From 96a5062650c2e3d0518a8c34b1a30cf9d79d5187 Mon Sep 17 00:00:00 2001 From: Simon Baerlocher Date: Sat, 6 Jul 2019 22:30:40 +0200 Subject: [PATCH 01/10] update to new version --- .travis.yml | 56 +++++++--------- CHANGELOG.md | 43 +++++++++++++ LICENSE | 19 ++++++ README.md | 118 +++++++++++++++------------------- defaults/main.yml | 4 +- handlers/main.yml | 2 +- meta/main.yml | 31 +++++---- molecule/default/molecule.yml | 29 +++++++++ molecule/default/playbook.yml | 5 ++ tasks/main.yml | 33 ++++++---- 10 files changed, 212 insertions(+), 128 deletions(-) create mode 100644 CHANGELOG.md create mode 100644 LICENSE create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/playbook.yml diff --git a/.travis.yml b/.travis.yml index ee0e314..2d1cfd9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,48 +1,36 @@ --- language: python -python: "2.7" - -# Use the new container infrastructure -sudo: false - -# Install ansible -addons: - apt: - packages: - - python-pip +services: docker + +env: + global: + - ROLE_NAME: sudoers + matrix: + - MOLECULE_DISTRO: centos7 + - MOLECULE_DISTRO: centos6 + - MOLECULE_DISTRO: ubuntu1804 + - MOLECULE_DISTRO: debian9 + - MOLECULE_DISTRO: debian10 + - MOLECULE_DISTRO: fedora29 install: - # Install ansible - - pip install ansible - - # Install ansible-lint - - pip install ansible-lint - - # Install yamllint - - pip install yamllint + - pip install molecule docker - # Install tests rules - - git submodule add https://github.com/arillso/tests tests + - git clone https://github.com/arillso/tests molecule/default/lint before_script: - # Check ansible version - - ansible --version - - # Check ansible-lint version - - ansible-lint --version - - # Check ansible-lint version - - yamllint --version + - cd ../ + - mv ansible.$ROLE_NAME arillso.$ROLE_NAME + - cd arillso.$ROLE_NAME script: - # Ansible Lint check - - ansible-lint -R -r tests/ansible-lint/ . - - # YAML Lint check - - yamllint -c tests/yaml-lint/yamllint.yml . + - molecule test notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ + webhooks: + urls: + - https://galaxy.ansible.com/api/v1/notifications/ + on_success: always email: on_success: never on_failure: always diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..fac32b8 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,43 @@ +# Changelog + +This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html) +and [human-readable changelog](https://keepachangelog.com/en/1.0.0/). + +## 1.2.1 + +### Changed + +- update min ansible version to 2.8 +- changelog to your own file +- travis file has been updated +- Documentation has been improved + +### Added + +- molecule testing + +## 1.2.0 + +### Added + +- Always prepend OS defaults and privileges unless disabled + +### Fixed + +- fix variables files found + +## 1.1.0 + +### Changed + +- rename role name + +### Added + +- add new tests + +## 1.0.0 + +### Added + +- Initial release diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..7d07096 --- /dev/null +++ b/LICENSE @@ -0,0 +1,19 @@ +Copyright (c) 2019 Arillso + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/README.md b/README.md index 4d58083..04321dd 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,10 @@ -# Ansible Role: sshd +# Ansible Role: sudoers + +[![Build Status](https://img.shields.io/travis/arillso/ansible.sudoers.svg?branch=master&style=popout-square)](https://travis-ci.org/arillso/ansible.sudoers) [![license](https://img.shields.io/github/license/mashape/apistatus.svg?style=popout-square)](https://sbaerlo.ch/licence) [![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-sudoers-blue.svg?style=popout-square)](https://galaxy.ansible.com/arillso/sudoers) [![Ansible Role](https://img.shields.io/ansible/role/d/21620.svg?style=popout-square)](https://galaxy.ansible.com/arillso/sudoers) ## Description -Manage sudoers and sudoers.d in Debian-like systems. +Manage sudoers and sudoers.d in Linux. ## Installation @@ -16,44 +18,44 @@ None ## Role Variables -| Variable | Default | Comments (type) | -| :--- | :--- | :--- | -| `sudoers_sudoers` | `/etc/sudoers` | file declarations | -| `sudoers_sudoers.defaults`| see `defaults/main.yml` | Default configuration options | -| `sudoers_sudoers.host_aliases` | `[]` | A list of aliases of type `Host_Alias` | -| `sudoers_sudoers.host_aliases.name`: | | Name of the alias | -| `sudoers_sudoers.host_aliases.members` | | Member(s) of the alias | -| `sudoers_sudoers.user_aliases` | `[]` | A list of aliases of type `User_Alias` | -| `sudoers_sudoers.user_aliases.name` | | Name of the alias | -| `sudoers_sudoers.user_aliases.members` | | Member(s) of the alias | -| `sudoers_sudoers.cmnd_aliases` | `[]` | A list of aliases of type `Cmnd_Alias` | -| `sudoers_sudoers.cmnd_aliases.name` | | Name of the alias | -| `sudoers_sudoers.cmnd_aliases.members` | | Member(s) of the alias | -| `sudoers_sudoers.runas_aliases` | `[]` | A list of aliases of type `Runas_Alias` | -| `sudoers_sudoers.runas_aliases.name` | | Name of the alias | -| `sudoers_sudoers.runas_aliases.members`| | Member(s) of the alias | -| `sudoers_sudoers.privileges` | see `defaults/main.yml` | List of privileges | -| `sudoers_sudoers.privileges.name` | | Name of user or group (group should be prefixed with '%') -| `sudoers_sudoers.privileges.entry` | | A privilege entry | -| `sudoers_sudoers_d_files` | `{}` | `/etc/sudoers.d/*` file(s) declarations | -| `sudoers_sudoers_d_files.key` | | The name of the sudoers configuration file (e.g `vagrant`) | -| `sudoers_sudoers_d_files.key.defaults` | `[]` | Default configuration options | -| `sudoers_sudoers_d_files.key.host_aliases` | `[]` | A list of aliases of type `Host_Alias` | -| `sudoers_sudoers_d_files.key.host_aliases.name` | | Name of the alias | -| `sudoers_sudoers_d_files.key.host_aliases.members` | | Member(s) of the alias | -| `sudoers_sudoers_d_files.key.user_aliases` | `[]` | A list of aliases of type `User_Alias` | -| `sudoers_sudoers_d_files.key.user_aliases.name` | | Name of the alias | -| `sudoers_sudoers_d_files.key.user_aliases.members`| | Member(s) of the alias | -| `sudoers_sudoers_d_files.key.cmnd_aliases` | `[]` | A list of aliases of type `Cmnd_Alias` | -| `sudoers_sudoers_d_files.key.cmnd_aliases.name` | | Name of the alias | -| `sudoers_sudoers_d_files.key.cmnd_aliases.members` | | Member(s) of the alias | -| `sudoers_sudoers_d_files.key.runas_aliases` | `[]` | A list of aliases of type `Runas_Alias` | -| `sudoers_sudoers_d_files.key.runas_aliases.name` | | Name of the alias | -| `sudoers_sudoers_d_files.key.runas_aliases.members` | | Member(s) of the alias | -| `sudoers_sudoers_d_files.key.privileges` | `[]` | List of privileges | -| `sudoers_sudoers_d_files.key.privileges.name` | | Name of user or group (group should be prefixed with '%') | -| `sudoers_sudoers_d_files.key.privileges.entry`| | A privilege entry | -| `sudoers_use_os_defaults` | `True` | Includes default rules that ship with target distro (boolean) | +| Variable | Default | Comments (type) | +| :-------------------------------------------------- | :---------------------- | :------------------------------------------------------------ | +| `sudoers_sudoers` | `/etc/sudoers` | file declarations | +| `sudoers_sudoers.defaults` | see `defaults/main.yml` | Default configuration options | +| `sudoers_sudoers.host_aliases` | `[]` | A list of aliases of type `Host_Alias` | +| `sudoers_sudoers.host_aliases.name`: | | Name of the alias | +| `sudoers_sudoers.host_aliases.members` | | Member(s) of the alias | +| `sudoers_sudoers.user_aliases` | `[]` | A list of aliases of type `User_Alias` | +| `sudoers_sudoers.user_aliases.name` | | Name of the alias | +| `sudoers_sudoers.user_aliases.members` | | Member(s) of the alias | +| `sudoers_sudoers.cmnd_aliases` | `[]` | A list of aliases of type `Cmnd_Alias` | +| `sudoers_sudoers.cmnd_aliases.name` | | Name of the alias | +| `sudoers_sudoers.cmnd_aliases.members` | | Member(s) of the alias | +| `sudoers_sudoers.runas_aliases` | `[]` | A list of aliases of type `Runas_Alias` | +| `sudoers_sudoers.runas_aliases.name` | | Name of the alias | +| `sudoers_sudoers.runas_aliases.members` | | Member(s) of the alias | +| `sudoers_sudoers.privileges` | see `defaults/main.yml` | List of privileges | +| `sudoers_sudoers.privileges.name` | | Name of user or group (group should be prefixed with '%') | +| `sudoers_sudoers.privileges.entry` | | A privilege entry | +| `sudoers_sudoers_d_files` | `{}` | `/etc/sudoers.d/*` file(s) declarations | +| `sudoers_sudoers_d_files.key` | | The name of the sudoers configuration file (e.g `vagrant`) | +| `sudoers_sudoers_d_files.key.defaults` | `[]` | Default configuration options | +| `sudoers_sudoers_d_files.key.host_aliases` | `[]` | A list of aliases of type `Host_Alias` | +| `sudoers_sudoers_d_files.key.host_aliases.name` | | Name of the alias | +| `sudoers_sudoers_d_files.key.host_aliases.members` | | Member(s) of the alias | +| `sudoers_sudoers_d_files.key.user_aliases` | `[]` | A list of aliases of type `User_Alias` | +| `sudoers_sudoers_d_files.key.user_aliases.name` | | Name of the alias | +| `sudoers_sudoers_d_files.key.user_aliases.members` | | Member(s) of the alias | +| `sudoers_sudoers_d_files.key.cmnd_aliases` | `[]` | A list of aliases of type `Cmnd_Alias` | +| `sudoers_sudoers_d_files.key.cmnd_aliases.name` | | Name of the alias | +| `sudoers_sudoers_d_files.key.cmnd_aliases.members` | | Member(s) of the alias | +| `sudoers_sudoers_d_files.key.runas_aliases` | `[]` | A list of aliases of type `Runas_Alias` | +| `sudoers_sudoers_d_files.key.runas_aliases.name` | | Name of the alias | +| `sudoers_sudoers_d_files.key.runas_aliases.members` | | Member(s) of the alias | +| `sudoers_sudoers_d_files.key.privileges` | `[]` | List of privileges | +| `sudoers_sudoers_d_files.key.privileges.name` | | Name of user or group (group should be prefixed with '%') | +| `sudoers_sudoers_d_files.key.privileges.entry` | | A privilege entry | +| `sudoers_use_os_defaults` | `True` | Includes default rules that ship with target distro (boolean) | ## Dependencies @@ -99,11 +101,11 @@ None members: /usr/sbin/halt privileges: - name: root - entry: "ALL=(ALL:ALL) ALL" - - name: "%admin" - entry: "ALL=(ALL) ALL" - - name: "%sudo" - entry: "ALL=NOPASSWD:ALL" + entry: 'ALL=(ALL:ALL) ALL' + - name: '%admin' + entry: 'ALL=(ALL) ALL' + - name: '%sudo' + entry: 'ALL=NOPASSWD:ALL' sudoers_sudoers_d_files: test: defaults: @@ -116,30 +118,14 @@ None members: 128.138.0.0/255.255.0.0 privileges: - name: test - entry: "ALL=(ALL:ALL) ALL" + entry: 'ALL=(ALL:ALL) ALL' ``` -## Changelog - -### 1.2 - -* Always prepend OS defaults and privileges unless disabled -* fix variables files found - -### 1.1 - -* rename role name -* add new tests - -### 1.0 - -* Initial release - ## Author -* [Simon Bärlocher](https://sbaerlocher.ch) -* Mark van Driel -* Mischa ter Smitten +- [Simon Bärlocher](https://sbaerlocher.ch) +- Mark van Driel +- Mischa ter Smitten ## License @@ -147,4 +133,4 @@ This project is under the MIT License. See the [LICENSE](https://sbaerlo.ch/lice ## Copyright -(c) 2018, Simon Bärlocher +(c) 2019, Arillso diff --git a/defaults/main.yml b/defaults/main.yml index 9b92a4b..a7a023a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -8,7 +8,7 @@ sudoers_sudoers: sudoers_use_os_defaults: true sudoers_os_defaults: - defaults: "{{ sudoers_sudoers_preset_defaults }}" - privileges: "{{ sudoers_sudoers_preset_privileges }}" + defaults: '{{ sudoers_sudoers_preset_defaults }}' + privileges: '{{ sudoers_sudoers_preset_privileges }}' sudoers_sudoers_d_files: {} diff --git a/handlers/main.yml b/handlers/main.yml index 3c37b2a..f4acd24 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,2 +1,2 @@ -# handlers file for arillso.sudoers --- +# handlers file for arillso.sudoers diff --git a/meta/main.yml b/meta/main.yml index 9139df5..6cfb2a9 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,20 +1,29 @@ --- - galaxy_info: author: arillso + description: Manage sudoers and sudoers.d in Linux. license: MIT - min_ansible_version: 2 + min_ansible_version: 2.8 platforms: - - name: Debian - versions: - - wheezy - - jessie - - stretch - - name: Ubuntu - versions: - - trusty - - xenial - name: EL versions: - 6 - 7 + - name: Fedora + versions: + - 29 + - name: Ubuntu + versions: + - bionic + - cosmic + - name: Debian + versions: + - jessie + - stretch + - buster + + galaxy_tags: + - sudo + - system + +dependencies: [] diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..b3e9a03 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,29 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint + options: + config-file: molecule/default/lint/yaml-lint/yamllint.yml +platforms: + - name: instance + image: 'geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest' + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + lint: + name: ansible-lint + playbooks: + converge: ${MOLECULE_PLAYBOOK:-playbook.yml} +scenario: + name: default +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml new file mode 100644 index 0000000..88f6ec4 --- /dev/null +++ b/molecule/default/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: arillso.sudoers diff --git a/tasks/main.yml b/tasks/main.yml index 88aa71f..36d5e3f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,38 +2,43 @@ # tasks file for arillso.sudoers - name: add OS specific variables - include_vars: "{{ loop_vars }}" + include_vars: '{{ loop_vars }}' with_first_found: - files: - - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" - - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - - "{{ ansible_distribution }}.yml" - - "{{ ansible_os_family }}.yml" - - "defaults.yml" + - '{{ distribution }}-{{ distribution_verion }}.yml' + - '{{ distribution }}-{{ distribution_major_version }}.yml' + - '{{ distribution }}.yml' + - '{{ ansible_os_family }}.yml' + - '{{ ansible_system }}.yml' + - 'defaults.yml' paths: - - "vars" + - 'vars' loop_control: loop_var: loop_vars + vars: + distribution: '{{ ansible_distribution }}' + distribution_verion: '{{ ansible_distribution_version }}' + distribution_major_version: '{{ ansible_distribution_major_version }}' tags: - configuration - packages -- name: install +- name: install package become: true package: - name: "{{ item }}" - with_items: "{{ sudoers_dependencies }}" + name: '{{ item }}' + with_items: '{{ sudoers_dependencies }}' - name: update specific configuration files become: true template: src: etc/sudoers.d/sudoers.j2 - dest: "/etc/sudoers.d/{{ item.key }}" - validate: "visudo -cf %s" + dest: '/etc/sudoers.d/{{ item.key }}' + validate: 'visudo -cf %s' owner: root group: root mode: 0440 - with_dict: "{{ sudoers_sudoers_d_files }}" + with_dict: '{{ sudoers_sudoers_d_files }}' tags: - configuration @@ -42,7 +47,7 @@ template: src: etc/sudoers.j2 dest: /etc/sudoers - validate: "visudo -cf %s" + validate: 'visudo -cf %s' owner: root group: root mode: 0440 From 0cc99baa7fbe20d2e6a9b91d00dddf120a3ace07 Mon Sep 17 00:00:00 2001 From: Simon Baerlocher Date: Sat, 6 Jul 2019 22:39:01 +0200 Subject: [PATCH 02/10] remove centos6 support --- .travis.yml | 2 -- meta/main.yml | 1 - 2 files changed, 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 2d1cfd9..a357f88 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,11 +7,9 @@ env: - ROLE_NAME: sudoers matrix: - MOLECULE_DISTRO: centos7 - - MOLECULE_DISTRO: centos6 - MOLECULE_DISTRO: ubuntu1804 - MOLECULE_DISTRO: debian9 - MOLECULE_DISTRO: debian10 - - MOLECULE_DISTRO: fedora29 install: - pip install molecule docker diff --git a/meta/main.yml b/meta/main.yml index 6cfb2a9..54befe4 