start of sudoers formula

10 years ago · 8eb95cfcda
parent d9f1a84b78
commit 8eb95cfcda
4 changed files with 100 additions and 0 deletions
--- a/pillar.example
+++ b/pillar.example
@ -0,0 +1,28 @@
+sudoers:
+  users:
+    johndoe: 'ALL=(ALL) ALL'
+  groups:
+    sudo: 'ALL=(ALL) NOPASSWD: ALL'
+  defaults:
+    - env_reset
+    - mail_badpass
+    - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+  aliases:
+    hosts:
+      - WEBSERVERS:
+        - www1
+        - www2
+        - www3
+    users:
+      - ADMINS:
+        - millert
+        - dowdy
+        - mikef
+    commands:
+      - PROCESSES:
+        - /usr/bin/nice
+        - /bin/kill
+        - /usr/bin/renice
+        - /usr/bin/pkill
+        - /usr/bin/top
+  #include: /etc/sudoers.d
--- a/sudoers/files/sudoers
+++ b/sudoers/files/sudoers
@ -0,0 +1,43 @@
+{% set sudoers = pillar.get('sudoers', {}) %}
+{% set defaults = sudoers.get('defaults', []) %}
+{% set aliases = sudoers.get('aliases', {}) %}
+{% set host_aliases = aliases.get('host', []) %}
+{% set user_aliases = aliases.get('user', []) %}
+{% set cmnd_aliases = aliases.get('commands', []) %}
+{% set runas_aliases = aliases.get('runas', []) %}
+{% set users = sudoers.get('users', {}) %}
+{% set groups = sudoers.get('groups', {}) %}
+{% set includedir = sudoers.get('includedir', None) %}
+#
+# This file is managed by salt
+#
+
+{% for default in defaults -%}
+Defaults {{ default }}
+{%- endfor %}
+
+# Host alias specification
+{% for default in defaults -%}
+Defaults {{ default }}
+{%- endfor %}
+
+# User alias specification
+{{ user_aliases }}
+
+# Cmnd alias specification
+{{ cmnd_aliases }}
+
+# Runas alias specification
+{{ runas_aliases }}
+
+# User privilege specification
+{{ users }}
+
+# Group privilege specification
+{{ groups }}
+
+{% if includes %}
+includedir {{ includedir }}
+{% else %}
+#includedir /etc/sudoers.d
+{% endif %}
--- a/sudoers/init.sls
+++ b/sudoers/init.sls
@ -0,0 +1,15 @@
+{% from "sudoers/package-map.jinja" import pkgs with context %}
+
+sudo:
+  pkg.installed:
+    - name: {{ pkg.sudo }}
+
+/etc/sudoers
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 440
+    - template: jinja
+    - source: salt://sudoers/files/sudoers
+    - require:
+      - pkg: sudo
--- a/sudoers/package-map.jinja
+++ b/sudoers/package-map.jinja
@ -0,0 +1,14 @@
+{% set package_table = {
+    'Debian': {'sudo': 'sudo'},
+    'Ubuntu': {'sudo': 'sudo'},
+    'CentOS': {'sudo': 'sudo'},
+    'Fedora': {'sudo': 'sudo'},
+    'RedHat': {'sudo': 'sudo'},
+    'Gentoo': {'sudo': 'app-admin/sudo'}
+} %}
+
+{% if 'package_table' in pillar %}
+    {% set pkgs = pillar['package_table'] %}
+{% elif grains['os'] in package_table %}
+    {% set pkgs = package_table[grains['os']] %}
+{% endif %}