73d2d70dbb
It should be possible to not overwrite the main sudoers configuration file and only provide files to be included. This introduces a new Pillar variable to achieve that. If it's not set we default to the old behaviour of managing that file.
29 lines
738 B
Text
29 lines
738 B
Text
{% from "sudoers/map.jinja" import sudoers with context %}
|
|
|
|
sudo:
|
|
pkg.installed:
|
|
- name: {{ sudoers.pkg }}
|
|
|
|
{% if salt['pillar.get']('sudoers:manage_main_config', True) %}
|
|
|
|
{{ sudoers.get('configpath', '/etc') }}/sudoers:
|
|
file.managed:
|
|
- user: root
|
|
- group: {{ sudoers.get('group', 'root') }}
|
|
- mode: 440
|
|
- template: jinja
|
|
- source: salt://sudoers/files/sudoers
|
|
- check_cmd: {{ sudoers.get('execprefix', '/usr/sbin') }}/visudo -c -f
|
|
- context:
|
|
included: False
|
|
- require:
|
|
- pkg: sudo
|
|
|
|
{% else %}
|
|
|
|
{{ sudoers.get('configpath', '/etc') }}/sudoers:
|
|
test.show_notification:
|
|
- name: Skipping management of main sudoers file
|
|
- text: Pillar manage_main_config is False
|
|
|
|
{% endif %}
|