Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Support for 'include' in the provider #5

Open
mmarod opened this issue May 8, 2015 · 7 comments
Open

Feature Request: Support for 'include' in the provider #5

mmarod opened this issue May 8, 2015 · 7 comments
Labels
enhancement New feature or request

Comments

@mmarod
Copy link
Contributor

mmarod commented May 8, 2015

There does not appear to be any way to specify something like this...

@include common-account
@include common-password
@include common-session

Seems like the 'type' parameter could just be extended to add support for 'include'.

Thanks!
@raphink
Copy link
Member

raphink commented May 11, 2015

What kind of syntax would you suggest?

@raphink raphink added the enhancement New feature or request label Sep 9, 2015
@njm506
Copy link

njm506 commented Jan 13, 2016

On RedHat-like systems, it's already possible as they use lines like:
auth include password-auth
These can be managed using syntax like this:

pam { 'No password-auth for SSH (RedHat)':
  ensure  => absent,
  service => 'sshd',
  type    => 'auth',
  control => 'include',
  module  => 'password-auth',
}

For compatibility with the above, something like this might make sense (just omit 'type') - if this is straightforward:

pam { 'No common-auth for SSH (Debian)':
  ensure  => absent,
  service => 'sshd',
  control => 'include',
  module  => 'common-auth',
}

At the moment, I have a separate augeas resource to do this, but it interacts in interesting ways with the pam augeas provider, depending on the order things happen in.

@raphink
Copy link
Member

raphink commented Jan 13, 2016

If it's an order problem, have you consider using the position parameter?

@njm506
Copy link

njm506 commented Jan 14, 2016

Sorry, I didn't make my previous post that clear; the bit about the separate augeas resource was just an aside (the ordering thing might just be an ordinary case of making sure Puppet does the two things in a suitable order).

What I was suggesting was merely a possible syntax to implement for managing @include lines.

@raphink
Copy link
Member

raphink commented Jan 25, 2016

Right. Hence my earlier question: what kind of syntax would you suggest for it?

@njm506
Copy link

njm506 commented Jan 26, 2016

That was what I was suggesting there - the syntax I think would be appropriate for managing:

@include common-auth

would be:

pam { 'SSH - common-auth':
  ensure  => present,       # Or absent, if you don't want it
  service => 'sshd',
  control => 'include',     # Note - no "type" parameter for this style of @include (as it applies to everything)
  module  => 'common-auth',
}

@devicenull
Copy link

It looks like the upstream augeas code already supports this - https://github.com/hercules-team/augeas/blob/master/lenses/pam.aug#L47

However, it's definitely not obvious to me the interaction between the lens and this module works. I think the syntax in the previous comment would be fine

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@devicenull @raphink @mmarod @njm506