Managing sudoers files with exisiting entries

[Jones, Stephen (MAS)]

All,

I'm trying to integrate cfengine3 into an environment that is already heavily 
configured. I'm currently working on a solution for the sudoers file which 
appears to be slightly different on about every host I've looked at!

The solution I've come up with is to create a location in the existing file and 
then append my changes to this region. Could I have any suggestions on the code 
to make it possibly simpler or more efficient? I want to retain the ability to 
remove entries should I need to hence the delete section. I am having issues 
with the regex on the delete so I've put in an slist for entries I want 
removed. It would also be nice to insert a blank line between each section but 
I've been unable to work out how to do that as insert lines will always match a 
blank line???

Many thanks
Stephen

# cat managed_sudoers.cf
body common control {
   bundlesequence  => {
                    manage_sudoers_file,
                   };

   inputs          => {
                   "cfengine_stdlib.cf",
                   };
   version         => "0.01";
}

bundle agent manage_sudoers_file {

vars:

  "cfengine_managed_header" string => "#----------------------------------#
#-----CFENGINE_MANAGED_ENTRIES-----#

#-----------------------------------#";

files:

  any::

      "/etc/sudoers"

          edit_line => 
append_if_no_lines("$(manage_sudoers_file.cfengine_managed_header)");

methods:

  "any" usebundle => manage_sudoers_content,

}

bundle agent manage_sudoers_content {


files:

  any::

      "/etc/sudoers"

          comment       => "Add lines to the sudoers configuration",
          create        => "true",
          edit_line     => sudoers,
          edit_defaults => std_defs;

}

##########################################################################

bundle edit_line sudoers {

vars:

   "sudo_entries[user_alias_test_sysadmin]" string => "User_Alias 
TEST_SYSADMIN=testuser1,testuser2,testuser3";
   "sudo_entries[user_privs_test_sysadmin]" string => "TEST_SYSADMIN ALL= 
NOPASSWD:  ALL";

   "sudo_entry_name" slist => getindices("sudo_entries");
   "sudo_removable_entries" slist => { "User_Alias", "TEST" };

      insert_lines:

        "$(sudo_entries[$(sudo_entry_name)])",

            select_region => cfengine_sudoers_region;

      delete_lines:

        "$(sudo_removable_entries).*",

            select_region => cfengine_sudoers_region;

}

##########################################################################

body select_region cfengine_sudoers_region {

   select_start => "^#-----CFENGINE_MANAGED_ENTRIES-----#$";
   select_end   => "^#-----------------------------------#$";
}

##########################################################################

Sudoers file after:-

#----------------------------------#
#-----CFENGINE_MANAGED_ENTRIES-----#
User_Alias TEST_SYSADMIN= testuser1,testuser2,testuser3
TEST_SYSADMIN ALL= NOPASSWD:  ALL
#-----------------------------------#


_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine