Re: [Puppet-dev] sudoers type/provider

[David Schmitt]

Hi Dan, Trevor, *

On 3/25/2010 11:16 AM, Trevor Vaughan wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Inline...

On 03/25/2010 04:09 AM, Dan Bode wrote:
<snip/>

I can also imagine use cases where this would be too limiting. If two
classes wanted to specify the same Cmnd_Alias for two different users
sets (is this use case perhaps less valid that I think it is?).

I don't think this is a problem. Each Cmnd_Alias should be unique. It's
just an arbitrary string, so people shouldn't have a problem adding some
other arbitrary string to the end to make it unique.

+1. We can manage .d directories without clashing, we will manage this too.

I am not sure if I want to create limitations on how sudoers files can
be created. I think I would rather allow for flexibility and just accept
that NAMEVAR is only an id for each line.

I wouldn't do this. It adds confusion. On a slightly related note, you
may want to add a 'comment' field for people to add comments to the
sudoers file that would be added before the item that you are referencing.

See it more as structuring the sudoers file, instead of limiting its 
flexibility. I'm sure there'll be people wanting to do things 
differently (see the deluge of hash/loop requests for the puppet 
language), but I think it'd be better to have a simple solution for the 
simple problems and use an ERB template for the hard cases instead of 
forcing a complicated solution on everyone.

Should it fail if a resource Sudo_cmd_alias[$name] does not exist?

It depends. If you're being authoritative about the entire file then yes
it should. If not, then it should not since you could be referencing
something that someone added by hand and that would be completely valid.

I would prefer this type to be completely authoritative, but that just
my $0.02.

The type can (and should) support purging and autorequire.


On a related note: how does the sudo lens for augeas solve these 
uniqueness and consistency issues?


Best Regards, David
--
dasz.at OG              Tel: +43 (0)664 2602670     Web: http://dasz.at
Klosterneuburg                                         UID: ATU64260999

       FB-Nr.: FN 309285 g          FB-Gericht: LG Korneuburg

--
You received this message because you are subscribed to the Google Groups "Puppet 
Developers" group.
To post to this group, send email to puppet-...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-dev+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-dev?hl=en.