REFERENCE.md

Reference

Table of Contents

Classes

Public Classes

• sudo: This module manages sudo
• sudo::allow: Creates a file in sudoers.d that permits specific users and groups to sudo.

Private Classes

• sudo::package: Installs the sudo package on various platforms.
• sudo::package::aix: Install the perzl.org sudo package. It also requires the openldap rpm. so we add a dependencies to the ldap module.
• sudo::package::solaris: install sudo under solaris 10/11.
• sudo::params: Params class for the sudo module

Defined types

• sudo::conf: Manages sudo configuration snippets

Classes

sudo

This module manages sudo

Examples

class { 'sudo': }

Parameters

The following parameters are available in the sudo class:

• enable
• package
• package_ldap
• package_ensure
• package_source
• package_provider
• package_admin_file
• purge
• purge_ignore
• suffix
• prefix
• config_file
• config_file_replace
• config_file_mode
• config_dir
• config_dir_mode
• extra_include_dirs
• content
• content_template
• content_string
• secure_path
• ldap_enable
• config_dir_keepme
• use_sudoreplay
• wheel_config
• sudoreplay_discard
• configs

enable

Data type: Boolean

Ensure if present or absent.

Default value: true

package

Data type: Optional[String[1]]

Name of the package. Only set this, if your platform is not supported or you know, what you're doing.

Default value: $sudo::params::package

package_ldap

Data type: Optional[String[1]]

Name of the package with ldap support, if ldap_enable is set.

Default value: $sudo::params::package_ldap

package_ensure

Data type: String[1]

Allows you to ensure a particular version of a package

Default value: $sudo::params::package_ensure

package_source

Data type: Optional[String[1]]

Where to find the package. Only set this on AIX (required) and Solaris (required), if your platform is not supported or you know, what you're doing.

Default value: $sudo::params::package_source

package_provider

Data type: Optional[String[1]]

Allows you to set a package provider.

Default value: $sudo::params::package_provider

package_admin_file

Data type: Optional[String[1]]

Where to find a Solaris 10 package admin file for an unattended installation. We do not supply a default file, so this has to be staged separately and is required on Solaris 10.

Default value: $sudo::params::package_admin_file

purge

Data type: Boolean

Whether or not to purge sudoers.d directory

Default value: true

purge_ignore

Data type: Optional[Variant[String[1], Array[String[1]]]]

Files to exclude from purging in sudoers.d directory

Default value: undef

suffix

Data type: Optional[String[1]]

Adds a custom suffix to all files created in sudoers.d directory.

Default value: undef

prefix

Data type: Optional[Pattern[/^[^.]+$/]]

Adds a custom prefix to all files created in sudoers.d directory.

Default value: undef

config_file

Data type: String[1]

Main configuration file. Only set this, if your platform is not supported or you know, what you're doing.

Default value: $sudo::params::config_file

config_file_replace

Data type: Boolean

Wether or not the config file should be replaced.

Default value: true

config_file_mode

Data type: String[1]

The mode to set on the config file.

Default value: $sudo::params::config_file_mode

config_dir

Data type: String[1]

Main directory containing sudo snippets, imported via includedir stanza in sudoers file

Default value: $sudo::params::config_dir

config_dir_mode

Data type: String[1]

The mode to set for the config directory.

Default value: $sudo::params::config_dir_mode

extra_include_dirs

Data type: Optional[Array[String[1]]]

Array of additional directories containing sudo snippets

Default value: undef

content

Data type: Optional[String[1]]

Alternate content template file location Deprecated, use content_template instead.

Default value: undef

content_template

Data type: Optional[String[1]]

Alternate content template file location Only set this, if your platform is not supported or you know, what you're doing. Note: some parameters won't work, if default template isn't used

Default value: undef

content_string

Data type: Optional[String[1]]

Alternate config file content string Note: some parameters won't work, if default template isn't used

Default value: undef

secure_path

Data type: Optional[String[1]]

The secure_path variable in sudoers.

Default value: $sudo::params::secure_path

ldap_enable

Data type: Boolean

Enable ldap support on the package

Default value: false

config_dir_keepme

Data type: Boolean

Add a .keep-me file to the config dir

Default value: $sudo::params::config_dir_keepme

use_sudoreplay

Data type: Boolean

Boolean to enable the usage of sudoreplay.

Default value: false

wheel_config

Data type: Enum['absent','password','nopassword']

How to configure the wheel group in /etc/sudoers Options are either not to configure it it, configure it prompting for password, or configuring it without password prompt.

Default value: $sudo::params::wheel_config

sudoreplay_discard

Data type: Optional[Array[String[1]]]

Array of additional command to discard in sudo log.

Default value: undef

configs

Data type: Hash

A hash of sudo::conf's

Default value: {}

sudo::allow

This class allows you to take complete advantage of automatic parameter lookup using a Hiera database. Providing a singleton class that accepts arrays in the parameters makes it possible to implement specific user or group configuration in Hiera, whereas the use of defined types is normally restricted to Puppet manifests.

Furthermore, having separate parameters for "add" and "replace" modes allows you to take full advantage of inheritance in the Hiera database while still allowing for exceptions if required.

Examples

class { 'sudo::allow':
  add_users  => ['jsmith'],
  add_groups => ['wheel'],
}

Parameters

The following parameters are available in the sudo::allow class:

• add_users
• add_groups
• replace_users
• replace_groups

add_users

Data type: Array

Define the set of users with sudo privileges by getting all values in the hierarchy for this key, then flattening them into a single array of unique values.

Default value: []

add_groups

Data type: Array

Define the set of groups with sudo privileges by getting all values in the hierarchy for this key, then flattening them into a single array of unique values.

Default value: []

replace_users

Data type: Optional[Array]

Override any values specified in add_users. If you specify this value in your manifest or Hiera database, the contents of "add_users" will be ignored. With Hiera, a standard priority lookup is used. Note that if replace_users is specified at ANY level of the hierarchy, then add_users is ignored at EVERY level of the hierarchy.

Default value: undef

replace_groups

Data type: Optional[Array]

Override any values specified in add_groups. If you specify this value in your manifest or Hiera database, the contents of "add_groups" will be ignored. With Hiera, a standard priority lookup is used. Note that if replace_groups is specified at ANY level of the hierarchy, then add_groups is ignored at EVERY level of the hierarchy.

Default value: undef

Defined types

sudo::conf

Define: sudo::conf

Examples

sudo::conf { 'admins':
  source => 'puppet:///files/etc/sudoers.d/admins',
}

Parameters

The following parameters are available in the sudo::conf defined type:

• ensure
• priority
• content
• source
• template
• sudo_config_dir
• sudo_file_name

ensure

Data type: Any

Ensure if present or absent

Default value: present

priority

Data type: Any

Prefix file name with $priority

Default value: 10

content

Data type: Any

Content of configuration snippet

Default value: undef

source

Data type: Any

Source of configuration snippet

Default value: undef

template

Data type: Any

Path of a template file

Default value: undef

sudo_config_dir

Data type: Any

Where to place configuration snippets. Only set this, if your platform is not supported or you know, what you're doing.

Default value: undef

sudo_file_name

Data type: Any

Set a custom file name for the snippet

Default value: undef