Merge pull request #2 from KennethWilke/master

start of sudoers formula

pillar.example

@@ -0,0 +1,28 @@
+sudoers:
+  users:
+    johndoe: 'ALL=(ALL) ALL'
+  groups:
+    sudo: 'ALL=(ALL) NOPASSWD: ALL'
+  defaults:
+    - env_reset
+    - mail_badpass
+    - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+  aliases:
+    hosts:
+      WEBSERVERS:
+        - www1
+        - www2
+        - www3
+    users:
+      ADMINS:
+        - millert
+        - dowdy
+        - mikef
+    commands:
+      PROCESSES:
+        - /usr/bin/nice
+        - /bin/kill
+        - /usr/bin/renice
+        - /usr/bin/pkill
+        - /usr/bin/top
+  includedir: /etc/sudoers.d

sudoers/files/sudoers

@@ -0,0 +1,52 @@
+{% set sudoers = pillar.get('sudoers', {}) %}
+{%- set defaults = sudoers.get('defaults', []) %}
+{%- set aliases = sudoers.get('aliases', {}) %}
+{%- set host_aliases = aliases.get('hosts', {}) %}
+{%- set user_aliases = aliases.get('users', {}) %}
+{%- set command_aliases = aliases.get('commands', {}) %}
+{%- set runas_aliases = aliases.get('runas', {}) %}
+{%- set users = sudoers.get('users', {}) %}
+{%- set groups = sudoers.get('groups', {}) %}
+{%- set includedir = sudoers.get('includedir', None) -%}
+#
+# This file is managed by salt
+#
+
+{% for default in defaults -%}
+Defaults {{ default }}
+{% endfor %}
+# Host alias specification
+{%- for name,hosts in host_aliases.items() %}
+Host_Alias {{ name }} = {{ ",".join(hosts) }}
+{%- endfor %}
+
+# User alias specification
+{%- for name,users in user_aliases.items() %}
+User_Alias {{ name }} = {{ ",".join(users) }}
+{%- endfor %}
+
+# Cmnd alias specification
+{%- for name,commands in command_aliases.items() %}
+Cmnd_Alias {{ name }} = {{ ",".join(commands) }}
+{%- endfor %}
+
+# Runas alias specification
+{%- for name,runas in runas_aliases.items() %}
+Runas_Alias {{ name }} = {{ ",".join(runas) }}
+{%- endfor %}
+
+# User privilege specification
+{%- for user,spec in users.items() %}
+{{ user }} {{ spec }}
+{%- endfor %}
+
+# Group privilege specification
+{%- for group,spec in groups.items() %}
+%{{ group }} {{ spec }}
+{%- endfor %}
+
+{% if includedir %}
+includedir {{ includedir }}
+{% else %}
+#includedir /etc/sudoers.d
+{% endif %}

sudoers/init.sls

@@ -0,0 +1,15 @@
+{% from "sudoers/package-map.jinja" import pkgs with context %}
+
+sudo:
+  pkg.installed:
+    - name: {{ pkgs.sudo }}
+
+/etc/sudoers:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 440
+    - template: jinja
+    - source: salt://sudoers/files/sudoers
+    - require:
+      - pkg: sudo

sudoers/package-map.jinja

@@ -0,0 +1,14 @@
+{% set package_table = {
+    'Debian': {'sudo': 'sudo'},
+    'Ubuntu': {'sudo': 'sudo'},
+    'CentOS': {'sudo': 'sudo'},
+    'Fedora': {'sudo': 'sudo'},
+    'RedHat': {'sudo': 'sudo'},
+    'Gentoo': {'sudo': 'app-admin/sudo'}
+} %}
+
+{% if 'package_table' in pillar %}
+    {% set pkgs = pillar['package_table'] %}
+{% elif grains['os'] in package_table %}
+    {% set pkgs = package_table[grains['os']] %}
+{% endif %}