Check for sudo_rules before text.append state.

Since ebe5198f, if a user's pillar dict didn't contain sudo_rules, a broken file.append state would be rendered (since some text is required). With this patch, the file is still created/managed by the previous state, but will be empty by default if created fresh. This seems a more sensible default than assuming a default sudoer policy. Further, since the first word on each rule line should be the user's name, that is now assumed.
2014-02-22 08:43:52 +00:00 · 2014-02-22 08:43:52 +00:00 · 2c58a76ce6
commit 2c58a76ce6
parent 56ca792f84
1 changed files with 9 additions and 7 deletions
--- a/users/init.sls
+++ b/users/init.sls
@ -125,15 +125,17 @@ sudoer-{{ name }}:
    - user: root
    - group: root
    - mode: '0440'
+{% if 'sudo_rules' in user %}
 /etc/sudoers.d/{{ name }}:
  file.append:
    - text:
-    {% for rule in user.get('sudo_rules', []) %}
-    - {{ rule }}
+      {% for rule in user['sudo_rules'] %}
+      - "{{ name }} {{ rule }}"
      {% endfor %}
    - require:
      - file: sudoer-defaults
      - file: sudoer-{{ name }}
+{% endif %}
 {% else %}
 /etc/sudoers.d/{{ name }}:
  file.absent: