added a comment - - edited
Love it, Bryan. I'll give er a go later
The #includedir directive only exists in sudo 1.7.1+. While #include is present, it seems from this blog post that wildcards like in "#include sudoers.d/*" don't work:
Hmmm.. seems backports are required...
Might it be worth adding an apt dep to the sudo cookbook and pulling in a backport, for consistency across systems?
Or maybe the sudo cookbook could just "fake it" by scanning the sudoers.d dir with a ruby_block resource and adding explicit #include lines for each file to /etc/sudoers? If I understand correctly, that would require a "notifies" resource attribute on each sudo resource, which makes this sound overly hacky...