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -7,7 +7,6 @@ galaxy_info: platforms: - name: EL versions: - - 6 - 7 - name: Fedora versions: From 515ba8477e0618efe59bf4b0035c1fbcd50d7136 Mon Sep 17 00:00:00 2001 From: Simon Baerlocher Date: Sun, 7 Jul 2019 22:20:55 +0200 Subject: [PATCH 03/10] fix link in readme --- LICENSE.txt | 19 ------------------- README.md | 2 +- 2 files changed, 1 insertion(+), 20 deletions(-) delete mode 100644 LICENSE.txt diff --git a/LICENSE.txt b/LICENSE.txt deleted file mode 100644 index 5708f35..0000000 --- a/LICENSE.txt +++ /dev/null @@ -1,19 +0,0 @@ -Copyright (c) Oefenweb.nl - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is furnished -to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. diff --git a/README.md b/README.md index 04321dd..fa3f437 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Ansible Role: sudoers -[![Build Status](https://img.shields.io/travis/arillso/ansible.sudoers.svg?branch=master&style=popout-square)](https://travis-ci.org/arillso/ansible.sudoers) [![license](https://img.shields.io/github/license/mashape/apistatus.svg?style=popout-square)](https://sbaerlo.ch/licence) [![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-sudoers-blue.svg?style=popout-square)](https://galaxy.ansible.com/arillso/sudoers) [![Ansible Role](https://img.shields.io/ansible/role/d/21620.svg?style=popout-square)](https://galaxy.ansible.com/arillso/sudoers) +[![Build Status](https://img.shields.io/travis/arillso/ansible.sudoers.svg?branch=master&style=popout-square)](https://travis-ci.org/arillso/ansible.sudoers) [![license](https://img.shields.io/github/license/mashape/apistatus.svg?style=popout-square)](https://sbaerlo.ch/licence) [![Ansible Galaxy](https://img.shields.io/badge/ansible--galaxy-sudoers-blue.svg?style=popout-square)](https://galaxy.ansible.com/arillso/sudoers) [![Ansible Role](https://img.shields.io/ansible/role/d/21620.svg?style=popout-square)](https://galaxy.ansible.com/arillso/sudoers) ## Description From aee6f474d8e0e45cec6811704d518991eaee26a8 Mon Sep 17 00:00:00 2001 From: Simon Baerlocher Date: Wed, 2 Dec 2020 21:54:33 +0100 Subject: [PATCH 04/10] add testing --- .github/dependabot.yml | 7 +++ .github/linters/.markdown-lint.yml | 5 ++ .github/linters/.yaml-lint.yml | 10 ++++ .github/workflows/lint.yml | 26 ++++++++++ .github/workflows/release.yml | 42 +++++++++++++++ .github/workflows/tests.yml | 40 +++++++++++++++ .travis.yml | 34 ------------- .yamllint | 1 + CHANGELOG.md | 12 +++++ LICENSE | 2 +- meta/main.yml | 19 ++++--- molecule/alpine-3.11/molecule.yml | 24 +++++++++ molecule/alpine-3.12/molecule.yml | 24 +++++++++ molecule/centos-7/molecule.yml | 25 +++++++++ molecule/centos-8/molecule.yml | 25 +++++++++ molecule/debian-bullseye/molecule.yml | 25 +++++++++ molecule/debian-buster/molecule.yml | 25 +++++++++ molecule/debian-sid/molecule.yml | 25 +++++++++ molecule/default/converge.yml | 9 ++++ molecule/default/molecule.yml | 73 +++++++++++++++++++++++---- molecule/ubuntu-bionic/molecule.yml | 25 +++++++++ molecule/ubuntu-focal/molecule.yml | 25 +++++++++ molecule/ubuntu-xenial/molecule.yml | 25 +++++++++ 23 files changed, 475 insertions(+), 53 deletions(-) create mode 100644 .github/dependabot.yml create mode 100644 .github/linters/.markdown-lint.yml create mode 100644 .github/linters/.yaml-lint.yml create mode 100644 .github/workflows/lint.yml create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/tests.yml delete mode 100644 .travis.yml create mode 120000 .yamllint create mode 100644 molecule/alpine-3.11/molecule.yml create mode 100644 molecule/alpine-3.12/molecule.yml create mode 100644 molecule/centos-7/molecule.yml create mode 100644 molecule/centos-8/molecule.yml create mode 100644 molecule/debian-bullseye/molecule.yml create mode 100644 molecule/debian-buster/molecule.yml create mode 100644 molecule/debian-sid/molecule.yml create mode 100644 molecule/default/converge.yml create mode 100644 molecule/ubuntu-bionic/molecule.yml create mode 100644 molecule/ubuntu-focal/molecule.yml create mode 100644 molecule/ubuntu-xenial/molecule.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..f253916 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +--- +version: 2 +updates: + - package-ecosystem: 'github-actions' + directory: '/' + schedule: + interval: 'daily' diff --git a/.github/linters/.markdown-lint.yml b/.github/linters/.markdown-lint.yml new file mode 100644 index 0000000..c7b49e6 --- /dev/null +++ b/.github/linters/.markdown-lint.yml @@ -0,0 +1,5 @@ +--- +default: true +MD024: false +MD013: + line_length: 160 diff --git a/.github/linters/.yaml-lint.yml b/.github/linters/.yaml-lint.yml new file mode 100644 index 0000000..e55857e --- /dev/null +++ b/.github/linters/.yaml-lint.yml @@ -0,0 +1,10 @@ +--- +extends: default +rules: + line-length: disable + comments: disable + +ignore: | + .github/workflows/* + */lint.yml + */release.yml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..38e46da --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,26 @@ +--- +name: Lint Code Base + +on: + push: + branches-ignore: [main] + + pull_request: + branches: [main] + +jobs: + build: + name: Lint Code Base + + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Lint Code Base + uses: github/super-linter@v3 + env: + DEFAULT_BRANCH: main + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + ANSIBLE_DIRECTORY: / diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..f0e1adc --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,42 @@ +--- +name: Role Release +on: + release: + types: [published] + +jobs: + release: + runs-on: ubuntu-latest + + name: Role Release Test + + defaults: + run: + working-directory: arillso.hosts + + steps: + - name: Checkout Code + uses: actions/checkout@v2 + with: + path: arillso.hosts + + - name: Test Ansible with Molecule + uses: arillso/action.molecule@0.0.1 + with: + command: test + working_directory: arillso.hosts + + publish: + runs-on: ubuntu-latest + + name: Role Release Publish + + if: always() + needs: + - release + + steps: + - name: Release Ansible Role to Galaxy + uses: robertdebock/galaxy-action@1.1.0 + with: + galaxy_api_key: ${{ secrets.GALAXY_API_KEY }} diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 0000000..e3ca65e --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,40 @@ +--- +name: Role Tests +on: + push: + pull_request: + +jobs: + tests: + runs-on: ubuntu-latest + defaults: + run: + working-directory: arillso.hosts + strategy: + fail-fast: false + max-parallel: 4 + matrix: + scenario: + - alpine-3.11 + - alpine-3.12 + - centos-7 + - centos-8 + - debian-bullseye + - debian-buster + - debian-sid + - ubuntu-bionic + - ubuntu-focal + - ubuntu-xenial + + steps: + - name: Checkout Code + uses: actions/checkout@v2 + with: + path: arillso.hosts + + - name: Test Ansible with Molecule + uses: arillso/action.molecule@0.0.1 + with: + command: test + working_directory: arillso.hosts + scenario: ${{ matrix.scenario }} diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index a357f88..0000000 --- a/.travis.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -language: python -services: docker - -env: - global: - - ROLE_NAME: sudoers - matrix: - - MOLECULE_DISTRO: centos7 - - MOLECULE_DISTRO: ubuntu1804 - - MOLECULE_DISTRO: debian9 - - MOLECULE_DISTRO: debian10 - -install: - - pip install molecule docker - - - git clone https://github.com/arillso/tests molecule/default/lint - -before_script: - - cd ../ - - mv ansible.$ROLE_NAME arillso.$ROLE_NAME - - cd arillso.$ROLE_NAME - -script: - - molecule test - -notifications: - webhooks: - urls: - - https://galaxy.ansible.com/api/v1/notifications/ - on_success: always - email: - on_success: never - on_failure: always diff --git a/.yamllint b/.yamllint new file mode 120000 index 0000000..64accb7 --- /dev/null +++ b/.yamllint @@ -0,0 +1 @@ +.github/linters/.yaml-lint.yml \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index fac32b8..5082072 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,18 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html) and [human-readable changelog](https://keepachangelog.com/en/1.0.0/). +## 2.0.0 + +### Added + +- Added github action for the integration tests. +- Added test scenario for different OS. +- Added compatibility for Ansible 2.10. + +### Removed + +- Degreasing support for Ansible Version under 2.9. + ## 1.2.1 ### Changed diff --git a/LICENSE b/LICENSE index 7d07096..5520f0e 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2019 Arillso +Copyright (c) 2020 Arillso Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/meta/main.yml b/meta/main.yml index 54befe4..1a1908f 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,25 +1,28 @@ --- galaxy_info: - author: arillso + role_name: sudores + author: arillso description: Manage sudoers and sudoers.d in Linux. license: MIT - min_ansible_version: 2.8 + min_ansible_version: 2.10 platforms: + - name: Alpine + versions: + - any - name: EL versions: - 7 - - name: Fedora - versions: - - 29 + - 8 - name: Ubuntu versions: - bionic - - cosmic + - focal + - xenial - name: Debian versions: - - jessie - - stretch + - bullseye - buster + - sid galaxy_tags: - sudo diff --git a/molecule/alpine-3.11/molecule.yml b/molecule/alpine-3.11/molecule.yml new file mode 100644 index 0000000..5301967 --- /dev/null +++ b/molecule/alpine-3.11/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint ../arillso.sudoers + flake8 +platforms: + - name: alpine-3.11 + image: arillso/alpine:3.11 + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro +provisioner: + name: ansible + playbooks: + converge: ../default/converge.yml + env: + ANSIBLE_ROLES_PATH: ../../ +verifier: + name: ansible diff --git a/molecule/alpine-3.12/molecule.yml b/molecule/alpine-3.12/molecule.yml new file mode 100644 index 0000000..14aeb65 --- /dev/null +++ b/molecule/alpine-3.12/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint ../arillso.sudoers + flake8 +platforms: + - name: alpine-3.12 + image: arillso/alpine:3.12 + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro +provisioner: + name: ansible + playbooks: + converge: ../default/converge.yml + env: + ANSIBLE_ROLES_PATH: ../../ +verifier: + name: ansible diff --git a/molecule/centos-7/molecule.yml b/molecule/centos-7/molecule.yml new file mode 100644 index 0000000..0080623 --- /dev/null +++ b/molecule/centos-7/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint ../arillso.sudoers + flake8 +platforms: + - name: centos-7 + image: arillso/centos:7 + privileged: true + command: /usr/sbin/init + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro +provisioner: + name: ansible + playbooks: + converge: ../default/converge.yml + env: + ANSIBLE_ROLES_PATH: ../../ +verifier: + name: ansible diff --git a/molecule/centos-8/molecule.yml b/molecule/centos-8/molecule.yml new file mode 100644 index 0000000..dacddc4 --- /dev/null +++ b/molecule/centos-8/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint ../arillso.sudoers + flake8 +platforms: + - name: centos-8 + image: arillso/centos:8 + privileged: true + command: /usr/sbin/init + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro +provisioner: + name: ansible + playbooks: + converge: ../default/converge.yml + env: + ANSIBLE_ROLES_PATH: ../../ +verifier: + name: ansible diff --git a/molecule/debian-bullseye/molecule.yml b/molecule/debian-bullseye/molecule.yml new file mode 100644 index 0000000..6b35f59 --- /dev/null +++ b/molecule/debian-bullseye/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint ../arillso.sudoers + flake8 +platforms: + - name: debian-bullseye + image: arillso/debian:bullseye + privileged: true + command: /lib/systemd/systemd + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro +provisioner: + name: ansible + playbooks: + converge: ../default/converge.yml + env: + ANSIBLE_ROLES_PATH: ../../ +verifier: + name: ansible diff --git a/molecule/debian-buster/molecule.yml b/molecule/debian-buster/molecule.yml new file mode 100644 index 0000000..193e8ad --- /dev/null +++ b/molecule/debian-buster/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint ../arillso.sudoers + flake8 +platforms: + - name: debian-buster + image: arillso/debian:buster + privileged: true + command: /lib/systemd/systemd + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro +provisioner: + name: ansible + playbooks: + converge: ../default/converge.yml + env: + ANSIBLE_ROLES_PATH: ../../ +verifier: + name: ansible diff --git a/molecule/debian-sid/molecule.yml b/molecule/debian-sid/molecule.yml new file mode 100644 index 0000000..2425aaf --- /dev/null +++ b/molecule/debian-sid/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint ../arillso.sudoers + flake8 +platforms: + - name: debian-sid + image: arillso/debian:sid + privileged: true + command: /lib/systemd/systemd + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro +provisioner: + name: ansible + playbooks: + converge: ../default/converge.yml + env: + ANSIBLE_ROLES_PATH: ../../ +verifier: + name: ansible diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..addde36 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,9 @@ +--- +- name: Converge + hosts: all + vars: + ansible_python_interpreter: auto_silent + tasks: + - name: 'Include arillso.sudoers' + include_role: + name: 'arillso.sudoers' diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index b3e9a03..d5f813f 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -3,27 +3,80 @@ dependency: name: galaxy driver: name: docker -lint: - name: yamllint - options: - config-file: molecule/default/lint/yaml-lint/yamllint.yml +lint: | + yamllint . + ansible-lint ../arillso.sudoers + flake8 platforms: - - name: instance - image: 'geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest' - command: ${MOLECULE_DOCKER_COMMAND:-""} + - name: alpine-3.11 + image: arillso/alpine:3.11 + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: alpine-3.12 + image: arillso/alpine:3.12 + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: centos-7 + image: arillso/centos:7 + privileged: true + command: /usr/sbin/init volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: centos-8 + image: arillso/centos:8 privileged: true - pre_build_image: true + command: /usr/sbin/init + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: debian-10 + image: arillso/debian:10 + privileged: true + command: /lib/systemd/systemd + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: debian-11 + image: arillso/debian:11 + privileged: true + command: /lib/systemd/systemd + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: debian-sid + image: arillso/debian:sid + privileged: true + command: /lib/systemd/systemd + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: ubuntu-bionic + image: arillso/ubuntu:bionic + privileged: true + command: /lib/systemd/systemd + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: ubuntu-focal + image: arillso/ubuntu:focal + privileged: true + command: /lib/systemd/systemd + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: ubuntu-xenial + image: arillso/ubuntu:xenial + privileged: true + command: /lib/systemd/systemd + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro provisioner: name: ansible lint: name: ansible-lint playbooks: - converge: ${MOLECULE_PLAYBOOK:-playbook.yml} + converge: ../default/converge.yml + env: + ANSIBLE_ROLES_PATH: ../../ scenario: name: default verifier: name: testinfra lint: - name: flake8 + name: ansible diff --git a/molecule/ubuntu-bionic/molecule.yml b/molecule/ubuntu-bionic/molecule.yml new file mode 100644 index 0000000..54e94bc --- /dev/null +++ b/molecule/ubuntu-bionic/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint ../arillso.sudoers + flake8 +platforms: + - name: ubuntu-bionic + image: arillso/ubuntu:bionic + privileged: true + command: /lib/systemd/systemd + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro +provisioner: + name: ansible + playbooks: + converge: ../default/converge.yml + env: + ANSIBLE_ROLES_PATH: ../../ +verifier: + name: ansible diff --git a/molecule/ubuntu-focal/molecule.yml b/molecule/ubuntu-focal/molecule.yml new file mode 100644 index 0000000..3f174c9 --- /dev/null +++ b/molecule/ubuntu-focal/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint ../arillso.sudoers + flake8 +platforms: + - name: ubuntu-focal + image: arillso/ubuntu:focal + privileged: true + command: /lib/systemd/systemd + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro +provisioner: + name: ansible + playbooks: + converge: ../default/converge.yml + env: + ANSIBLE_ROLES_PATH: ../../ +verifier: + name: ansible diff --git a/molecule/ubuntu-xenial/molecule.yml b/molecule/ubuntu-xenial/molecule.yml new file mode 100644 index 0000000..f65276c --- /dev/null +++ b/molecule/ubuntu-xenial/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint . + ansible-lint ../arillso.sudoers + flake8 +platforms: + - name: ubuntu-xenial + image: arillso/ubuntu:xenial + privileged: true + command: /lib/systemd/systemd + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro +provisioner: + name: ansible + playbooks: + converge: ../default/converge.yml + env: + ANSIBLE_ROLES_PATH: ../../ +verifier: + name: ansible From 226c5b4a01843e775e15a84b520de45e92660d93 Mon Sep 17 00:00:00 2001 From: Simon Baerlocher Date: Wed, 2 Dec 2020 22:00:55 +0100 Subject: [PATCH 05/10] add lint --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index fa3f437..21734b8 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,10 @@ # Ansible Role: sudoers -[![Build Status](https://img.shields.io/travis/arillso/ansible.sudoers.svg?branch=master&style=popout-square)](https://travis-ci.org/arillso/ansible.sudoers) [![license](https://img.shields.io/github/license/mashape/apistatus.svg?style=popout-square)](https://sbaerlo.ch/licence) [![Ansible Galaxy](https://img.shields.io/badge/ansible--galaxy-sudoers-blue.svg?style=popout-square)](https://galaxy.ansible.com/arillso/sudoers) [![Ansible Role](https://img.shields.io/ansible/role/d/21620.svg?style=popout-square)](https://galaxy.ansible.com/arillso/sudoers) + + +[![license](https://img.shields.io/github/license/mashape/apistatus.svg?style=flat-square&logo=Open%20Source%20Initiative)](LICENSE) [![Ansible Role](https://img.shields.io/ansible/role/21620?label=role%20name&style=flat-square&logo=ansible)](https://galaxy.ansible.com/arillso/sudoers) [![Ansible Role](https://img.shields.io/ansible/role/d/21620.svg?style=flat-square&logo=ansible)](https://galaxy.ansible.com/arillso/sudoers) [![Ansible Quality Score](https://img.shields.io/ansible/quality/21620?label=role%20quality&style=flat-square&logo=ansible)](https://galaxy.ansible.com/arillso/sudoers) [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/arillso/ansible.sudoers?style=flat-square&logo=github)](https://github.com/arillso/ansible.sudoers/releases) [![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/arillso/ansible.sudoers/Role%20Tests/master?label=integration%20tests&style=flat-square&logo=github)](https://github.com/arillso/ansible.sudoers/actions?query=workflow%3A%22Role+Tests%22) + + ## Description From 8858d686422633ef74d4fab013bcadbb15cd2107 Mon Sep 17 00:00:00 2001 From: Simon Baerlocher Date: Wed, 2 Dec 2020 22:02:56 +0100 Subject: [PATCH 06/10] fix testing --- .github/workflows/release.yml | 6 +++--- .github/workflows/tests.yml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f0e1adc..a5249de 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,19 +12,19 @@ jobs: defaults: run: - working-directory: arillso.hosts + working-directory: arillso.sudoers steps: - name: Checkout Code uses: actions/checkout@v2 with: - path: arillso.hosts + path: arillso.sudoers - name: Test Ansible with Molecule uses: arillso/action.molecule@0.0.1 with: command: test - working_directory: arillso.hosts + working_directory: arillso.sudoers publish: runs-on: ubuntu-latest diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index e3ca65e..d1128f5 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest defaults: run: - working-directory: arillso.hosts + working-directory: arillso.sudoers strategy: fail-fast: false max-parallel: 4 @@ -30,11 +30,11 @@ jobs: - name: Checkout Code uses: actions/checkout@v2 with: - path: arillso.hosts + path: arillso.sudoers - name: Test Ansible with Molecule uses: arillso/action.molecule@0.0.1 with: command: test - working_directory: arillso.hosts + working_directory: arillso.sudoers scenario: ${{ matrix.scenario }} From 548ae72224c339ecf5e4e981246bfd164ec0dcbf Mon Sep 17 00:00:00 2001 From: Simon Baerlocher Date: Wed, 2 Dec 2020 22:12:05 +0100 Subject: [PATCH 07/10] fix shields --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 21734b8..d2dbe3a 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ -[![license](https://img.shields.io/github/license/mashape/apistatus.svg?style=flat-square&logo=Open%20Source%20Initiative)](LICENSE) [![Ansible Role](https://img.shields.io/ansible/role/21620?label=role%20name&style=flat-square&logo=ansible)](https://galaxy.ansible.com/arillso/sudoers) [![Ansible Role](https://img.shields.io/ansible/role/d/21620.svg?style=flat-square&logo=ansible)](https://galaxy.ansible.com/arillso/sudoers) [![Ansible Quality Score](https://img.shields.io/ansible/quality/21620?label=role%20quality&style=flat-square&logo=ansible)](https://galaxy.ansible.com/arillso/sudoers) [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/arillso/ansible.sudoers?style=flat-square&logo=github)](https://github.com/arillso/ansible.sudoers/releases) [![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/arillso/ansible.sudoers/Role%20Tests/master?label=integration%20tests&style=flat-square&logo=github)](https://github.com/arillso/ansible.sudoers/actions?query=workflow%3A%22Role+Tests%22) +[![license](https://img.shields.io/github/license/mashape/apistatus.svg?style=flat-square&logo=Open%20Source%20Initiative)](LICENSE) [![Ansible Role](https://img.shields.io/ansible/role/21620?label=role%20name&style=flat-square&logo=ansible)](https://galaxy.ansible.com/arillso/sudoers) [![Ansible Role](https://img.shields.io/ansible/role/d/21620.svg?style=flat-square&logo=ansible)](https://galaxy.ansible.com/arillso/sudoers) [![Ansible Quality Score](https://img.shields.io/ansible/quality/21620?label=role%20quality&style=flat-square&logo=ansible)](https://galaxy.ansible.com/arillso/sudoers) [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/arillso/ansible.sudoers?style=flat-square&logo=github)](https://github.com/arillso/ansible.sudoers/releases) [![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/arillso/ansible.sudoers/Role%20Tests/main?label=integration%20tests&style=flat-square&logo=github)](https://github.com/arillso/ansible.sudoers/actions?query=workflow%3A%22Role+Tests%22) From d4270ea95786078962648be603d6620ff0fad97b Mon Sep 17 00:00:00 2001 From: Simon Baerlocher Date: Wed, 2 Dec 2020 23:19:17 +0100 Subject: [PATCH 08/10] add refact --- .github/CODEOWNERS | 1 + .github/auto_assign.yml | 20 ++++++++++++++++++ .github/settings.yml | 47 +++++++++++++++++++++++++++++++++++++++++ defaults/main.yml | 3 +++ tasks/main.yml | 21 +++++++++--------- vars/CentOS.yml | 6 ++++-- vars/Debian.yml | 4 +++- vars/Jessie.yml | 11 ---------- vars/Precise.yml | 12 ----------- vars/Trusty.yml | 13 ------------ vars/Ubuntu.yml | 4 +++- vars/Wheezy.yml | 11 ---------- vars/Xenial.yml | 13 ------------ vars/defaults.yml | 4 +++- vars/main.yml | 4 ---- 15 files changed, 95 insertions(+), 79 deletions(-) create mode 100644 .github/CODEOWNERS create mode 100644 .github/auto_assign.yml create mode 100644 .github/settings.yml delete mode 100644 vars/Jessie.yml delete mode 100644 vars/Precise.yml delete mode 100644 vars/Trusty.yml delete mode 100644 vars/Wheezy.yml delete mode 100644 vars/Xenial.yml delete mode 100644 vars/main.