heroes / salt

Clone
Source Code
GIT

Blame bin/test_sudo.sh

adjust-ci-pipeline anikitin/mirrorcache anikitin/t_allow_jinja_in_secrets anikitin/web_mirrors__proxy_mirrorcache bootloader cboltz-borgbackup cboltz-relnotes-15.3 cboltz-scar-sshd doc-o-o gateway hellcp/matrix-synapse-workers-syntax hellcp/paste-sync ifconfig infra libvirt lrupp-production-patch-08358 lrupp/add_identification lrupp/remove_login_interface lrupp/retire lrupp/serve_www mailman micro monitoring-restart paste-socket postfix-aliases production repositories set-secret-detection-config-1 sysctl update-access-crtmgr
  1.   91e40b6149a9b9f681fbc5ff10f63523b24aa838
  2.   bin
  3.   test_sudo.sh
Blob History Raw
Theo Chatzimichos 712c78 
#!/bin/bash
Theo Chatzimichos 712c78
Theo Chatzimichos 712c78 
# Validate the salt-generated sudo configs
Theo Chatzimichos 712c78
Theo Chatzimichos 712c78 
[[ $(whoami) == 'root' ]] || { echo 'Please run this script as root'; exit 1; }
Theo Chatzimichos 712c78
Theo Chatzimichos 712c78 
source bin/get_colors.sh
Theo Chatzimichos 712c78
Theo Chatzimichos 712c78 
reset_sudo() {
Theo Chatzimichos 712c78 
    rm -rf /etc/sudoers*
Theo Chatzimichos 712c78 
    cp -a /etc/orig/* /etc
Theo Chatzimichos 712c78 
    printf "roles:\n- $role" > /etc/salt/grains
Theo Chatzimichos 712c78 
}
Theo Chatzimichos 712c78
Theo Chatzimichos 712c78 
mkdir /etc/orig
Theo Chatzimichos 712c78 
cp -a /etc/sudoers* /etc/orig
Theo Chatzimichos 712c78
Theo Chatzimichos 712c78 
run_tests() {
Theo Chatzimichos 712c78 
    salt-call --local -l quiet state.apply sudoers,sudoers.included > /dev/null
Theo Chatzimichos 712c78 
    visudo -c > output 2>&1
Theo Chatzimichos 712c78 
    STATUS=$?
Theo Chatzimichos 712c78 
    if [[ $STATUS == 0 ]]; then
Theo Chatzimichos 712c78 
        echo_PASSED
Theo Chatzimichos 712c78 
    else
Theo Chatzimichos 712c78 
        cat output
Theo Chatzimichos 712c78 
        echo_FAILED
Theo Chatzimichos 712c78 
    fi
Theo Chatzimichos 712c78 
    echo
Christian Boltz cfbb11 
    return $STATUS
Theo Chatzimichos 712c78 
}
Theo Chatzimichos 712c78
Theo Chatzimichos 712c78 
echo_INFO "Testing virtual: physical"
Theo Chatzimichos 712c78 
echo "virtual: physical" > /etc/salt/grains
Theo Chatzimichos 712c78 
run_tests
Theo Chatzimichos 712c78
Theo Chatzimichos 712c78 
pushd pillar > /dev/null
Theo Chatzimichos 712c78 
SUDO_ROLES=(
Theo Chatzimichos 712c78 
    # Get all the roles that include common sls files, which contain sudoers entries
Theo Chatzimichos 712c78 
    $(grep -lr 'sudoers:' role/common/ | while read i; do L=${i%%.*}; L=${L//\//.}; grep -lr $L role/*.sls; done)
Theo Chatzimichos 712c78 
    # Get all the roles that contain sudoers entries
Theo Chatzimichos 712c78 
    $(grep -lr 'sudoers:' role/*.sls)
Theo Chatzimichos 712c78 
    # add additional roles that contain sudoers rules and are difficult to find in an automated way
Theo Chatzimichos 712c78 
    role/worker_gitlab.sls
Theo Chatzimichos 712c78 
)
Theo Chatzimichos 712c78 
popd > /dev/null
Theo Chatzimichos 712c78
Christian Boltz cfbb11 
ALL_STATUS=0
Christian Boltz cfbb11
Theo Chatzimichos 712c78 
for _role in ${SUDO_ROLES[@]}; do
Theo Chatzimichos 712c78 
    _role=${_role##*/}
Theo Chatzimichos 712c78 
    role=${_role%%.*}
Theo Chatzimichos 712c78 
    echo_INFO "Testing role: $role"
Theo Chatzimichos 712c78 
    reset_sudo
Christian Boltz cfbb11 
    run_tests || ALL_STATUS=$?
Theo Chatzimichos 712c78 
done
Theo Chatzimichos 712c78
Christian Boltz cfbb11 
exit $ALL_STATUS
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.