: Manage sudoers in Debian-like systems
+  description: Manage sudoers and sudoers.d in Debian-like systems
   license: MIT
   min_ansible_version: 1.6
   platforms:

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -17,7 +17,7 @@
     group: root
     mode: 0440
   with_dict: sudoers_sudoers_d_files
-  tags: [configuration, sudoers, sudoers-configuration]
+  tags: [configuration, sudoers, sudoers-configuration, sudoers-configuration-sudoers-d]
 
 - name: update global configuration file
   template:
@@ -27,4 +27,4 @@
     owner: root
     group: root
     mode: 0440
-  tags: [configuration, sudoers, sudoers-configuration]
+  tags: [configuration, sudoers, sudoers-configuration, sudoers-configuration-sudoers]
diff --git a/templates/etc/sudoers.d/sudoers.j2 b/templates/etc/sudoers.d/sudoers.j2
@@ -1,30 +1,30 @@
 # {{ ansible_managed }}
 
 {% for item in item.value.defaults | default([]) %}
-Defaults	{{ item }}
+Defaults {{ item }}
 {% endfor %}
 
 # Host alias specification
 {% for item in item.value.host_aliases | default([]) %}
-Host_Alias	{{ item.name }} = {{ item.members }}
+Host_Alias {{ item.name }} = {{ item.members }}
 {% endfor %}
 
 # User alias specification
 {% for item in item.value.user_aliases | default([]) %}
-User_Alias	{{ item.name }} = {{ item.members }}
+User_Alias {{ item.name }} = {{ item.members }}
 {% endfor %}
 
 # Cmnd alias specification
 {% for item in item.value.cmnd_aliases | default([]) %}
-Cmnd_Alias	{{ item.name }} = {{ item.members }}
+Cmnd_Alias {{ item.name }} = {{ item.members }}
 {% endfor %}
 
 # Runas alias specification
 {% for item in item.value.runas_aliases | default([]) %}
-Runas_Alias	{{ item.name }} = {{ item.members }}
+Runas_Alias {{ item.name }} = {{ item.members }}
 {% endfor %}
 
 # User/Group privilege specification
 {% for item in item.value.privileges | default([]) %}
-{{ item.name }}	{{ item.entry }}
+{{ item.name }} {{ item.entry }}
 {% endfor %}
diff --git a/templates/etc/sudoers.j2 b/templates/etc/sudoers.j2
@@ -8,32 +8,34 @@
 # See the man page for details on how to write a sudoers file.
 #
 {% for item in sudoers_sudoers.defaults %}
-Defaults	{{ item }}
+{% if item != '' %}
+Defaults {{ item }}
+{% endif %}
 {% endfor %}
 
 # Host alias specification
 {% for item in sudoers_sudoers.host_aliases | default([]) %}
-Host_Alias	{{ item.name }} = {{ item.members }}
+Host_Alias {{ item.name }} = {{ item.members }}
 {% endfor %}
 
 # User alias specification
 {% for item in sudoers_sudoers.user_aliases | default([]) %}
-User_Alias	{{ item.name }} = {{ item.members }}
+User_Alias {{ item.name }} = {{ item.members }}
 {% endfor %}
 
 # Cmnd alias specification
 {% for item in sudoers_sudoers.cmnd_aliases | default([]) %}
-Cmnd_Alias	{{ item.name }} = {{ item.members }}
+Cmnd_Alias {{ item.name }} = {{ item.members }}
 {% endfor %}
 
 # Runas alias specification
 {% for item in sudoers_sudoers.runas_aliases | default([]) %}
-Runas_Alias	{{ item.name }} = {{ item.members }}
+Runas_Alias {{ item.name }} = {{ item.members }}
 {% endfor %}
 
 # User/Group privilege specification
 {% for item in sudoers_sudoers.privileges | default([]) %}
-{{ item.name }}	{{ item.entry }}
+{{ item.name }} {{ item.entry }}
 {% endfor %}
 
 # See sudoers(5) for more information on "#include" directives:

diff --git a/tests/test.yml b/tests/test.yml
@@ -3,10 +3,10 @@
 - hosts: localhost
   remote_user: root
   roles:
-    - ansible-sudoers
+    - ../../
   vars:
     sudoers_sudoers_d_files:
       travis:
         privileges:
           - name: travis
-            entry: "ALL=NOPASSWD:ALL"
+            entry: 'ALL=NOPASSWD:ALL'
diff --git a/tests/vagrant.yml b/tests/vagrant.yml
@@ -4,10 +4,10 @@
   remote_user: vagrant
   sudo: true
   roles:
-    - sudoers
+    - ../../
   vars:
     sudoers_sudoers_d_files:
-      travis:
+      vagrant:
         privileges:
-          - name: travis
-            entry: "ALL=NOPASSWD:ALL"
+          - name: vagrant
+            entry: 'ALL=(ALL) NOPASSWD:ALL'