From 8eb95cfcdaf561a67f3b21d7a27234fadf997e59 Mon Sep 17 00:00:00 2001
From: Kenneth Wilke <kenneth.wilke@rackspace.com>
Date: Tue, 20 Aug 2013 16:32:58 -0500
Subject: [PATCH] start of sudoers formula

---
 pillar.example            | 28 +++++++++++++++++++++++++
 sudoers/files/sudoers     | 43 +++++++++++++++++++++++++++++++++++++++
 sudoers/init.sls          | 15 ++++++++++++++
 sudoers/package-map.jinja | 14 +++++++++++++
 4 files changed, 100 insertions(+)
 create mode 100644 pillar.example
 create mode 100644 sudoers/files/sudoers
 create mode 100644 sudoers/init.sls
 create mode 100644 sudoers/package-map.jinja

diff --git a/pillar.example b/pillar.example
new file mode 100644
index 0000000..b269253
--- /dev/null
+++ b/pillar.example
@@ -0,0 +1,28 @@
+sudoers:
+  users:
+    johndoe: 'ALL=(ALL) ALL'
+  groups:
+    sudo: 'ALL=(ALL) NOPASSWD: ALL'
+  defaults:
+    - env_reset
+    - mail_badpass
+    - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+  aliases:
+    hosts:
+      - WEBSERVERS:
+        - www1
+        - www2
+        - www3
+    users:
+      - ADMINS:
+        - millert
+        - dowdy
+        - mikef
+    commands:
+      - PROCESSES:
+        - /usr/bin/nice
+        - /bin/kill
+        - /usr/bin/renice
+        - /usr/bin/pkill
+        - /usr/bin/top
+  #include: /etc/sudoers.d
diff --git a/sudoers/files/sudoers b/sudoers/files/sudoers
new file mode 100644
index 0000000..5968a82
--- /dev/null
+++ b/sudoers/files/sudoers
@@ -0,0 +1,43 @@
+{% set sudoers = pillar.get('sudoers', {}) %}
+{% set defaults = sudoers.get('defaults', []) %}
+{% set aliases = sudoers.get('aliases', {}) %}
+{% set host_aliases = aliases.get('host', []) %}
+{% set user_aliases = aliases.get('user', []) %}
+{% set cmnd_aliases = aliases.get('commands', []) %}
+{% set runas_aliases = aliases.get('runas', []) %}
+{% set users = sudoers.get('users', {}) %}
+{% set groups = sudoers.get('groups', {}) %}
+{% set includedir = sudoers.get('includedir', None) %}
+#
+# This file is managed by salt
+#
+
+{% for default in defaults -%}
+Defaults {{ default }}
+{%- endfor %}
+
+# Host alias specification
+{% for default in defaults -%}
+Defaults {{ default }}
+{%- endfor %}
+
+# User alias specification
+{{ user_aliases }}
+
+# Cmnd alias specification
+{{ cmnd_aliases }}
+
+# Runas alias specification
+{{ runas_aliases }}
+
+# User privilege specification
+{{ users }}
+
+# Group privilege specification
+{{ groups }}
+
+{% if includes %}
+includedir {{ includedir }}
+{% else %}
+#includedir /etc/sudoers.d
+{% endif %}
diff --git a/sudoers/init.sls b/sudoers/init.sls
new file mode 100644
index 0000000..d6622a4
--- /dev/null
+++ b/sudoers/init.sls
@@ -0,0 +1,15 @@
+{% from "sudoers/package-map.jinja" import pkgs with context %}
+
+sudo:
+  pkg.installed:
+    - name: {{ pkg.sudo }}
+
+/etc/sudoers
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 440
+    - template: jinja
+    - source: salt://sudoers/files/sudoers
+    - require:
+      - pkg: sudo
diff --git a/sudoers/package-map.jinja b/sudoers/package-map.jinja
new file mode 100644
index 0000000..121de81
--- /dev/null
+++ b/sudoers/package-map.jinja
@@ -0,0 +1,14 @@
+{% set package_table = {
+    'Debian': {'sudo': 'sudo'},
+    'Ubuntu': {'sudo': 'sudo'},
+    'CentOS': {'sudo': 'sudo'},
+    'Fedora': {'sudo': 'sudo'},
+    'RedHat': {'sudo': 'sudo'},
+    'Gentoo': {'sudo': 'app-admin/sudo'}
+} %}
+
+{% if 'package_table' in pillar %}
+    {% set pkgs = pillar['package_table'] %}
+{% elif grains['os'] in package_table %}
+    {% set pkgs = package_table[grains['os']] %}
+{% endif %}