From 8d3f4d9894af267868fe41e0d67b6dd2e4d21d58 Mon Sep 17 00:00:00 2001
From: Roman Reitschmied <r.reitschmied@durchblicker.at>
Date: Thu, 11 Feb 2016 15:00:22 +0100
Subject: [PATCH] add sudoers check with visudo as proposed here:
 https://blog.afoolishmanifesto.com/posts/checking-sudoers-with-visudo-in-saltstack/

---
 sudoers/included.sls | 1 +
 sudoers/init.sls     | 1 +
 2 files changed, 2 insertions(+)

diff --git a/sudoers/included.sls b/sudoers/included.sls
index e4d4b7e..de48440 100644
--- a/sudoers/included.sls
+++ b/sudoers/included.sls
@@ -13,6 +13,7 @@ include:
     - mode: 440
     - template: jinja
     - source: salt://sudoers/files/sudoers
+    - check_cmd: /usr/sbin/visudo -c -f
     - context:
         included: True
         sudoers: {{ spec|json }}
diff --git a/sudoers/init.sls b/sudoers/init.sls
index 922fdf7..841efd9 100644
--- a/sudoers/init.sls
+++ b/sudoers/init.sls
@@ -11,6 +11,7 @@ sudo:
     - mode: 440
     - template: jinja
     - source: salt://sudoers/files/sudoers
+    - check_cmd: /usr/sbin/visudo -c -f
     - context:
         included: False
     - require: