Merge pull request #4 from carlosperello/master

Added support for managing included files

AUTHORS

@@ -0,0 +1,2 @@
+Kenneth Wilke <kenneth.wilke@rackspace.com>
+Carlos Perelló Marín <carlos@pemas.net>

LICENSE

@@ -1,15 +1,13 @@
-epel
-====
+Copyright (c) 2013-2014 Salt Stack Formulas
 
-Install the EPEL RPM and GPG key on RHEL 5/6 or CentOS 5/6.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
 
-.. note::
+  http://www.apache.org/licenses/LICENSE-2.0
 
-    See the full `Salt Formulas installation and usage instructions
-    <http://docs.saltstack.com/topics/conventions/formulas.html>`_.
-
-Available states
-----------------
-
-``epel``
-    Installs the GPG key and EPEL RPM package for the current OS.
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

README.rst

@@ -1,7 +1,7 @@
 sudoers
 =======
 
-Set up the sudoers file
+Set up sudo and the sudoers included files.
 
 .. note::
 
@@ -13,3 +13,6 @@ Available states
 
 ``sudoers``
     Set up the sudoers file
+
+``sudoers.included``
+    Set up an additional sudoers included file

pillar.example

@@ -26,3 +26,9 @@ sudoers:
         - /usr/bin/pkill
         - /usr/bin/top
   includedir: /etc/sudoers.d
+  included_files:
+    /etc/sudoers.d/extra-file:
+      users:
+        foo: 'ALL=(ALL) ALL'
+      groups:
+        bargroup: 'ALL=(ALL) NOPASSWD: ALL'

sudoers/files/sudoers

@@ -1,13 +1,30 @@
-{% set sudoers = pillar.get('sudoers', {}) %}
-{%- set defaults = sudoers.get('defaults', []) %}
+{%- if (not included) %}
+  {%- set sudoers = pillar.get('sudoers', {}) %}
+  {%- if grains['os_family'] == 'Debian' %}
+    {%- set defaults = sudoers.get('defaults', [
+      'env_reset',
+      'mail_badpass',
+      'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
+    ]) %}
+    {%- set users = sudoers.get('users', {'root': 'ALL=(ALL:ALL) ALL'}) %}
+    {%- set groups = sudoers.get('groups', {'sudo': 'ALL=(ALL:ALL) ALL'}) %}
+  {%- else %}
+    {%- set defaults = sudoers.get('defaults', []) %}
+    {%- set users = sudoers.get('users', {}) %}
+    {%- set groups = sudoers.get('groups', {}) %}
+  {%- endif %}
+  {%- set includedir = sudoers.get('includedir', '/etc/sudoers.d') -%}
+{%- else %}
+  {%- set defaults = sudoers.get('defaults', []) %}
+  {%- set users = sudoers.get('users', {}) %}
+  {%- set groups = sudoers.get('groups', {}) %}
+  {%- set includedir = sudoers.get('includedir', None) %}
+{%- endif %}
 {%- set aliases = sudoers.get('aliases', {}) %}
 {%- set host_aliases = aliases.get('hosts', {}) %}
 {%- set user_aliases = aliases.get('users', {}) %}
 {%- set command_aliases = aliases.get('commands', {}) %}
-{%- set runas_aliases = aliases.get('runas', {}) %}
-{%- set users = sudoers.get('users', {}) %}
-{%- set groups = sudoers.get('groups', {}) %}
-{%- set includedir = sudoers.get('includedir', None) -%}
+{%- set runas_aliases = aliases.get('runas', {}) -%}
 #
 # This file is managed by salt
 #
@@ -47,6 +64,4 @@ Runas_Alias {{ name }} = {{ ",".join(runas) }}
 
 {% if includedir %}
 #includedir {{ includedir }}
-{% else %}
-#includedir /etc/sudoers.d
 {% endif %}

sudoers/included.sls

@@ -0,0 +1,19 @@
+include:
+  - sudoers
+
+{% set sudoers = pillar.get('sudoers', {}) %}
+{% set included_files = sudoers.get('included_files', []) %}
+{% for included_file,spec in included_files.items() -%}
+{{ included_file }}:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 440
+    - template: jinja
+    - source: salt://sudoers/files/sudoers
+    - context:
+        included: True
+        sudoers: {{ spec }}
+    - require:
+      - file: /etc/sudoers
+{% endfor %}

sudoers/init.sls

@@ -11,5 +11,7 @@ sudo:
     - mode: 440
     - template: jinja
     - source: salt://sudoers/files/sudoers
+    - context:
+        included: False
     - require:
       - pkg: sudo