bundles/sudo: use sudoers.d

bundles/sudo/files/bwusers

@@ -0,0 +1,5 @@
+% for user, config in sorted(node.metadata['users'].items()):
+%     for p in sorted(config.get('sudo_commands', [])):
+${user} ALL=(ALL) NOPASSWD:${p}
+%     endfor
+% endfor

bundles/sudo/files/sudoers

@@ -6,8 +6,4 @@ Defaults secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bi
 
 root ALL=(ALL) ALL
 
-% for user, permissions in sorted(node.metadata['sudo'].items()):
+#includedir /etc/sudoers.d
-%     for p in sorted(permissions):
-${user} ALL=(ALL) NOPASSWD:${p}
-%     endfor
-% endfor

bundles/sudo/items.py

@@ -2,8 +2,19 @@ groups = {
     'sudo': {},
 }
 
+directories = {
+    '/etc/sudoers.d': {
+        'purge': True,
+    },
+}
+
 files = {
     '/etc/sudoers': {
+        'needs': {
+            'file:/etc/sudoers.d/bwusers',
+        },
+    },
+    '/etc/sudoers.d/bwusers': {
         'content_type': 'mako',
     },
 }

bundles/sudo/metadata.py

@@ -1,11 +0,0 @@
-@metadata_reactor
-def sudo_users(metadata):
-    sudoers = {}
-
-    for username, config in metadata.get('users', {}).items():
-        if 'sudo_commands' in config:
-            sudoers[username] = config['sudo_commands']
-
-    return {
-        'sudo': sudoers,
-    }