WIP: Adding the ability for the role to create individual /etc/sudoers.d/ …

[bschonec]

…files instead of one, monolithic file.

I'd like to get your opinion on changing the fundamental properties of how this role works. This is still a W.I.P., but I'd like to submit a pull request just to get on your radar.

There are good reasons to have the ability to create multiple /etc/sudoers.d/ files. My changes preserve the ability to create a single, monolithic file yet still have the ability to create multiple files.

I have added a 'comment' field and modified the sudoers template quite a bit. The sudoers template has the ability to allow both users and groups in a single sudoers file.

I'm not so sure that my /etc/sudoers.d/ cleanup process is the best way to do it. Creating that sudo_keep list seems kinda hacky; perhaps other eyes on the code can find a better way.

[franklinkim]

Hi, thanks for the PR!

I don't yet think splitting up the files is necessary (see #29)

I like the idea of adding aliases to the config but I think we could keep it simple and give the user the ability to manage the aliases themselves.

What about providing aliases through the config like this:

...
sudo_sudoers_host_aliases: 
  LAN: 
    - mario.host.com
    - lucy.host.com
sudo_sudoers_user_aliases:
  WEBADMIN: ankit, sam
sudo_sudoers_cmd_aliases:
  BIN = /bin/rpm, /bin/rm, /sbin/linuxconf
...

and adding them to the file

...
{% for key, value in sudo_sudoers_host_aliases %}
Host_Alias {{ key }} = {{ value if value is string else value | join(',') }}
{% enfor %}
...