class sudo (
    Optional[String[1]] $sudogroup = undef,
) {
    $include_directory = '/etc/sudoers.d'
    $file_defaults = {
        owner        => "root",
        group        => "root",
        mode         => "0440",
        validate_cmd => "sh -c 'if ! visudo --check --file=%; then cat %; exit 1; fi'",
    }
    $default_target = '00-defaults'

    include sudo::install
    include sudo::files
    include sudo::defaults

    define option (
        Optional[String[1]] $parameter = undef,
        Variant[String[1],Array[String[1]],Integer,Boolean] $value = true,
        Enum['generic','host','user','cmnd','runas'] $context = 'generic',
        Optional[Variant[Array[String[1]],String[1]]] $list = undef,
        String[1] $target = $sudo::default_target,
        Integer $order = 10,
        Optional[String[1]] $comment = undef,
        Boolean $newline_before = true,
    ) {
        $param = $parameter ? { undef => $name, default => $parameter }
        $_list = type($list) ? { list => $list, default => [$list] }
        sudo::internals::add_sudoers_fragment { "${name}":
            target  => $target,
            content => template("sudo/option_line.erb"),
            order   => $order,
            comment => $comment,
        }
    }

    define alias (
        Enum['host','user','cmnd','runas'] $type,
        Optional[Variant[Array[String[1]],String[1]]] $list = undef,
        String[1] $target = $sudo::default_target,
        Integer $order = 10,
        Optional[String[1]] $comment = undef,
        Boolean $newline_before = true,
    ) {
        if $name !~ /^[[:upper:]][[:upper:]_[:digit:]]*$/ {
            fail("sudoers alias definition '$name' can only contain uppercase letter, numbers, and the underscore")
        }
        $_list = type($list) ? { list => $list, default => [$list] }
        sudo::internals::add_sudoers_fragment { "${name}":
            target  => $target,
            content => template("sudo/alias_line.erb"),
            order   => $order,
            comment => $comment,
        }
    }

    define rule (
        Variant[Array[String[1]],String[1]] $who,
        Variant[Array[String[1]],String[1]] $where = 'ALL',
        Optional[Variant[Array[String[1]],String[1]]] $as_whom = 'ALL',
        Optional[Variant[Array[String[1]],String[1]]] $as_group = 'ALL',
        Variant[Array[String[1]],String[1]] $what,
        String[1] $target = $sudo::default_target,
        Integer $order = 10,
        Optional[String[1]] $comment = undef,
        Boolean $newline_before = true,
    )
    {
        $_comment = $comment ? { undef => $name, default => $comment }
        sudo::internals::add_sudoers_fragment { "${name}":
            target  => $target,
            content => template("sudo/rule_line.erb"),
            order   => $order,
            comment => $comment,
        }
    }
}