Merge pull request #5 from rfairburn/master

Support Amazon Linux and Additional defaults support
9 years ago · f78892241f
parent 66ff6d8fee fb3773a605
commit f78892241f
3 changed files with 43 additions and 8 deletions
--- a/pillar.example
+++ b/pillar.example
@ -4,9 +4,19 @@ sudoers:
  groups:
    sudo: 'ALL=(ALL) NOPASSWD: ALL'
  defaults:
-    - env_reset
-    - mail_badpass
-    - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    generic:
+      - env_rset
+      - mail_badpass
+      - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    user_list:
+      johndoe: '!requiretty'
+      ADMINS: '!lecture'
+    host_list:
+      www1: 'log_year, logfile=/var/log/sudo.log'
+    command_list:
+      PROCESSES: 'noexec'
+    runas_list:
+      root: '!set_logname'
  aliases:
    hosts:
      WEBSERVERS:
--- a/sudoers/files/sudoers
+++ b/sudoers/files/sudoers
@ -1,21 +1,31 @@
 {%- if (not included) %}
  {%- set sudoers = pillar.get('sudoers', {}) %}
  {%- if grains['os_family'] == 'Debian' %}
-    {%- set defaults = sudoers.get('defaults', [
+    {%- set defaults = sudoers.get('defaults', {'generic': [
      'env_reset',
      'mail_badpass',
      'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
-    ]) %}
+    ]}) %}
    {%- set users = sudoers.get('users', {'root': 'ALL=(ALL:ALL) ALL'}) %}
    {%- set groups = sudoers.get('groups', {'sudo': 'ALL=(ALL:ALL) ALL'}) %}
  {%- else %}
-    {%- set defaults = sudoers.get('defaults', []) %}
+    {%- set defaults = sudoers.get('defaults', {}) %}
+    {%- set generic_defaults = defaults.get('generic', []) %}
+    {%- set user_list_defaults = defaults.get('user_list', {}) %}
+    {%- set host_list_defaults = defaults.get('host_list', {}) %}
+    {%- set command_list_defaults = defaults.get('command_list', {}) %}
+    {%- set runas_list_defaults = defaults.get('runas_list', {}) %}
    {%- set users = sudoers.get('users', {}) %}
    {%- set groups = sudoers.get('groups', {}) %}
  {%- endif %}
  {%- set includedir = sudoers.get('includedir', '/etc/sudoers.d') -%}
 {%- else %}
-  {%- set defaults = sudoers.get('defaults', []) %}
+  {%- set defaults = sudoers.get('defaults', {}) %}
+  {%- set generic_defaults = defaults.get('generic', []) %}
+  {%- set user_list_defaults = defaults.get('user_list', {}) %}
+  {%- set host_list_defaults = defaults.get('host_list', {}) %}
+  {%- set command_list_defaults = defaults.get('command_list', {}) %}
+  {%- set runas_list_defaults = defaults.get('runas_list', {}) %}
  {%- set users = sudoers.get('users', {}) %}
  {%- set groups = sudoers.get('groups', {}) %}
  {%- set includedir = sudoers.get('includedir', None) %}
@ -29,9 +39,23 @@
 # This file is managed by salt
 #

-{% for default in defaults -%}
+# Defaults specification
+{% for default in generic_defaults -%}
 Defaults {{ default }}
 {% endfor %}
+{%- for user,spec in user_list_defaults.items() %}
+Defaults:{{ user }} {{ spec }}
+{%- endfor %}
+{%- for host,spec in host_list_defaults.items() %}
+Defaults@{{ host }} {{ spec }}
+{%- endfor %}
+{%- for command,spec in command_list_defaults.items() %}
+Defaults!{{ command }} {{ spec }}
+{%- endfor %}
+{%- for runas,spec in runas_list_defaults.items() %}
+Defaults>{{ runas }} {{ spec }}
+{%- endfor %}
+
 # Host alias specification
 {%- for name,hosts in host_aliases.items() %}
 Host_Alias {{ name }} = {{ ",".join(hosts) }}
--- a/sudoers/package-map.jinja
+++ b/sudoers/package-map.jinja
@ -4,6 +4,7 @@
    'CentOS': {'sudo': 'sudo'},
    'Fedora': {'sudo': 'sudo'},
    'RedHat': {'sudo': 'sudo'},
+    'Amazon': {'sudo': 'sudo'},
    'Gentoo': {'sudo': 'app-admin/sudo'}
 } %}