Merge pull request #5 from rfairburn/master

Support Amazon Linux and Additional defaults support

pillar.example

@@ -4,9 +4,19 @@ sudoers:
   groups:
     sudo: 'ALL=(ALL) NOPASSWD: ALL'
   defaults:
-    - env_reset
-    - mail_badpass
-    - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    generic:
+      - env_rset
+      - mail_badpass
+      - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    user_list:
+      johndoe: '!requiretty'
+      ADMINS: '!lecture'
+    host_list:
+      www1: 'log_year, logfile=/var/log/sudo.log'
+    command_list:
+      PROCESSES: 'noexec'
+    runas_list:
+      root: '!set_logname'
   aliases:
     hosts:
       WEBSERVERS:

sudoers/files/sudoers

@@ -1,21 +1,31 @@
 {%- if (not included) %}
   {%- set sudoers = pillar.get('sudoers', {}) %}
   {%- if grains['os_family'] == 'Debian' %}
-    {%- set defaults = sudoers.get('defaults', [
+    {%- set defaults = sudoers.get('defaults', {'generic': [
       'env_reset',
       'mail_badpass',
       'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
-    ]) %}
+    ]}) %}
     {%- set users = sudoers.get('users', {'root': 'ALL=(ALL:ALL) ALL'}) %}
     {%- set groups = sudoers.get('groups', {'sudo': 'ALL=(ALL:ALL) ALL'}) %}
   {%- else %}
-    {%- set defaults = sudoers.get('defaults', []) %}
+    {%- set defaults = sudoers.get('defaults', {}) %}
+    {%- set generic_defaults = defaults.get('generic', []) %}
+    {%- set user_list_defaults = defaults.get('user_list', {}) %}
+    {%- set host_list_defaults = defaults.get('host_list', {}) %}
+    {%- set command_list_defaults = defaults.get('command_list', {}) %}
+    {%- set runas_list_defaults = defaults.get('runas_list', {}) %}
     {%- set users = sudoers.get('users', {}) %}
     {%- set groups = sudoers.get('groups', {}) %}
   {%- endif %}
   {%- set includedir = sudoers.get('includedir', '/etc/sudoers.d') -%}
 {%- else %}
-  {%- set defaults = sudoers.get('defaults', []) %}
+  {%- set defaults = sudoers.get('defaults', {}) %}
+  {%- set generic_defaults = defaults.get('generic', []) %}
+  {%- set user_list_defaults = defaults.get('user_list', {}) %}
+  {%- set host_list_defaults = defaults.get('host_list', {}) %}
+  {%- set command_list_defaults = defaults.get('command_list', {}) %}
+  {%- set runas_list_defaults = defaults.get('runas_list', {}) %}
   {%- set users = sudoers.get('users', {}) %}
   {%- set groups = sudoers.get('groups', {}) %}
   {%- set includedir = sudoers.get('includedir', None) %}
@@ -29,9 +39,23 @@
 # This file is managed by salt
 #
 
-{% for default in defaults -%}
+# Defaults specification
+{% for default in generic_defaults -%}
 Defaults {{ default }}
 {% endfor %}
+{%- for user,spec in user_list_defaults.items() %}
+Defaults:{{ user }} {{ spec }}
+{%- endfor %}
+{%- for host,spec in host_list_defaults.items() %}
+Defaults@{{ host }} {{ spec }}
+{%- endfor %}
+{%- for command,spec in command_list_defaults.items() %}
+Defaults!{{ command }} {{ spec }}
+{%- endfor %}
+{%- for runas,spec in runas_list_defaults.items() %}
+Defaults>{{ runas }} {{ spec }}
+{%- endfor %}
+
 # Host alias specification
 {%- for name,hosts in host_aliases.items() %}
 Host_Alias {{ name }} = {{ ",".join(hosts) }}

sudoers/package-map.jinja

@@ -4,6 +4,7 @@
     'CentOS': {'sudo': 'sudo'},
     'Fedora': {'sudo': 'sudo'},
     'RedHat': {'sudo': 'sudo'},
+    'Amazon': {'sudo': 'sudo'},
     'Gentoo': {'sudo': 'app-admin/sudo'}
 } %}