Check for sudo_rules before text.append state.

Since ebe5198f, if a user's pillar dict didn't contain sudo_rules, a broken
file.append state would be rendered (since some text is required). With
this patch, the file is still created/managed by the previous state, but
will be empty by default if created fresh. This seems a more sensible
default than assuming a default sudoer policy.

Further, since the first word on each rule line should be the user's
name, that is now assumed.
This commit is contained in:
Adam Wright 2014-02-22 08:43:52 +00:00
parent 56ca792f84
commit 2c58a76ce6
1 changed files with 9 additions and 7 deletions

View File

@ -125,15 +125,17 @@ sudoer-{{ name }}:
- user: root
- group: root
- mode: '0440'
{% if 'sudo_rules' in user %}
/etc/sudoers.d/{{ name }}:
file.append:
- text:
{% for rule in user.get('sudo_rules', []) %}
- {{ rule }}
{% endfor %}
- require:
- file: sudoer-defaults
- file: sudoer-{{ name }}
- text:
{% for rule in user['sudo_rules'] %}
- "{{ name }} {{ rule }}"
{% endfor %}
- require:
- file: sudoer-defaults
- file: sudoer-{{ name }}
{% endif %}
{% else %}
/etc/sudoers.d/{{ name }}:
file.absent: