feat(ordering): optionally append includefiles to main config

docs/README.rst

@@ -51,7 +51,7 @@ Set up the sudoers file
 ``sudoers.included``
 ^^^^^^^^^^^^^^^^^^^^
 
-Set up an additional sudoers included file
+Set up an additional sudoers included file.
 
 
 Testing

pillar.example

@@ -63,3 +63,9 @@ sudoers:
       netgroups:
         other_netgroup:
           - 'ALL=(ALL) ALL'
+  # ordering is important. The sudoers manpage says when multiple
+  # entries match, the last match is used. However, if we do not
+  # manage the main config, our included files may not match last.
+  # To guarantee included files match last, set 'true' below to append
+  # each '#include <includefile>' to sudoers file.
+  append_included_files_to_endof_main_config: true

sudoers/defaults.yaml

@@ -10,3 +10,4 @@ sudoers:
   execprefix: /usr/sbin
   includedir: /etc/sudoers.d
   included_files: {}
+  append_included_files_to_endof_main_config: false

sudoers/included/init.sls

@@ -0,0 +1,5 @@
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+include:
+  - .install

sudoers/included.sls → sudoers/included/install.sls

@@ -40,5 +40,9 @@ sudoers include {{ included_file }}:
       - file: {{ sudoers.configpath }}/sudoers
     - require_in:
       - file: {{ sudoers.includedir }}
+    {% elif sudoers.append_included_files_to_endof_main_config %}
+  file.append:
+    - name: {{ sudoers.configpath }}/sudoers
+    - text: '#include {{ sudoers.configpath }}/sudoers.d/{{ included_file }}'
     {% endif %}
 {% endfor %}

test/integration/default/files/_mapdata/almalinux-8.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/amazonlinux-1.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/amazonlinux-2.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/arch-base-latest.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/centos-6.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/centos-7.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/centos-8.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/debian-10.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/debian-11.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/debian-9.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/fedora-31.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/fedora-32.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/fedora-33.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/fedora-34.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/gentoo-2-sysd.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/gentoo-2-sysv.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/opensuse-15.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/oraclelinux-7.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/oraclelinux-8.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/rockylinux-8.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/ubuntu-16.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/ubuntu-18.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults:

test/integration/default/files/_mapdata/ubuntu-20.yaml

@@ -20,6 +20,7 @@ values:
       - millert
       - dowdy
       - mikef
+  append_included_files_to_endof_main_config: false
   arch: amd64
   configpath: /etc
   defaults: