refactor: ostree support, simplify tests, lint issues

Add support for ostree systems.
Simplify tests by adding setup and cleanup task files.
Fix some lint, good practices issues

.ostree/packages-runtime.txt

@@ -0,0 +1 @@
+sudo

README.md

@@ -9,7 +9,13 @@ Consider reading sudo documentation before setting it up.
 
 ### Collection requirements
 
-None.
+The role requires external collections only for management of `rpm-ostree`
+nodes. Please run the following command to install them if you need to manage
+`rpm-ostree` nodes:
+
+```bash
+ansible-galaxy collection install -vv -r meta/collection-requirements.yml
+```
 
 ## Role Variables
 
@@ -30,8 +36,8 @@ Type: `bool`
 ***Dangerous!*** Setting this to `true` removes each existing sudoers file in the `include_directories` dictionary that are not defined in the`sudo_sudoers_files` variable.
 This allows for enforcing a desired state.
 
-Default: `false`  
-Type: `bool`  
+Default: `false`
+Type: `bool`
 
 ### sudo_visudo_path
 
@@ -114,7 +120,7 @@ Optional, a list of directories that your configurations must include.
 
 This is a list of fully-qualified paths to directories to include via the `#includedir` option of a sudoers configuration.
 
-Type: `list`  
+Type: `list`
 
 #### user_specifications
 
@@ -147,25 +153,25 @@ You can use a defined `cmnd_alias` name as well as commands.
 Example definition:
 
 ```yaml
-        sudo_sudoers_files:
-          - path: /etc/sudoers.d/pingers
-            user_specifications:
-              - users:
-                  - root
-                hosts:
-                  - ALL
-                operators:
-                  - ALL
-                commands:
-                  - ALL
-              - users:
-                  - "%wheel"
-                hosts:
-                  - ALL
-                operators:
-                  - ALL
-                commands:
-                  - ALL
+sudo_sudoers_files:
+  - path: /etc/sudoers.d/pingers
+    user_specifications:
+      - users:
+          - root
+        hosts:
+          - ALL
+        operators:
+          - ALL
+        commands:
+          - ALL
+      - users:
+          - "%wheel"
+        hosts:
+          - ALL
+        operators:
+          - ALL
+        commands:
+          - ALL
 ```
 
 #### default_overrides
@@ -194,31 +200,31 @@ List of `user_alias` names as well as individual user names to override specific
 Example Definition:
 
 ```yaml
-        sudo_sudoers_files:
-          - path: /etc/sudoers.d/pingers
-            default_overrides:
-              - type: user
-                defaults:
-                  - "!requiretty"
-                users:
-                  - PINGERS
-              - type: runas
-                defaults:
-                  - "!set_logname"
-                operators:
-                  - root
-              - type: host
-                defaults:
-                  - "!requiretty"
-                  - "!requiretty"
-                hosts:
-                  - host1
-                  - host2
-              - type: command
-                defaults:
-                  - "!requiretty"
-                commands:
-                  - /usr/bin/ls
+sudo_sudoers_files:
+  - path: /etc/sudoers.d/pingers
+    default_overrides:
+      - type: user
+        defaults:
+          - "!requiretty"
+        users:
+          - PINGERS
+      - type: runas
+        defaults:
+          - "!set_logname"
+        operators:
+          - root
+      - type: host
+        defaults:
+          - "!requiretty"
+          - "!requiretty"
+        hosts:
+          - host1
+          - host2
+      - type: command
+        defaults:
+          - "!requiretty"
+        commands:
+          - /usr/bin/ls
 ```
 
 ## Example Playbooks
@@ -241,16 +247,16 @@ Example Definition:
   hosts: all
   vars:
     sudoers_files:
-     - path: /etc/sudoers
-     user_specifications:
-      - users:
-        - root
-        hosts:
-          - x
-        commands:
-          - /usr/bin/ls
+      - path: /etc/sudoers
+        user_specifications:
+          - users:
+              - root
+            hosts:
+              - x
+            commands:
+              - /usr/bin/ls
   roles:
-  - role: linux-system-roles.sudo
+    - role: linux-system-roles.sudo
 ```
 
 ### Applying defaults
@@ -428,6 +434,10 @@ Example Definition:
                   - root
 ```
 
+## rpm-ostree
+
+See README-ostree.md
+
 ## License
 
 MIT

meta/collection-requirements.yml

@@ -0,0 +1,3 @@
+---
+collections:
+  - name: ansible.posix

tasks/main.yml

@@ -1,8 +1,13 @@
 ---
+- name: Set version specific variables
+  include_tasks: set_vars.yml
+
 - name: Ensure sudo is installed
   package:
-    name: sudo
+    name: "{{ __sudo_packages }}"
     state: present
+    use: "{{ (__sudo_is_ostree | d(false)) |
+             ternary('ansible.posix.rhel_rpm_ostree', omit) }}"
 
 - name: Set include directories variable
   set_fact:
@@ -37,7 +42,7 @@
   with_items: "{{ sudo_sudoers_files }}"
   loop_control:
     label: "{{ item.path }}"
-  when: item.path != '/etc/sudoers'
+  when: item.path != "/etc/sudoers"
 