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..898d9a4 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @sbaerlocher diff --git a/.github/auto_assign.yml b/.github/auto_assign.yml new file mode 100644 index 0000000..200332e --- /dev/null +++ b/.github/auto_assign.yml @@ -0,0 +1,20 @@ +--- +# Set to true to add reviewers to pull requests +addReviewers: true + +# Set to true to add assignees to pull requests +addAssignees: true + +# A list of reviewers to be added to pull requests (GitHub user name) +reviewers: [] + +# A number of reviewers added to the pull request +# Set 0 to add all the reviewers (default: 0) +numberOfReviewers: 0 +# A list of assignees, overrides reviewers if set +assignees: + - sbaerlocher +# A number of assignees to add to the pull request +# Set to 0 to add all of the assignees. +# Uses numberOfReviewers if unset. +numberOfAssignees: 0 diff --git a/.github/settings.yml b/.github/settings.yml new file mode 100644 index 0000000..5885e95 --- /dev/null +++ b/.github/settings.yml @@ -0,0 +1,47 @@ +--- +repository: + # See https://developer.github.com/v3/repos/#edit for all available settings. + + # The name of the repository. Changing this will rename the repository + name: ansible.sudoers + + # A short description of the repository that will show up on GitHub + description: Manage sudoers and sudoers.d in Debian-like systems. + + # A comma-separated list of topics to set on the repository + topics: ansible, ansible-role, sudores + + # Either `true` to make the repository private, or `false` to make it public. + private: false + + # Either `true` to enable issues for this repository, `false` to disable them. + has_issues: true + + # Either `true` to enable the wiki for this repository, `false` to disable it. + has_wiki: false + + # Either `true` to enable downloads for this repository, `false` to disable them. + has_downloads: true + + # Updates the default branch for this repository. + default_branch: main + + # Either `true` to allow squash-merging pull requests, or `false` to prevent + # squash-merging. + allow_squash_merge: true + + # Either `true` to allow merging pull requests with a merge commit, or `false` + # to prevent merging pull requests with merge commits. + allow_merge_commit: true + + # Either `true` to allow rebase-merging pull requests, or `false` to prevent + # rebase-merging. + allow_rebase_merge: true + +branches: + - name: main + # https://developer.github.com/v3/repos/branches/#update-branch-protection + # Branch Protection settings. Set to null to disable + required_status_checks: + # Required. Require branches to be up to date before merging. + strict: true diff --git a/defaults/main.yml b/defaults/main.yml index a7a023a..f1cc874 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,9 @@ --- # defaults file for arillso.sudoers +sudoers_package: + - sudo + sudoers_sudoers: defaults: [] privileges: [] diff --git a/tasks/main.yml b/tasks/main.yml index 36d5e3f..9fa34e0 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -5,7 +5,7 @@ include_vars: '{{ loop_vars }}' with_first_found: - files: - - '{{ distribution }}-{{ distribution_verion }}.yml' + - '{{ distribution }}-{{ distribution_version }}.yml' - '{{ distribution }}-{{ distribution_major_version }}.yml' - '{{ distribution }}.yml' - '{{ ansible_os_family }}.yml' @@ -17,21 +17,22 @@ loop_var: loop_vars vars: distribution: '{{ ansible_distribution }}' - distribution_verion: '{{ ansible_distribution_version }}' + distribution_version: '{{ ansible_distribution_version }}' distribution_major_version: '{{ ansible_distribution_major_version }}' tags: - configuration - packages -- name: install package +- name: install sudores package become: true - package: - name: '{{ item }}' - with_items: '{{ sudoers_dependencies }}' + ansible.builtin.package: + name: '{{ sudoers_package }}' + tags: + - packages -- name: update specific configuration files +- name: configuration specific files become: true - template: + ansible.builtin.template: src: etc/sudoers.d/sudoers.j2 dest: '/etc/sudoers.d/{{ item.key }}' validate: 'visudo -cf %s' @@ -42,9 +43,9 @@ tags: - configuration -- name: update global configuration file +- name: configuration global files become: true - template: + ansible.builtin.template: src: etc/sudoers.j2 dest: /etc/sudoers validate: 'visudo -cf %s' diff --git a/vars/CentOS.yml b/vars/CentOS.yml index 48c370b..1c76454 100644 --- a/vars/CentOS.yml +++ b/vars/CentOS.yml @@ -1,9 +1,10 @@ -# vars file for arillso.sudoers --- +# vars file for arillso.sudoers + sudoers_sudoers_preset_defaults: - env_reset - 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' - - "!visiblepw" + - '!visiblepw' - always_set_home - match_group_by_gid - env_reset @@ -12,6 +13,7 @@ sudoers_sudoers_preset_defaults: - 'env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"' - 'env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"' - 'env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"' + sudoers_sudoers_preset_privileges: - name: root entry: 'ALL=(ALL) ALL' diff --git a/vars/Debian.yml b/vars/Debian.yml index 156488a..26aec2c 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,9 +1,11 @@ -# vars file for arillso.sudoers --- +# vars file for arillso.sudoers + sudoers_sudoers_preset_defaults: - env_reset - mail_badpass - 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' + sudoers_sudoers_preset_privileges: - name: root entry: 'ALL=(ALL:ALL) ALL' diff --git a/vars/Jessie.yml b/vars/Jessie.yml deleted file mode 100644 index 156488a..0000000 --- a/vars/Jessie.yml +++ /dev/null @@ -1,11 +0,0 @@ -# vars file for arillso.sudoers ---- -sudoers_sudoers_preset_defaults: - - env_reset - - mail_badpass - - 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' -sudoers_sudoers_preset_privileges: - - name: root - entry: 'ALL=(ALL:ALL) ALL' - - name: '%sudo' - entry: 'ALL=NOPASSWD: ALL' diff --git a/vars/Precise.yml b/vars/Precise.yml deleted file mode 100644 index 4dfc0a3..0000000 --- a/vars/Precise.yml +++ /dev/null @@ -1,12 +0,0 @@ -# vars file for arillso.sudoers ---- -sudoers_sudoers_preset_defaults: - - env_reset - - 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' -sudoers_sudoers_preset_privileges: - - name: root - entry: 'ALL=(ALL:ALL) ALL' - - name: '%admin' - entry: 'ALL=(ALL) ALL' - - name: '%sudo' - entry: 'ALL=NOPASSWD: ALL' diff --git a/vars/Trusty.yml b/vars/Trusty.yml deleted file mode 100644 index ee8f8f3..0000000 --- a/vars/Trusty.yml +++ /dev/null @@ -1,13 +0,0 @@ -# vars file for arillso.sudoers ---- -sudoers_sudoers_preset_defaults: - - env_reset - - mail_badpass - - 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"' -sudoers_sudoers_preset_privileges: - - name: root - entry: 'ALL=(ALL:ALL) ALL' - - name: '%admin' - entry: 'ALL=(ALL) ALL' - - name: '%sudo' - entry: 'ALL=NOPASSWD: ALL' diff --git a/vars/Ubuntu.yml b/vars/Ubuntu.yml index 4dfc0a3..3345cd0 100644 --- a/vars/Ubuntu.yml +++ b/vars/Ubuntu.yml @@ -1,8 +1,10 @@ -# vars file for arillso.sudoers --- +# vars file for arillso.sudoers + sudoers_sudoers_preset_defaults: - env_reset - 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' + sudoers_sudoers_preset_privileges: - name: root entry: 'ALL=(ALL:ALL) ALL' diff --git a/vars/Wheezy.yml b/vars/Wheezy.yml deleted file mode 100644 index 156488a..0000000 --- a/vars/Wheezy.yml +++ /dev/null @@ -1,11 +0,0 @@ -# vars file for arillso.sudoers ---- -sudoers_sudoers_preset_defaults: - - env_reset - - mail_badpass - - 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' -sudoers_sudoers_preset_privileges: - - name: root - entry: 'ALL=(ALL:ALL) ALL' - - name: '%sudo' - entry: 'ALL=NOPASSWD: ALL' diff --git a/vars/Xenial.yml b/vars/Xenial.yml deleted file mode 100644 index ee8f8f3..0000000 --- a/vars/Xenial.yml +++ /dev/null @@ -1,13 +0,0 @@ -# vars file for arillso.sudoers ---- -sudoers_sudoers_preset_defaults: - - env_reset - - mail_badpass - - 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"' -sudoers_sudoers_preset_privileges: - - name: root - entry: 'ALL=(ALL:ALL) ALL' - - name: '%admin' - entry: 'ALL=(ALL) ALL' - - name: '%sudo' - entry: 'ALL=NOPASSWD: ALL' diff --git a/vars/defaults.yml b/vars/defaults.yml index 156488a..26aec2c 100644 --- a/vars/defaults.yml +++ b/vars/defaults.yml @@ -1,9 +1,11 @@ -# vars file for arillso.sudoers --- +# vars file for arillso.sudoers + sudoers_sudoers_preset_defaults: - env_reset - mail_badpass - 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' + sudoers_sudoers_preset_privileges: - name: root entry: 'ALL=(ALL:ALL) ALL' diff --git a/vars/main.yml b/vars/main.yml deleted file mode 100644 index 00e5d1c..0000000 --- a/vars/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -# vars file for arillso.sudoers ---- -sudoers_dependencies: - - sudo From 4bcc321d3364afa6273a421039dc307cbffd1f41 Mon Sep 17 00:00:00 2001 From: Simon Baerlocher Date: Thu, 3 Dec 2020 23:54:51 +0100 Subject: [PATCH 09/10] update doku --- README.md | 257 ++++++++++++++++++++++++++++++---------------- defaults/main.yml | 17 ++- tasks/main.yml | 2 +- 3 files changed, 179 insertions(+), 97 deletions(-) diff --git a/README.md b/README.md index d2dbe3a..71f7df9 100644 --- a/README.md +++ b/README.md @@ -22,107 +22,182 @@ None ## Role Variables -| Variable | Default | Comments (type) | -| :-------------------------------------------------- | :---------------------- | :------------------------------------------------------------ | -| `sudoers_sudoers` | `/etc/sudoers` | file declarations | -| `sudoers_sudoers.defaults` | see `defaults/main.yml` | Default configuration options | -| `sudoers_sudoers.host_aliases` | `[]` | A list of aliases of type `Host_Alias` | -| `sudoers_sudoers.host_aliases.name`: | | Name of the alias | -| `sudoers_sudoers.host_aliases.members` | | Member(s) of the alias | -| `sudoers_sudoers.user_aliases` | `[]` | A list of aliases of type `User_Alias` | -| `sudoers_sudoers.user_aliases.name` | | Name of the alias | -| `sudoers_sudoers.user_aliases.members` | | Member(s) of the alias | -| `sudoers_sudoers.cmnd_aliases` | `[]` | A list of aliases of type `Cmnd_Alias` | -| `sudoers_sudoers.cmnd_aliases.name` | | Name of the alias | -| `sudoers_sudoers.cmnd_aliases.members` | | Member(s) of the alias | -| `sudoers_sudoers.runas_aliases` | `[]` | A list of aliases of type `Runas_Alias` | -| `sudoers_sudoers.runas_aliases.name` | | Name of the alias | -| `sudoers_sudoers.runas_aliases.members` | | Member(s) of the alias | -| `sudoers_sudoers.privileges` | see `defaults/main.yml` | List of privileges | -| `sudoers_sudoers.privileges.name` | | Name of user or group (group should be prefixed with '%') | -| `sudoers_sudoers.privileges.entry` | | A privilege entry | -| `sudoers_sudoers_d_files` | `{}` | `/etc/sudoers.d/*` file(s) declarations | -| `sudoers_sudoers_d_files.key` | | The name of the sudoers configuration file (e.g `vagrant`) | -| `sudoers_sudoers_d_files.key.defaults` | `[]` | Default configuration options | -| `sudoers_sudoers_d_files.key.host_aliases` | `[]` | A list of aliases of type `Host_Alias` | -| `sudoers_sudoers_d_files.key.host_aliases.name` | | Name of the alias | -| `sudoers_sudoers_d_files.key.host_aliases.members` | | Member(s) of the alias | -| `sudoers_sudoers_d_files.key.user_aliases` | `[]` | A list of aliases of type `User_Alias` | -| `sudoers_sudoers_d_files.key.user_aliases.name` | | Name of the alias | -| `sudoers_sudoers_d_files.key.user_aliases.members` | | Member(s) of the alias | -| `sudoers_sudoers_d_files.key.cmnd_aliases` | `[]` | A list of aliases of type `Cmnd_Alias` | -| `sudoers_sudoers_d_files.key.cmnd_aliases.name` | | Name of the alias | -| `sudoers_sudoers_d_files.key.cmnd_aliases.members` | | Member(s) of the alias | -| `sudoers_sudoers_d_files.key.runas_aliases` | `[]` | A list of aliases of type `Runas_Alias` | -| `sudoers_sudoers_d_files.key.runas_aliases.name` | | Name of the alias | -| `sudoers_sudoers_d_files.key.runas_aliases.members` | | Member(s) of the alias | -| `sudoers_sudoers_d_files.key.privileges` | `[]` | List of privileges | -| `sudoers_sudoers_d_files.key.privileges.name` | | Name of user or group (group should be prefixed with '%') | -| `sudoers_sudoers_d_files.key.privileges.entry` | | A privilege entry | -| `sudoers_use_os_defaults` | `True` | Includes default rules that ship with target distro (boolean) | +### sudoers_package -## Dependencies +Name of package -None +```yml +sudoers_package: sudo +``` -## Example Playbook +### sudoers_sudoers -```yaml ---- -- hosts: all - roles: - - arillso.sudoers +sudores file declarations + +```yml +sudoers_sudoers_file: '/etc/sudoers' +``` + +### sudoers_use_os_defaults + +Includes default rules that ship with target distro (boolean) + +```yml +sudoers_use_os_defaults: true ``` -### Complex configuration +### sudoers_sudoers + +Default configuration options + +#### sudoers_sudoers.defaults + +default configuration options + +```yml +sudoers_sudoers: + defaults: [] +``` + +#### sudoers_sudoers.host_aliases + +A list of aliases of type `Host_Alias` + +| Variable | Default | Comments (type) | +| :------------------------------------- | :------ | :--------------------- | +| `sudoers_sudoers.host_aliases.name`: | | Name of the alias | +| `sudoers_sudoers.host_aliases.members` | | Member(s) of the alias | + +#### `sudoers_sudoers.user_aliases` + +A list of aliases of type `User_Alias` + +| Variable | Default | Comments (type) | +| :------------------------------------- | :------ | :--------------------- | +| `sudoers_sudoers.user_aliases.name` | | Name of the alias | +| `sudoers_sudoers.user_aliases.members` | | Member(s) of the alias | + +#### sudoers_sudoers.cmnd_aliases + +A list of aliases of type `Cmnd_Alias` + +| Variable | Default | Comments (type) | +| :------------------------------------- | :------ | :--------------------- | +| `sudoers_sudoers.cmnd_aliases.name` | | Name of the alias | +| `sudoers_sudoers.cmnd_aliases.members` | | Member(s) of the alias | + +#### sudoers_sudoers.runas_aliases + +A list of aliases of type `Runas_Alias` + +| Variable | Default | Comments (type) | +| :-------------------------------------- | :------ | :--------------------- | +| `sudoers_sudoers.runas_aliases.name` | | Name of the alias | +| `sudoers_sudoers.runas_aliases.members` | | Member(s) of the alias | + +#### sudoers_sudoers.privileges` + +List of privileges + +| Variable | Default | Comments (type) | +| :--------------------------------- | :------ | :-------------------------------------------------------- | +| `sudoers_sudoers.privileges.name` | | Name of user or group (group should be prefixed with '%') | +| `sudoers_sudoers.privileges.entry` | | A privilege entry | + +### Example + +```yml +sudoers_sudoers: + defaults: + - env_reset + - exempt_group=sudo + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_aliases: + - name: CUNETS + members: 128.138.0.0/255.255.0.0 + - name: SERVERS + members: master, mail, www, ns + user_aliases: + - name: FULLTIMERS + members: millert, mikef, dowdy + - name: PARTTIMERS + members: bostley, jwfox, crawl + cmnd_aliases: + - name: KILL + members: /usr/bin/kill + - name: HALT + members: /usr/sbin/halt + privileges: + - name: root + entry: 'ALL=(ALL:ALL) ALL' + - name: '%admin' + entry: 'ALL=(ALL) ALL' + - name: '%sudo' + entry: 'ALL=NOPASSWD:ALL' +``` + +### sudoers_sudoers_d_files + +`/etc/sudoers.d/*` file(s) declarations + +### sudoers_sudoers_d_files.key + +The name of the sudoers configuration file (e.g `vagrant`) + +```yml +sudoers_sudoers_d_files: + key: +``` + +| Variable | Default | Comments (type) | +| :-------------------------------------------------- | :------ | :-------------------------------------------------------- | +| `sudoers_sudoers_d_files.key.defaults` | `[]` | Default configuration options | +| `sudoers_sudoers_d_files.key.host_aliases` | `[]` | A list of aliases of type `Host_Alias` | +| `sudoers_sudoers_d_files.key.host_aliases.name` | | Name of the alias | +| `sudoers_sudoers_d_files.key.host_aliases.members` | | Member(s) of the alias | +| `sudoers_sudoers_d_files.key.user_aliases` | `[]` | A list of aliases of type `User_Alias` | +| `sudoers_sudoers_d_files.key.user_aliases.name` | | Name of the alias | +| `sudoers_sudoers_d_files.key.user_aliases.members` | | Member(s) of the alias | +| `sudoers_sudoers_d_files.key.cmnd_aliases` | `[]` | A list of aliases of type `Cmnd_Alias` | +| `sudoers_sudoers_d_files.key.cmnd_aliases.name` | | Name of the alias | +| `sudoers_sudoers_d_files.key.cmnd_aliases.members` | | Member(s) of the alias | +| `sudoers_sudoers_d_files.key.runas_aliases` | `[]` | A list of aliases of type `Runas_Alias` | +| `sudoers_sudoers_d_files.key.runas_aliases.name` | | Name of the alias | +| `sudoers_sudoers_d_files.key.runas_aliases.members` | | Member(s) of the alias | +| `sudoers_sudoers_d_files.key.privileges` | `[]` | List of privileges | +| `sudoers_sudoers_d_files.key.privileges.name` | | Name of user or group (group should be prefixed with '%') | +| `sudoers_sudoers_d_files.key.privileges.entry` | | A privilege entry | + +### Example + +```yml +sudoers_sudoers_d_files: + test: + defaults: + - env_reset + - exempt_group=sudo + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + host_aliases: + - name: WORKSTATIONS + members: 128.138.0.0/255.255.0.0 + privileges: + - name: test + entry: 'ALL=(ALL:ALL) ALL' +``` + +## Dependencies + +None + +## Example Playbook ```yaml --- - hosts: all roles: - arillso.sudoers - vars: - sudoers_sudoers: - defaults: - - env_reset - - exempt_group=sudo - - mail_badpass - - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - host_aliases: - - name: CUNETS - members: 128.138.0.0/255.255.0.0 - - name: SERVERS - members: master, mail, www, ns - user_aliases: - - name: FULLTIMERS - members: millert, mikef, dowdy - - name: PARTTIMERS - members: bostley, jwfox, crawl - cmnd_aliases: - - name: KILL - members: /usr/bin/kill - - name: HALT - members: /usr/sbin/halt - privileges: - - name: root - entry: 'ALL=(ALL:ALL) ALL' - - name: '%admin' - entry: 'ALL=(ALL) ALL' - - name: '%sudo' - entry: 'ALL=NOPASSWD:ALL' - sudoers_sudoers_d_files: - test: - defaults: - - env_reset - - exempt_group=sudo - - mail_badpass - - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - host_aliases: - - name: WORKSTATIONS - members: 128.138.0.0/255.255.0.0 - privileges: - - name: test - entry: 'ALL=(ALL:ALL) ALL' ``` ## Author @@ -133,8 +208,8 @@ None ## License -This project is under the MIT License. See the [LICENSE](https://sbaerlo.ch/licence) file for the full license text. +This project is under the MIT License. See the [LICENSE](licence) file for the full license text. ## Copyright -(c) 2019, Arillso +(c) 2020, Arillso diff --git a/defaults/main.yml b/defaults/main.yml index f1cc874..d4b1fa1 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,17 +1,24 @@ --- # defaults file for arillso.sudoers -sudoers_package: - - sudo +# Name of package +sudoers_package: sudo +# sudores file declarations +sudoers_sudoers_file: '/etc/sudoers' + +# Includes default rules that ship with target distro (boolean) +sudoers_use_os_defaults: true + +# Default configuration options sudoers_sudoers: defaults: [] privileges: [] -sudoers_use_os_defaults: true +# `/etc/sudoers.d/*` file(s) declarations +sudoers_sudoers_d_files: {} +# helper info sudoers_os_defaults: defaults: '{{ sudoers_sudoers_preset_defaults }}' privileges: '{{ sudoers_sudoers_preset_privileges }}' - -sudoers_sudoers_d_files: {} diff --git a/tasks/main.yml b/tasks/main.yml index 9fa34e0..b0f26c6 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -47,7 +47,7 @@ become: true ansible.builtin.template: src: etc/sudoers.j2 - dest: /etc/sudoers + dest: '{{ sudoers_sudoers_file }}' validate: 'visudo -cf %s' owner: root group: root From fc95b0330dd864c39db3aa0b79ba556904e58392 Mon Sep 17 00:00:00 2001 From: Simon Baerlocher Date: Fri, 4 Dec 2020 00:12:39 +0100 Subject: [PATCH 10/10] remove default colume --- README.md | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 71f7df9..71d61e9 100644 --- a/README.md +++ b/README.md @@ -63,46 +63,46 @@ sudoers_sudoers: A list of aliases of type `Host_Alias` -| Variable | Default | Comments (type) | -| :------------------------------------- | :------ | :--------------------- | -| `sudoers_sudoers.host_aliases.name`: | | Name of the alias | -| `sudoers_sudoers.host_aliases.members` | | Member(s) of the alias | +| Variable | Comments (type) | +| :------------------------------------- | :--------------------- | +| `sudoers_sudoers.host_aliases.name`: | Name of the alias | +| `sudoers_sudoers.host_aliases.members` | Member(s) of the alias | #### `sudoers_sudoers.user_aliases` A list of aliases of type `User_Alias` -| Variable | Default | Comments (type) | -| :------------------------------------- | :------ | :--------------------- | -| `sudoers_sudoers.user_aliases.name` | | Name of the alias | -| `sudoers_sudoers.user_aliases.members` | | Member(s) of the alias | +| Variable | Comments (type) | +| :------------------------------------- | :--------------------- | +| `sudoers_sudoers.user_aliases.name` | Name of the alias | +| `sudoers_sudoers.user_aliases.members` | Member(s) of the alias | #### sudoers_sudoers.cmnd_aliases A list of aliases of type `Cmnd_Alias` -| Variable | Default | Comments (type) | -| :------------------------------------- | :------ | :--------------------- | -| `sudoers_sudoers.cmnd_aliases.name` | | Name of the alias | -| `sudoers_sudoers.cmnd_aliases.members` | | Member(s) of the alias | +| Variable | Comments (type) | +| :------------------------------------- | :--------------------- | +| `sudoers_sudoers.cmnd_aliases.name` | Name of the alias | +| `sudoers_sudoers.cmnd_aliases.members` | Member(s) of the alias | #### sudoers_sudoers.runas_aliases A list of aliases of type `Runas_Alias` -| Variable | Default | Comments (type) | -| :-------------------------------------- | :------ | :--------------------- | -| `sudoers_sudoers.runas_aliases.name` | | Name of the alias | -| `sudoers_sudoers.runas_aliases.members` | | Member(s) of the alias | +| Variable | Comments (type) | +| :-------------------------------------- | :--------------------- | +| `sudoers_sudoers.runas_aliases.name` | Name of the alias | +| `sudoers_sudoers.runas_aliases.members` | Member(s) of the alias | #### sudoers_sudoers.privileges` List of privileges -| Variable | Default | Comments (type) | -| :--------------------------------- | :------ | :-------------------------------------------------------- | -| `sudoers_sudoers.privileges.name` | | Name of user or group (group should be prefixed with '%') | -| `sudoers_sudoers.privileges.entry` | | A privilege entry | +| Variable | Comments (type) | +| :--------------------------------- | :-------------------------------------------------------- | +| `sudoers_sudoers.privileges.name` | Name of user or group (group should be prefixed with '%') | +| `sudoers_sudoers.privileges.entry` | A privilege entry | ### Example