[chef] new sudo lwrp for managing sudoers fragments

[Bryan Berry < >]

I wrote a sudo lwrp, comments appreciated
https://github.com/bryanwb/cookbooks/blob/master/sudo/README.md

It now has a much simpler api .  Comments, criticism would be much appreciated

from the README.md

 It has two modes, "natural" mode which mimics the sudoers file
interface and "template" mode where you supply a regular erb template
and hash of variables. For "template" mode, the sudo lwrp simply
ensures that resulting sudo fragment passes validation and has the
proper filesystem permissions.

In either mode, the sudo lwrp will render a sudoers fragment in 
/etc/sudoers.d/

In the case that the sudoers fragment does not pass validation, this
lwrp will fail the chef-client run before the fragment can be copied
to /etc/sudoers.d. This prevents the corruption of your sudoers
configuration.

Example of the default mode, "natural" mode

sudo "tomcat" do
  user "%tomcat" # or a username
  runas "app_user" # or "app_user : tomcat"
  commands ["/etc/init.d/tomcat restart"] # array of commands, will be
.join(",")
  host "ALL"
  nopasswd false # true prepends the runas_spec with NOPASSWD
end
Example of template mode

sudo "tomcat"
  # this template must exist in the calling cookbook
  template "restart_tomcat.erb"
  variables( :cmds => [ "/etc/init.d/tomcat restart" ] )
end
In either case, the following file would be generated in /etc/sudoers.d/tomcat

 # this file was generated by chef
 %tomcat ALL=(app_user) /etc/init.d/tomcat restart