 - name: Ensure /etc/sudoers is configured
   template:
@@ -51,7 +56,7 @@
   loop_control:
     label: "{{ item.path }}"
   when:
-    - item.path == '/etc/sudoers'
+    - item.path == "/etc/sudoers"
     - sudo_rewrite_default_sudoers_file | bool
 
 - name: Remove unauthorized included sudoer files
@@ -70,8 +75,8 @@
     - name: Set unauthorized included sudoers files variable
       set_fact:
         sudo_unauthorized_files: "{{ sudo_existing_included_files['files']
-        | selectattr('path', 'defined') | map(attribute='path')
-        | flatten | difference(sudo_file_paths) }}"
+          | selectattr('path', 'defined') | map(attribute='path')
+          | flatten | difference(sudo_file_paths) }}"
 
     - name: Remove unauthorized included sudoers files
       file:

tasks/set_vars.yml

@@ -1,12 +1,12 @@
 ---
 - name: Ensure ansible_facts used by role
   setup:
-    gather_subset: "{{ __template_required_facts_subsets }}"
-  when: __template_required_facts |
+    gather_subset: "{{ __sudo_required_facts_subsets }}"
+  when: __sudo_required_facts |
     difference(ansible_facts.keys() | list) | length > 0
 
 - name: Determine if system is ostree and set flag
-  when: not __template_is_ostree is defined
+  when: not __sudo_is_ostree is defined
   block:
     - name: Check if system is ostree
       stat:
@@ -15,7 +15,7 @@
 
     - name: Set flag to indicate system is ostree
       set_fact:
-        __template_is_ostree: "{{ __ostree_booted_stat.stat.exists }}"
+        __sudo_is_ostree: "{{ __ostree_booted_stat.stat.exists }}"
 
 - name: Set platform/version specific variables
   include_vars: "{{ __vars_file }}"

templates/sudoers.j2

@@ -21,8 +21,8 @@
 {%       for spec_default in spec.defaults %}
 {%         set _ = _spec_default.append(spec_default) %}
 {%       endfor %}
-Defaults{{ sign }} {{ _spec_original | join(", ")}} {{ _spec_default |
-  join(", ")}}
+Defaults{{ sign }} {{ _spec_original | join(", ") }} {{ _spec_default |
+  join(", ") }}
 {%    endif %}
 {% endmacro -%}
 {{ ansible_managed | default('Ansible managed') | comment }}
@@ -164,7 +164,7 @@ Defaults    {{ default }}
 #include {{ file }}
 {%     endfor %}
 {%   endif %}
-{%   if item.include_directories is defined and item.include_directories | 
+{%   if item.include_directories is defined and item.include_directories |
        length > 0 %}
 ## Include directories
 {%     for dir in item.include_directories %}

tests/tasks/cleanup.yml

@@ -0,0 +1,24 @@
+# SPDX-License-Identifier: MIT
+---
+- name: Restore sudoers
+  copy:
+    src: "{{ __sudo_tmpdir.path }}/sudoers"
+    dest: /etc/sudoers
+    owner: root
+    group: root
+    mode: 0644
+    remote_src: true
+
+- name: Restore sudoers.d
+  copy:
+    src: "{{ __sudo_tmpdir.path }}/sudoers.d"
+    dest: /etc/sudoers.d
+    owner: root
+    group: root
+    mode: 0644
+    remote_src: true
+
+- name: Clean up temp directory
+  file:
+    path: "{{ __sudo_tmpdir.path }}"
+    state: absent

tests/tasks/setup.yml

@@ -0,0 +1,26 @@
+# SPDX-License-Identifier: MIT
+---
+- name: Create temp test directory
+  tempfile:
+    path: /var/tmp
+    prefix: sudo_
+    state: directory
+  register: __sudo_tmpdir
+
+- name: Backup sudoers
+  copy:
+    src: /etc/sudoers
+    dest: "{{ __sudo_tmpdir.path }}/sudoers"
+    owner: root
+    group: root
+    mode: 0644
+    remote_src: true
+
+- name: Backup sudoers.d
+  copy:
+    src: /etc/sudoers.d
+    dest: "{{ __sudo_tmpdir.path }}/sudoers.d"
+    owner: root
+    group: root
+    mode: 0644
+    remote_src: true

tests/tests_default.yml

@@ -3,11 +3,22 @@
 - name: Ensure that the role runs with default parameters
   hosts: all
   gather_facts: false  # test that role works in this case
-  roles:
-    - linux-system-roles.sudo
   tasks:
-    - name: Check header for ansible_managed, fingerprint
-      include_tasks: tasks/check_header.yml
-      vars:
-        __file: /etc/sudoers
-        __fingerprint: system_role:sudo
+    - name: Run tests
+      block:
+        - name: Test setup
+          include_tasks: tasks/setup.yml
+
+        - name: Run the role
+          include_role:
+            name: linux-system-roles.sudo
+
+        - name: Check header for ansible_managed, fingerprint
+          include_tasks: tasks/check_header.yml
+          vars:
+            __file: /etc/sudoers
+            __fingerprint: system_role:sudo
+
+      always:
+        - name: Test cleanup
+          include_tasks: tasks/cleanup.yml