From 2c58a76ce64004a2fc7e6097f417713a89512558 Mon Sep 17 00:00:00 2001
From: Adam Wright <adam@hipikat.org>
Date: Sat, 22 Feb 2014 08:43:52 +0000
Subject: [PATCH] Check for sudo_rules before text.append state.

Since ebe5198f, if a user's pillar dict didn't contain sudo_rules, a broken
file.append state would be rendered (since some text is required). With
this patch, the file is still created/managed by the previous state, but
will be empty by default if created fresh. This seems a more sensible
default than assuming a default sudoer policy.

Further, since the first word on each rule line should be the user's
name, that is now assumed.
---
 users/init.sls | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/users/init.sls b/users/init.sls
index 9a54d79..be0471f 100644
--- a/users/init.sls
+++ b/users/init.sls
@@ -125,15 +125,17 @@ sudoer-{{ name }}:
     - user: root
     - group: root
     - mode: '0440'
+{% if 'sudo_rules' in user %}
 /etc/sudoers.d/{{ name }}:
   file.append:
-  - text:
-    {% for rule in user.get('sudo_rules', []) %}
-    - {{ rule }}
-    {% endfor %}
-  - require:
-    - file: sudoer-defaults
-    - file: sudoer-{{ name }}
+    - text:
+      {% for rule in user['sudo_rules'] %}
+      - "{{ name }} {{ rule }}"
+      {% endfor %}
+    - require:
+      - file: sudoer-defaults
+      - file: sudoer-{{ name }}
+{% endif %}
 {% else %}
 /etc/sudoers.d/{{ name }}:
   file.absent: