#!/bin/bash
# Validate the salt-generated sudo configs
[[ $(whoami) == 'root' ]] || { echo 'Please run this script as root'; exit 1; }
source bin/get_colors.sh
reset_sudo() {
rm -rf /etc/sudoers*
cp -a /etc/orig/* /etc
printf "roles:\n- $role" > /etc/salt/grains
}
mkdir /etc/orig
cp -a /etc/sudoers* /etc/orig
run_tests() {
salt-call --local -l quiet state.apply sudoers,sudoers.included > /dev/null
visudo -c > output 2>&1
STATUS=$?
if [[ $STATUS == 0 ]]; then
echo_PASSED
else
cat output
echo_FAILED
fi
echo
return $STATUS
}
echo_INFO "Testing virtual: physical"
echo "virtual: physical" > /etc/salt/grains
run_tests
pushd pillar > /dev/null
SUDO_ROLES=(
# Get all the roles that include common sls files, which contain sudoers entries
$(grep -lr 'sudoers:' role/common/ | while read i; do L=${i%%.*}; L=${L//\//.}; grep -lr $L role/*.sls; done)
# Get all the roles that contain sudoers entries
$(grep -lr 'sudoers:' role/*.sls)
# add additional roles that contain sudoers rules and are difficult to find in an automated way
role/worker_gitlab.sls
)
popd > /dev/null
ALL_STATUS=0
for _role in ${SUDO_ROLES[@]}; do
_role=${_role##*/}
role=${_role%%.*}
echo_INFO "Testing role: $role"
reset_sudo
run_tests || ALL_STATUS=$?
done
exit $ALL_STATUS