From c5acbc696ae230e673f64f57b815a08963e44a90 Mon Sep 17 00:00:00 2001
From: Eric Veiras Galisson <eric@sietch-tabr.com>
Date: Mon, 24 Aug 2020 17:58:35 +0200
Subject: [PATCH] feat: implement option to purge included files directory

---
 pillar.example        | 2 ++
 sudoers/defaults.yaml | 1 +
 sudoers/included.sls  | 7 +++++++
 3 files changed, 10 insertions(+)

diff --git a/pillar.example b/pillar.example
index 5986bba..966a743 100644
--- a/pillar.example
+++ b/pillar.example
@@ -4,6 +4,8 @@
 sudoers:
   # By default the main sudoers file is managed by this formula (False to skip)
   manage_main_config: true
+  # By default the included directory is not purged from unwanted files
+  purge_includedir: false
   users:
     johndoe:
       - 'ALL=(ALL) ALL'
diff --git a/sudoers/defaults.yaml b/sudoers/defaults.yaml
index 6115c5b..09224b0 100644
--- a/sudoers/defaults.yaml
+++ b/sudoers/defaults.yaml
@@ -4,6 +4,7 @@
 sudoers:
   pkg: sudo
   manage_main_config: true
+  purge_includedir: false
   configpath: /etc
   group: root
   execprefix: /usr/sbin
diff --git a/sudoers/included.sls b/sudoers/included.sls
index 1b6490c..34c3ab4 100644
--- a/sudoers/included.sls
+++ b/sudoers/included.sls
@@ -9,6 +9,13 @@
 include:
   - sudoers
 
+{{ sudoers.includedir }}:
+  file.directory:
+    - user: root
+    - group: {{ sudoers.group }}
+    - mode: 440
+    - clean: {{ sudoers.purge_includedir }}
+
 {% set included_files = sudoers.included_files %}
 {% for included_file, spec in included_files.items() -%}
 sudoers include {{ included_file }}: