From 7d742e3aa00f4a486ebe557ed5ada7ca077442c3 Mon Sep 17 00:00:00 2001 From: Peter Souter Date: Thu, 21 Apr 2016 00:15:15 +0100 Subject: [PATCH] Allow setting validate_cmd command as a parameter * Allows better debugging: ``` validate_command = '/bin/cat % && /usr/sbin/visudo -c -f %` ``` ``` Error: Execution of '/bin/cat /etc/sudoers.d/FAIL20160420-3555-17pxezk && /usr/sbin/visudo -c -f /etc/sudoers.d/FAIL20160420-3555-17pxezk' returned 1: # Managed by Puppet! Do not edit locally. # # This should fail Host_Alias FAIL_HOSTS = ALL Runas_Alias FAIL_RUNAS = root Cmnd_Alias FAIL_CMNDS = ALL % FAIL_HOSTS = (FAIL_RUNAS) NOPASSWD: FAIL_CMNDS visudo: >>> /etc/sudoers.d/FAIL20160420-3555-17pxezk: syntax error near line 12 <<< parse error in /etc/sudoers.d/FAIL20160420-3555-17pxezk near line 12 Error: /Stage[main]/Main/Sudo::Sudoers[FAIL]/File[/etc/sudoers.d/FAIL]/ensure: change from absent to file failed: Execution of '/bin/cat /etc/sudoers.d/FAIL20160420-3555-17pxezk && /usr/sbin/visudo -c -f /etc/sudoers.d/FAIL20160420-3555-17pxezk' returned 1: # Managed by Puppet! Do not edit locally. ``` --- manifests/sudoers.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/manifests/sudoers.pp b/manifests/sudoers.pp index 8dddab8..f459b63 100644 --- a/manifests/sudoers.pp +++ b/manifests/sudoers.pp @@ -68,6 +68,7 @@ $runas = ['root'], $tags = [], $defaults = [], + $validate_command = '/usr/sbin/visudo -c -f %' ) { # filename as per the manual or aliases as per the sudoer spec must not @@ -92,10 +93,10 @@ mode => '0440', } if versioncmp($::puppetversion, '3.5') >= 0 { - File[$sudoers_user_file] { validate_cmd => '/usr/sbin/visudo -c -f %' } + File[$sudoers_user_file] { validate_cmd => $validate_command } } else { - validate_cmd(template('sudo/sudoers.erb'), '/usr/sbin/visudo -c -f', 'Visudo failed to validate sudoers content') + validate_cmd(template('sudo/sudoers.erb'), $validate_command, 'Visudo failed to validate sudoers content') } } else {