From ebb103d6a47fab288c28e19b9571ae82b1587ee0 Mon Sep 17 00:00:00 2001
From: bellaweo <mmeyer@plos.org>
Date: Tue, 14 Feb 2017 13:34:39 -0800
Subject: [PATCH] init commit, create lookup table

---
 sudoers/files/sudoers |  8 +++++++-
 sudoers/map.jinja     | 11 +++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/sudoers/files/sudoers b/sudoers/files/sudoers
index affc316..4d95f24 100644
--- a/sudoers/files/sudoers
+++ b/sudoers/files/sudoers
@@ -1,3 +1,4 @@
+{% from "sudoers/map.jinja" import group_maps with context %}
 {%- if (not included) %}
   {%- set sudoers = pillar.get('sudoers', {}) %}
   {%- if grains['os_family'] == 'Debian' %}
@@ -91,9 +92,14 @@ Runas_Alias {{ name }} = {{ ",".join(runas) }}
 # Group privilege specification
 {%- for group,specs in groups.items() %}
   {%- for spec in specs %}
-%{{ group }} {{ spec }}
+{{ group }} {{ spec }}
   {%- endfor %}
 {%- endfor %}
+{% for unix_group in in salt['pillar.get']('group_map:core', {}).keys() %}
+  {% if unix_group in group_map.keys() %}
+{{ unix_group }} {{ group_map.unix_group }}
+  {% else %}
+{{ unix_group }} (( group_map.default }}
 
 {% if includedir %}
 ## Read drop-in files from /etc/sudoers.d
diff --git a/sudoers/map.jinja b/sudoers/map.jinja
index 14023d0..23cfeeb 100644
--- a/sudoers/map.jinja
+++ b/sudoers/map.jinja
@@ -13,3 +13,14 @@
                 'config-path': '/usr/local/etc',
                 'group': 'wheel'},
 }, merge=salt['pillar.get']('sudoers:lookup', None)) %}
+
+{% set group_maps = salt['grains.filter_by']({
+    'default': { 'default': 'ALL = (ALL:ALL) NOPASSWD: SUPPORT' },
+    'dev': { 'default': 'ALL = (ALL:ALL) NOPASSWD: ALL' },
+    'qa': { 'default': 'ALL = (ALL:ALL) NOPASSWD: SUPPORT',
+            'plosqa': 'ALL = (ALL:ALL) NOPASSWD: ALL' },
+    },
+    grain='environment',
+    merge=salt['pillar.get']('group_maps:lookup', None)),
+    default='default'
+%}