|
Theo Chatzimichos |
712c78 |
#!/bin/bash
|
|
Theo Chatzimichos |
712c78 |
|
|
Theo Chatzimichos |
712c78 |
# Validate the salt-generated sudo configs
|
|
Theo Chatzimichos |
712c78 |
|
|
Theo Chatzimichos |
712c78 |
[[ $(whoami) == 'root' ]] || { echo 'Please run this script as root'; exit 1; }
|
|
Theo Chatzimichos |
712c78 |
|
|
Theo Chatzimichos |
712c78 |
source bin/get_colors.sh
|
|
Theo Chatzimichos |
712c78 |
|
|
Theo Chatzimichos |
712c78 |
reset_sudo() {
|
|
Theo Chatzimichos |
712c78 |
rm -rf /etc/sudoers*
|
|
Theo Chatzimichos |
712c78 |
cp -a /etc/orig/* /etc
|
|
Theo Chatzimichos |
712c78 |
printf "roles:\n- $role" > /etc/salt/grains
|
|
Theo Chatzimichos |
712c78 |
}
|
|
Theo Chatzimichos |
712c78 |
|
|
Theo Chatzimichos |
712c78 |
mkdir /etc/orig
|
|
Theo Chatzimichos |
712c78 |
cp -a /etc/sudoers* /etc/orig
|
|
Theo Chatzimichos |
712c78 |
|
|
Theo Chatzimichos |
712c78 |
run_tests() {
|
|
Theo Chatzimichos |
712c78 |
salt-call --local -l quiet state.apply sudoers,sudoers.included > /dev/null
|
|
Theo Chatzimichos |
712c78 |
visudo -c > output 2>&1
|
|
Theo Chatzimichos |
712c78 |
STATUS=$?
|
|
Theo Chatzimichos |
712c78 |
if [[ $STATUS == 0 ]]; then
|
|
Theo Chatzimichos |
712c78 |
echo_PASSED
|
|
Theo Chatzimichos |
712c78 |
else
|
|
Theo Chatzimichos |
712c78 |
cat output
|
|
Theo Chatzimichos |
712c78 |
echo_FAILED
|
|
Theo Chatzimichos |
712c78 |
fi
|
|
Theo Chatzimichos |
712c78 |
echo
|
|
Christian Boltz |
cfbb11 |
return $STATUS
|
|
Theo Chatzimichos |
712c78 |
}
|
|
Theo Chatzimichos |
712c78 |
|
|
Theo Chatzimichos |
712c78 |
echo_INFO "Testing virtual: physical"
|
|
Theo Chatzimichos |
712c78 |
echo "virtual: physical" > /etc/salt/grains
|
|
Theo Chatzimichos |
712c78 |
run_tests
|
|
Theo Chatzimichos |
712c78 |
|
|
Theo Chatzimichos |
712c78 |
pushd pillar > /dev/null
|
|
Theo Chatzimichos |
712c78 |
SUDO_ROLES=(
|
|
Theo Chatzimichos |
712c78 |
# Get all the roles that include common sls files, which contain sudoers entries
|
|
Theo Chatzimichos |
712c78 |
$(grep -lr 'sudoers:' role/common/ | while read i; do L=${i%%.*}; L=${L//\//.}; grep -lr $L role/*.sls; done)
|
|
Theo Chatzimichos |
712c78 |
# Get all the roles that contain sudoers entries
|
|
Theo Chatzimichos |
712c78 |
$(grep -lr 'sudoers:' role/*.sls)
|
|
Theo Chatzimichos |
712c78 |
# add additional roles that contain sudoers rules and are difficult to find in an automated way
|
|
Theo Chatzimichos |
712c78 |
role/worker_gitlab.sls
|
|
Theo Chatzimichos |
712c78 |
)
|
|
Theo Chatzimichos |
712c78 |
popd > /dev/null
|
|
Theo Chatzimichos |
712c78 |
|
|
Christian Boltz |
cfbb11 |
ALL_STATUS=0
|
|
Christian Boltz |
cfbb11 |
|
|
Theo Chatzimichos |
712c78 |
for _role in ${SUDO_ROLES[@]}; do
|
|
Theo Chatzimichos |
712c78 |
_role=${_role##*/}
|
|
Theo Chatzimichos |
712c78 |
role=${_role%%.*}
|
|
Theo Chatzimichos |
712c78 |
echo_INFO "Testing role: $role"
|
|
Theo Chatzimichos |
712c78 |
reset_sudo
|
|
Christian Boltz |
cfbb11 |
run_tests || ALL_STATUS=$?
|
|
Theo Chatzimichos |
712c78 |
done
|
|
Theo Chatzimichos |
712c78 |
|
|
Christian Boltz |
cfbb11 |
exit $ALL_STATUS
|