Re: [Puppet-dev] sudoers type/provider

Wed, 17 Mar 2010 17:40:19 -0700 

On Mar 17, 2010, at 1:51 AM, David Schmitt wrote:


On 3/17/2010 5:25 AM, Dan Bode wrote:

Hi All,
I have been working on a type/provider for sudoers and would appreciate 
any feedback.

It can be found at:

http://github.com/bodepd/puppet-sudo

There are some slight limitations documented in the README.

Plenty of examples in the tests directory to get people started.

It's a pretty interesting example of how to push the boundaries of
parsedfile.

I anxiously await your criticisms :)




uuuh, shiny :-)
* It'd probably be nice to build the default file from resources in an optional class instead of shipping a default that has to be overridden and cannot be cleaned by the type (it has continuation lines).
* Overloading the type with the three different types of records confuses me. Perhaps defines for each of the three types could improve the situation?
* I'm sure you could improve on the design of the "Puppet NAMEVAR" stuff on users entries. I guess the problem there is that the "meat" of the sudoers file are (user, command) tuples which can be either specified from the command side (by a module) or the user side (by the site configuration). What about the following structure: 

| # site configuration
| sudo_user_alias { 'sw_managers': users => [ 'dan', 'dave' ]; }
|
| # rpm module
| sudo_cmd_alias { 'SOFTWARE': commands => [ '/bin/rpm', ... ]; }
| sudo_permission { 'SOFTWARE': users => [ 'sw_managers' ]; }
Note that this is essentially not possible using the existing parsedfile base class, which is what Dan built this on.
Dan knew there were quite a few limitations in this version, but we figured we'd ship with this and see how it went, and only if necessary build a new back-end for it. 

I agree with your basic point, though.

--
Men never do evil so completely and cheerfully as when they do it from a
religious conviction. --Blaise Pascal
---------------------------------------------------------------------
Luke Kanies  -|-   http://reductivelabs.com   -|-   +1(615)594-8199

--
You received this message because you are subscribed to the Google Groups "Puppet 
Developers" group.
To post to this group, send email to puppet-...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-dev+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-dev?hl=en.

Reply via email to