-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I agree with David.
Also: - - I would make the defined attributes completely authoritative. If I'm setting up sudoers, I want to define the entire file from top to bottom, I specifically don't want to have cruft left around. This could perhaps be an added on 'purge => "true"' option... - - I would place your file into a temp file and then run 'visudo -c -f <temp_file>' on it. Fail with an error if it fails and *do not* replace the existing sudoers. This ensures that a typo won't hork your entire installation. Trevor On 03/17/2010 04:51 AM, David Schmitt wrote: > On 3/17/2010 5:25 AM, Dan Bode wrote: >> Hi All, >> >> I have been working on a type/provider for sudoers and would appreciate >> any feedback. >> >> It can be found at: >> >> http://github.com/bodepd/puppet-sudo >> >> There are some slight limitations documented in the README. >> >> Plenty of examples in the tests directory to get people started. >> >> It's a pretty interesting example of how to push the boundaries of >> parsedfile. >> >> I anxiously await your criticisms :) >> > > > uuuh, shiny :-) > > * It'd probably be nice to build the default file from resources in an > optional class instead of shipping a default that has to be overridden > and cannot be cleaned by the type (it has continuation lines). > > * Overloading the type with the three different types of records > confuses me. Perhaps defines for each of the three types could improve > the situation? > > * I'm sure you could improve on the design of the "Puppet NAMEVAR" > stuff on users entries. I guess the problem there is that the "meat" of > the sudoers file are (user, command) tuples which can be either > specified from the command side (by a module) or the user side (by the > site configuration). What about the following structure: > > | # site configuration > | sudo_user_alias { 'sw_managers': users => [ 'dan', 'dave' ]; } > | > | # rpm module > | sudo_cmd_alias { 'SOFTWARE': commands => [ '/bin/rpm', ... ]; } > | sudo_permission { 'SOFTWARE': users => [ 'sw_managers' ]; } > > > > Best Regards, David - -- Trevor Vaughan Vice President, Onyx Point, Inc. email: [email protected] phone: 410-541-ONYX (6699) - -- This account not approved for unencrypted sensitive information -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkuhcz8ACgkQyWMIJmxwHpQm8gCdFnqE6qjIdLqM8VkQL+F+EL+X Gd8AoMJIj1SandIEe/T9iwXP0ChbKgpU =p035 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
