Add support for epp templates

README.md

@@ -169,6 +169,44 @@ sudo::configs:
         'template'  : "mymodule/bill.erb"
 ```
 
+##### Using templates for sudo allocations
+The `template` meta-parameter supports both erb and epp templates. If the filename specified as the template ends with ".epp" then the puppet `epp` function will be used to interpret the template. If the filename specified as the template does not end with ".epp" then the puppet `template` function will be used to interpret the template. This means that template names do not have to have an extension. If one does not it will be treated as an erb template.
+
+```yaml
+sudo::configs:
+    'elizabeth':
+        'template': "mymodule/webserver_administrator"
+    'mohammed':
+        'template': "mymodule/databaseadministrator.erb"
+    'jose':
+        'template': "mymodule/appserver_administrator.epp"
+```
+
+The `template_epp` meta-parameter expects a hash with two elements; `filename` and `params`. `filename` is a string containing a path to a puppet epp template. `params` is a hash containing data elements to be passed to the corresponding epp template parameters.
+
+```yaml
+sudo::configs:
+    'george':
+        'template_epp':
+            'filename': 'sudo/single_line_allocation.epp'
+            'params':
+                'user_spec':
+                    - '%dbas'
+                'run_as':
+                    - 'root'
+                'commands':
+                    - '/usr/bin/startdb'
+    'srini':
+        'template_epp':
+            'filename': 'sudo/single_line_allocation.epp'
+            'params':
+                'user_spec':
+                    - 'srini'
+                'run_as':
+                    - 'ALL'
+                'commands':
+                    - 'ALL'
+
 ##### Override sudoers defaults
 
 You can modify `Default_Entry` lines by passing a `Hash` to `sudo::defaults`, where the key is `Defaults` parameter name (see `man 5 sudoers` for more details):

REFERENCE.md

@@ -454,6 +454,7 @@ The following parameters are available in the `sudo::conf` defined type:
 * [`content`](#-sudo--conf--content)
 * [`source`](#-sudo--conf--source)
 * [`template`](#-sudo--conf--template)
+* [`template_epp`](#-sudo--conf--template_epp)
 * [`sudo_config_dir`](#-sudo--conf--sudo_config_dir)
 * [`sudo_file_name`](#-sudo--conf--sudo_file_name)
 * [`sudo_syntax_path`](#-sudo--conf--sudo_syntax_path)
@@ -494,7 +495,15 @@ Default value: `undef`
 
 Data type: `Optional[String[1]]`
 
-Path of a template file
+Path of a erb template file or epp template file without parameters
+
+Default value: `undef`
+
+##### <a name="-sudo--conf--template_epp"></a>`template_epp`
+
+Data type: `Any`
+
+Path of an epp template and associated template parameters
 
 Default value: `undef`
 

manifests/conf.pp

@@ -16,7 +16,10 @@
 #     Source of configuration snippet
 #
 # @param template
-#     Path of a template file
+#     Path of a erb template file or epp template file without parameters
+#
+# @param template_epp
+#     Path of an epp template and associated template parameters
 #
 # @param sudo_config_dir
 #     Where to place configuration snippets.
@@ -35,14 +38,15 @@
 #   }
 #
 define sudo::conf (
-  Enum['present', 'absent']                      $ensure           = present,
-  Integer[0]                                     $priority         = 10,
-  Optional[Variant[Array[String[1]], String[1]]] $content          = undef,
-  Optional[String[1]]                            $source           = undef,
-  Optional[String[1]]                            $template         = undef,
-  Optional[String[1]]                            $sudo_config_dir  = undef,
-  Optional[String[1]]                            $sudo_file_name   = undef,
-  String[1]                                      $sudo_syntax_path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
+  Enum['present', 'absent']                                $ensure           = present,
+  Integer[0]                                               $priority         = 10,
+  Optional[Variant[Array[String[1]], String[1]]]           $content          = undef,
+  Optional[String[1]]                                      $source           = undef,
+  Optional[String[1]]                                      $template         = undef,
+  Optional[Struct[{ filename => String, params => Hash }]] $template_epp     = undef,
+  Optional[String[1]]                                      $sudo_config_dir  = undef,
+  Optional[String[1]]                                      $sudo_file_name   = undef,
+  String[1]                                                $sudo_syntax_path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
 ) {
   include sudo
 
@@ -94,6 +98,10 @@
     }
   }
 
+  if $template and $template_epp {
+    fail("'template' and 'template_epp' are mutually exclusive")
+  }
+
   if $content != undef {
     if $content =~ Array {
       $lines = join($content, "\n")
@@ -102,7 +110,22 @@
       $content_real = "# This file is managed by Puppet; changes may be overwritten\n${content}\n"
     }
   } elsif $template != undef {
-    $content_real = template($template)
+    if $template =~ /\.epp$/ {
+      $lines = epp($template)
+    } else {
+      $lines = template($template)
+    }
+    $content_real = "# This file is managed by Puppet; changes may be overwritten\n${lines}\n"
+  } elsif $template_epp != undef {
+    $missing_data_error = "'template_epp' must be a hash containing two elements; filename(string) and params(hash)"
+    if $template_epp[filename] == undef {
+      fail("template_epp hash missing filename element: ${missing_data_error}")
+    }
+    if $template_epp[params] == undef {
+      fail("template_epp hash missing params element: ${missing_data_error}")
+    }
+    $lines = epp($template_epp[filename], $template_epp[params])
+    $content_real = "# This file is managed by Puppet; changes may be overwritten\n${lines}\n"
   } else {
     $content_real = undef
   }

templates/multi_line_allocation.epp

@@ -0,0 +1,23 @@
+<%- |          Array[String]  $user_spec,
+      Optional[Array[String]] $run_as     = ['root'],
+      Optional[Boolean]       $req_passwd = true,
+      Optional[Array[String]] $commands   = ['ALL']
+| -%>
+<%
+  if $req_passwd == true {
+    $req_passwd_final = 'PASSWD'
+  }
+  else {
+    $req_passwd_final = 'NOPASSWD'
+  }
+
+  $user_spec.each |String $one_user_spec| {
+    $run_as.each |String $one_run_as| {
+      $commands.each |String $one_command| {
+-%>
+<%= $one_user_spec %> <%= $facts['hostname'] %> = (<%= $one_run_as %>) <%= $req_passwd_final %>: <%= $one_command %>
+<%
+      }
+    }
+  }
+-%>

templates/single_line_allocation.epp

@@ -0,0 +1,20 @@
+<%- |          Array[String]  $user_spec,
+      Optional[Array[String]] $run_as     = ['root'],
+      Optional[Boolean]       $req_passwd = true,
+      Optional[Array[String]] $commands   = ['ALL']
+| -%>
+<%
+  $user_spec_final = $user_spec.join(',')
+
+  $run_as_final = $run_as.join(',')
+
+  if $req_passwd == true {
+    $req_passwd_final = 'PASSWD'
+  }
+  else {
+    $req_passwd_final = 'NOPASSWD'
+  }
+
+  $commands_final = $commands.join(',')
+-%>
+<%= $user_spec_final %> <%= $facts['hostname'] %> = (<%= $run_as_final %>) <%= $req_passwd_final %>: <%= $commands_final -%>