use sudo::defaults in rhel9 template

REFERENCE.md

@@ -23,6 +23,15 @@ rpm. so we add a dependencies to the ldap module.
 
 * [`sudo::conf`](#sudo--conf): Manages sudo configuration snippets
 
+### Functions
+
+* [`sudo::defaults`](#sudo--defaults): Formats sudoers defaults config see https://linux.die.net/man/5/sudoers      Default_Type ::= 'Defaults' |                      'Defaults' '@
+
+### Data types
+
+* [`Sudo::Defaults`](#Sudo--Defaults): sudo defaults
+* [`Sudo::Defaults_operator`](#Sudo--Defaults_operator): custom datatype that validates sudo defaults operators
+
 ## Classes
 
 ### <a name="sudo"></a>`sudo`
@@ -71,6 +80,7 @@ The following parameters are available in the `sudo` class:
 * [`wheel_config`](#-sudo--wheel_config)
 * [`sudoreplay_discard`](#-sudo--sudoreplay_discard)
 * [`configs`](#-sudo--configs)
+* [`defaults`](#-sudo--defaults)
 
 ##### <a name="-sudo--enable"></a>`enable`
 
@@ -335,6 +345,14 @@ A hash of sudo::conf's
 
 Default value: `{}`
 
+##### <a name="-sudo--defaults"></a>`defaults`
+
+Data type: `Sudo::Defaults`
+
+
+
+Default value: `$sudo::params::defaults`
+
 ### <a name="sudo--allow"></a>`sudo::allow`
 
 This class allows you to take complete advantage of automatic parameter
@@ -506,3 +524,85 @@ Path to use for executing the sudo syntax check
 
 Default value: `'/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'`
 
+## Functions
+
+### <a name="sudo--defaults"></a>`sudo::defaults`
+
+Type: Ruby 4.x API
+
+Formats sudoers defaults config see https://linux.die.net/man/5/sudoers
+
+    Default_Type ::= 'Defaults' |
+                     'Defaults' '@' Host_List |
+                     'Defaults' ':' User_List |
+                     'Defaults' '!' Cmnd_List |
+                     'Defaults' '>' Runas_List
+
+    Default_Entry ::= Default_Type Parameter_List
+
+    Parameter_List ::= Parameter |
+                       Parameter ',' Parameter_List
+
+    Parameter ::= Parameter '=' Value |
+                  Parameter '+=' Value |
+                  Parameter '-=' Value |
+                  '!'* Parameter
+
+The function is passed an Array of Tuples
+e.g. [["env_reset", nil]]
+     [["mailto", {"value" => root}]]
+
+#### `sudo::defaults(Any *$args)`
+
+Formats sudoers defaults config see https://linux.die.net/man/5/sudoers
+
+    Default_Type ::= 'Defaults' |
+                     'Defaults' '@' Host_List |
+                     'Defaults' ':' User_List |
+                     'Defaults' '!' Cmnd_List |
+                     'Defaults' '>' Runas_List
+
+    Default_Entry ::= Default_Type Parameter_List
+
+    Parameter_List ::= Parameter |
+                       Parameter ',' Parameter_List
+
+    Parameter ::= Parameter '=' Value |
+                  Parameter '+=' Value |
+                  Parameter '-=' Value |
+                  '!'* Parameter
+
+The function is passed an Array of Tuples
+e.g. [["env_reset", nil]]
+     [["mailto", {"value" => root}]]
+
+Returns: `String`
+
+##### `*args`
+
+Data type: `Any`
+
+
+
+## Data types
+
+### <a name="Sudo--Defaults"></a>`Sudo::Defaults`
+
+sudo defaults
+
+Alias of
+
+```puppet
+Hash[String, Variant[Struct[{
+                                      Optional[list] => String,
+                                      Optional[operator] => Sudo::Defaults_operator,
+                                      Optional[value] => Variant[String,Numeric],
+                                  }], Undef]]
+```
+
+### <a name="Sudo--Defaults_operator"></a>`Sudo::Defaults_operator`
+
+custom datatype that validates sudo defaults operators
+
+Alias of `Enum['=', '+=', '-=', '!']`
+

lib/puppet/functions/sudo/defaults.rb

@@ -22,6 +22,11 @@
 # e.g. [["env_reset", nil]]
 #      [["mailto", {"value" => root}]]
 Puppet::Functions.create_function(:'sudo::defaults') do
+  dispatch :defaults do
+    repeated_param 'Any', :args
+    return_type 'String'
+  end
+
   def defaults(*args)
     res = ''
     raise "Unsupported number of arguments #{args.size}: #{args.inspect}" if args.nil?

manifests/init.pp

@@ -148,7 +148,7 @@
   Enum['absent','password','nopassword']         $wheel_config        = $sudo::params::wheel_config,
   Optional[Array[String[1]]]                     $sudoreplay_discard  = undef,
   Hash                                           $configs             = {},
-  Sudo::Defaults                            $defaults            = $sudo::params::defaults,
+  Sudo::Defaults                                 $defaults            = $sudo::params::defaults,
 ) inherits sudo::params {
   case $enable {
     true: {

spec/classes/sudo_spec.rb

@@ -39,14 +39,16 @@
         it { is_expected.to compile.and_raise_error(%r{'content' \(deprecated\) and 'content_string' are mutually exclusive}) }
       end
 
-      context 'with deprecated content set' do
-        let :params do
-          {
-            content: 'sudo/sudoers.ubuntu.erb'
-          }
-        end
+      unless os =~ %r{^(gentoo|archlinux-rolling)}
+        context 'with deprecated content set' do
+          let :params do
+            {
+              content: 'sudo/sudoers.ubuntu.erb'
+            }
+          end
 
-        it { is_expected.to contain_file('/etc/sudoers').with_content(%r{.*Defaults\s+env_reset.*}) }
+          it { is_expected.to contain_file('/etc/sudoers').with_content(%r{.*Defaults\s+env_reset.*}) }
+        end
       end
 
       context 'with content_string set' do

templates/sudoers.rhel9.erb

@@ -74,7 +74,6 @@ Defaults    match_group_by_gid
 # Disable this option for new behavior.
 Defaults    always_query_group_plugin
 
-Defaults    env_reset
 Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
 Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
 Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
@@ -135,3 +134,4 @@ root	ALL=(ALL) 	ALL
 <% @extra_include_dirs.each do |include_dir| -%>
 #includedir <%= include_dir %>
 <% end if @extra_include_dirs -%>
+<%= scope.call_function('sudo::defaults', @defaults) -%>

types/defaults_operator.pp

@@ -1 +1,2 @@
+# @summary custom datatype that validates sudo defaults operators
 type Sudo::Defaults_operator = Enum['=','+=','-=','!']