From 4f52f4b8fc633a3d4687729710c525fedbf6c722 Mon Sep 17 00:00:00 2001
From: OKUMURA Takahiro <hfm.garden@gmail.com>
Date: Sun, 12 Jun 2016 16:52:17 +0900
Subject: [PATCH] add

---
 manifests/client.pp            | 48 ++++++++++++++++++++++------------
 spec/acceptance/client_spec.rb |  3 +--
 2 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/manifests/client.pp b/manifests/client.pp
index 5985771..625a6ea 100644
--- a/manifests/client.pp
+++ b/manifests/client.pp
@@ -80,23 +80,39 @@
   }
 
   if $handle_sudo_config {
-    validate_string($sudoers_name)
+    if $sudoers_name {
+      validate_string($sudoers_name)
 
-    augeas {'sudo pam with stns':
-      context => '/files/etc/pam.d/sudo',
-      changes => [
-        'ins "01" after #comment',
-        'set 01/type auth',
-        'set 01/control sufficient',
-        'set 01/module libpam_stns.so',
-        'set 01/argument[1] sudo',
-        "set 01/argument[2] ${sudoers_name}",
-      ],
-      onlyif  => [
-        "values *[type = 'auth']/module not_include libpam_stns.so",
-        "match *[module = 'libpam_stns.so']/argument size < 2",
-        "match *[module = 'libpam_stns.so']/argument != ['sudo', ${sudoers_name}]",
-      ],
+      augeas {'sudo pam with stns':
+        context => '/files/etc/pam.d/sudo',
+        changes => [
+          'ins "01" after #comment',
+          'set 01/type auth',
+          'set 01/control sufficient',
+          'set 01/module libpam_stns.so',
+          'set 01/argument[1] sudo',
+          "set 01/argument[2] ${sudoers_name}",
+        ],
+        onlyif  => [
+          "values *[type = 'auth']/module not_include libpam_stns.so",
+          "match *[module = 'libpam_stns.so']/argument size < 2",
+          "match *[module = 'libpam_stns.so']/argument != ['sudo', ${sudoers_name}]",
+        ],
+      }
+    } else {
+      augeas {'sudo pam with stns':
+        context => '/files/etc/pam.d/sudo',
+        changes => [
+          'ins "01" after #comment',
+          'set 01/type auth',
+          'set 01/control sufficient',
+          'set 01/module libpam_stns.so',
+        ],
+        onlyif  => [
+          "values *[type = 'auth']/module not_include libpam_stns.so",
+          "match *[module = 'libpam_stns.so']/argument size == 0",
+        ],
+      }
     }
   }
 
diff --git a/spec/acceptance/client_spec.rb b/spec/acceptance/client_spec.rb
index 93fb603..b09bb0c 100644
--- a/spec/acceptance/client_spec.rb
+++ b/spec/acceptance/client_spec.rb
@@ -31,7 +31,6 @@ class { '::stns::client':
         handle_nsswitch    => true,
         handle_sshd_config => true,
         handle_sudo_config => true,
-        sudoers_name       => 'example_user',
       }
     EOS
   end
@@ -80,6 +79,6 @@ class { '::stns::client':
   end
 
   describe file('/etc/pam.d/sudo') do
-    its(:content) { should match /^#%PAM-1.0\nauth\s+sufficient\s+libpam_stns.so\s+sudo\s+example_user$/ }
+    its(:content) { should match /^#%PAM-1.0\nauth\s+sufficient\s+libpam_stns.so$/ }
   end
 end