Make management of the main sudoers config optional

It should be possible to not overwrite the main sudoers configuration
file and only provide files to be included. This introduces a new Pillar
variable to achieve that. If it's not set we default to the old
behaviour of managing that file.
This commit is contained in:
Sebastian Meyer 2018-08-22 12:14:02 +02:00
parent 76a3db1b3b
commit 73d2d70dbb
No known key found for this signature in database
GPG Key ID: CC41E41BC2D45D73
3 changed files with 15 additions and 0 deletions

View File

@ -1,4 +1,6 @@
sudoers:
# By default the main sudoers file is managed by this formula (False to skip)
manage_main_config: True
users:
johndoe:
- 'ALL=(ALL) ALL'

View File

@ -23,6 +23,8 @@ sudoers include {{ included_file }}:
- context:
included: True
sudoers: {{ spec|json }}
{% if salt['pillar.get']('sudoers:manage_main_config', True) %}
- require:
- file: {{ sudoers.get('configpath', '/etc') }}/sudoers
{% endif %}
{% endfor %}

View File

@ -4,6 +4,8 @@ sudo:
pkg.installed:
- name: {{ sudoers.pkg }}
{% if salt['pillar.get']('sudoers:manage_main_config', True) %}
{{ sudoers.get('configpath', '/etc') }}/sudoers:
file.managed:
- user: root
@ -16,3 +18,12 @@ sudo:
included: False
- require:
- pkg: sudo
{% else %}
{{ sudoers.get('configpath', '/etc') }}/sudoers:
test.show_notification:
- name: Skipping management of main sudoers file
- text: Pillar manage_main_config is False
{% endif %}