From 2c42eafbad2b20ef3e5b58d2f0ce3db176e5c675 Mon Sep 17 00:00:00 2001
From: Garrett Marone <garrett.marone@gmail.com>
Date: Tue, 8 Dec 2015 08:41:40 -0800
Subject: [PATCH] adding network group specs to sudoers

---
 pillar.example        |  4 ++++
 sudoers/files/sudoers | 10 ++++++++++
 2 files changed, 14 insertions(+)

diff --git a/pillar.example b/pillar.example
index 27731e5..aa90b69 100644
--- a/pillar.example
+++ b/pillar.example
@@ -7,6 +7,10 @@ sudoers:
     sudo:
       - 'ALL=(ALL) ALL'
       - 'ALL=(nodejs) NOPASSWD: ALL'
+  network_groups:
+    my-network-admin-group:
+      - 'ALL=(ALL) ALL'
+      - 'ALL=(nodejs) NOPASSWD: ALL'
   defaults:
     generic:
       - env_reset
diff --git a/sudoers/files/sudoers b/sudoers/files/sudoers
index affc316..8274ff0 100644
--- a/sudoers/files/sudoers
+++ b/sudoers/files/sudoers
@@ -13,6 +13,7 @@
     {%- set runas_list_defaults = defaults.get('runas_list', {}) %}
     {%- set users = sudoers.get('users', {'root': ['ALL=(ALL:ALL) ALL']}) %}
     {%- set groups = sudoers.get('groups', {'sudo': ['ALL=(ALL:ALL) ALL']}) %}
+    {%- set network_groups = sudoers.get('network_groups', {'sudo': ['ALL=(ALL:ALL) ALL']}) %}
   {%- else %}
     {%- set defaults = sudoers.get('defaults', {}) %}
     {%- set generic_defaults = defaults.get('generic', []) %}
@@ -22,6 +23,7 @@
     {%- set runas_list_defaults = defaults.get('runas_list', {}) %}
     {%- set users = sudoers.get('users', {}) %}
     {%- set groups = sudoers.get('groups', {}) %}
+    {%- set network_groups = sudoers.get('network_groups', {}) %}
   {%- endif %}
   {%- set includedir = sudoers.get('includedir', '/etc/sudoers.d') -%}
 {%- else %}
@@ -33,6 +35,7 @@
   {%- set runas_list_defaults = defaults.get('runas_list', {}) %}
   {%- set users = sudoers.get('users', {}) %}
   {%- set groups = sudoers.get('groups', {}) %}
+  {%- set network_groups = sudoers.get('network_groups', {}) %}
   {%- set includedir = sudoers.get('includedir', None) %}
 {%- endif %}
 {%- set aliases = sudoers.get('aliases', {}) %}
@@ -95,6 +98,13 @@ Runas_Alias {{ name }} = {{ ",".join(runas) }}
   {%- endfor %}
 {%- endfor %}
 
+# Network Group privilege specification
+{%- for group,specs in network_groups.items() %}
+  {%- for spec in specs %}
++{{ group }} {{ spec }}
+  {%- endfor %}
+{%- endfor %}
+
 {% if includedir %}
 ## Read drop-in files from /etc/sudoers.d
 ## (the '#' here does not indicate a comment)