diff --git a/REFERENCE.md b/REFERENCE.md
index 20f2877..2353e9f 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -23,6 +23,15 @@ rpm. so we add a dependencies to the ldap module.
* [`sudo::conf`](#sudo--conf): Manages sudo configuration snippets
+### Functions
+
+* [`sudo::defaults`](#sudo--defaults): Formats sudoers defaults config see https://linux.die.net/man/5/sudoers Default_Type ::= 'Defaults' | 'Defaults' '@
+
+### Data types
+
+* [`Sudo::Defaults`](#Sudo--Defaults): sudo defaults
+* [`Sudo::Defaults_operator`](#Sudo--Defaults_operator): custom datatype that validates sudo defaults operators
+
## Classes
### `sudo`
@@ -71,6 +80,7 @@ The following parameters are available in the `sudo` class:
* [`wheel_config`](#-sudo--wheel_config)
* [`sudoreplay_discard`](#-sudo--sudoreplay_discard)
* [`configs`](#-sudo--configs)
+* [`defaults`](#-sudo--defaults)
##### `enable`
@@ -335,6 +345,14 @@ A hash of sudo::conf's
Default value: `{}`
+##### `defaults`
+
+Data type: `Sudo::Defaults`
+
+
+
+Default value: `$sudo::params::defaults`
+
### `sudo::allow`
This class allows you to take complete advantage of automatic parameter
@@ -506,3 +524,85 @@ Path to use for executing the sudo syntax check
Default value: `'/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'`
+## Functions
+
+### `sudo::defaults`
+
+Type: Ruby 4.x API
+
+Formats sudoers defaults config see https://linux.die.net/man/5/sudoers
+
+ Default_Type ::= 'Defaults' |
+ 'Defaults' '@' Host_List |
+ 'Defaults' ':' User_List |
+ 'Defaults' '!' Cmnd_List |
+ 'Defaults' '>' Runas_List
+
+ Default_Entry ::= Default_Type Parameter_List
+
+ Parameter_List ::= Parameter |
+ Parameter ',' Parameter_List
+
+ Parameter ::= Parameter '=' Value |
+ Parameter '+=' Value |
+ Parameter '-=' Value |
+ '!'* Parameter
+
+The function is passed an Array of Tuples
+e.g. [["env_reset", nil]]
+ [["mailto", {"value" => root}]]
+
+#### `sudo::defaults(Any *$args)`
+
+Formats sudoers defaults config see https://linux.die.net/man/5/sudoers
+
+ Default_Type ::= 'Defaults' |
+ 'Defaults' '@' Host_List |
+ 'Defaults' ':' User_List |
+ 'Defaults' '!' Cmnd_List |
+ 'Defaults' '>' Runas_List
+
+ Default_Entry ::= Default_Type Parameter_List
+
+ Parameter_List ::= Parameter |
+ Parameter ',' Parameter_List
+
+ Parameter ::= Parameter '=' Value |
+ Parameter '+=' Value |
+ Parameter '-=' Value |
+ '!'* Parameter
+
+The function is passed an Array of Tuples
+e.g. [["env_reset", nil]]
+ [["mailto", {"value" => root}]]
+
+Returns: `String`
+
+##### `*args`
+
+Data type: `Any`
+
+
+
+## Data types
+
+### `Sudo::Defaults`
+
+sudo defaults
+
+Alias of
+
+```puppet
+Hash[String, Variant[Struct[{
+ Optional[list] => String,
+ Optional[operator] => Sudo::Defaults_operator,
+ Optional[value] => Variant[String,Numeric],
+ }], Undef]]
+```
+
+### `Sudo::Defaults_operator`
+
+custom datatype that validates sudo defaults operators
+
+Alias of `Enum['=', '+=', '-=', '!']`
+
diff --git a/lib/puppet/functions/sudo/defaults.rb b/lib/puppet/functions/sudo/defaults.rb
index 511592e..1fd66d1 100644
--- a/lib/puppet/functions/sudo/defaults.rb
+++ b/lib/puppet/functions/sudo/defaults.rb
@@ -22,6 +22,11 @@
# e.g. [["env_reset", nil]]
# [["mailto", {"value" => root}]]
Puppet::Functions.create_function(:'sudo::defaults') do
+ dispatch :defaults do
+ repeated_param 'Any', :args
+ return_type 'String'
+ end
+
def defaults(*args)
res = ''
raise "Unsupported number of arguments #{args.size}: #{args.inspect}" if args.nil?
diff --git a/manifests/init.pp b/manifests/init.pp
index 224b72f..ec7dfd3 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -148,7 +148,7 @@
Enum['absent','password','nopassword'] $wheel_config = $sudo::params::wheel_config,
Optional[Array[String[1]]] $sudoreplay_discard = undef,
Hash $configs = {},
- Sudo::Defaults $defaults = $sudo::params::defaults,
+ Sudo::Defaults $defaults = $sudo::params::defaults,
) inherits sudo::params {
case $enable {
true: {
diff --git a/spec/classes/sudo_spec.rb b/spec/classes/sudo_spec.rb
index ee2feb1..a8d527d 100644
--- a/spec/classes/sudo_spec.rb
+++ b/spec/classes/sudo_spec.rb
@@ -39,14 +39,16 @@
it { is_expected.to compile.and_raise_error(%r{'content' \(deprecated\) and 'content_string' are mutually exclusive}) }
end
- context 'with deprecated content set' do
- let :params do
- {
- content: 'sudo/sudoers.ubuntu.erb'
- }
- end
+ unless os =~ %r{^(gentoo|archlinux-rolling)}
+ context 'with deprecated content set' do
+ let :params do
+ {
+ content: 'sudo/sudoers.ubuntu.erb'
+ }
+ end
- it { is_expected.to contain_file('/etc/sudoers').with_content(%r{.*Defaults\s+env_reset.*}) }
+ it { is_expected.to contain_file('/etc/sudoers').with_content(%r{.*Defaults\s+env_reset.*}) }
+ end
end
context 'with content_string set' do
diff --git a/templates/sudoers.rhel9.erb b/templates/sudoers.rhel9.erb
index 5c477e7..266d936 100644
--- a/templates/sudoers.rhel9.erb
+++ b/templates/sudoers.rhel9.erb
@@ -74,7 +74,6 @@ Defaults match_group_by_gid
# Disable this option for new behavior.
Defaults always_query_group_plugin
-Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
@@ -135,3 +134,4 @@ root ALL=(ALL) ALL
<% @extra_include_dirs.each do |include_dir| -%>
#includedir <%= include_dir %>
<% end if @extra_include_dirs -%>
+<%= scope.call_function('sudo::defaults', @defaults) -%>
diff --git a/types/defaults_operator.pp b/types/defaults_operator.pp
index ffbe598..452efa6 100644
--- a/types/defaults_operator.pp
+++ b/types/defaults_operator.pp
@@ -1 +1,2 @@
+# @summary custom datatype that validates sudo defaults operators
type Sudo::Defaults_operator = Enum['=','+=','-=','!']