gistfile1.txt

[root@salt ~]# tail -c +0 /srv/{pillar,salt}/*
==> /srv/pillar/test.sls <==
nopass_sections:
    bamboodeploy:
      - '/usr/sbin/service railscheduler restart'
      - '/bin/systemctl restart lstemailq.service'

==> /srv/pillar/top.sls <==
base:
  '*':
    - test

==> /srv/salt/test <==
{%- for user, commands in pillar.get('nopass_sections', {} ).items() %}
{%- for command in commands %}
{{ user }} ALL=(ALL) NOPASSWD: {{ command }}
{%- endfor %}
{%- endfor %}

==> /srv/salt/test.sls <==
/etc/sudoers.d/test:
  file.managed:
    - source: salt://test
    - template: jinja

gistfile2.txt

[root@salt ~]# salt-call state.apply test --local
local:
----------
          ID: /etc/sudoers.d/test
    Function: file.managed
      Result: True
     Comment: File /etc/sudoers.d/test updated
     Started: 20:35:29.430736
    Duration: 22.307 ms
     Changes:
              ----------
              diff:
                  New file
              mode:
                  0644

Summary for local
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
Total run time:  22.307 ms

[root@salt ~]# cat /etc/sudoers.d/test

bamboodeploy ALL=(ALL) NOPASSWD: /usr/sbin/service railscheduler restart
bamboodeploy ALL=(ALL) NOPASSWD: /bin/systemctl restart lstemailq.service

gistfile3.txt

alternative template file


{%- for user, commands in pillar.get('nopass_sections', {} ).items() %}
{{ user }} ALL=(ALL) NOPASSWD: {{ commands|join(', ') }}
{%- endfor %}