Faidon Liambotis has submitted this change and it was merged.
Change subject: admin::sudo: remove comment support
......................................................................
admin::sudo: remove comment support
This is sparsely used and when it is, it's really obvious comments, so
this probably encourages a bad behavior. Besides, if there's something
really important that belongs into a comment, it can be placed in a
puppet comment; reading /etc/sudoers.d files manually isn't going to
give the full picture anyway.
Change-Id: I15506c376c811ce79ec1dfd6f0d714814e0dd670
---
M modules/admin/README
M modules/admin/manifests/sudo.pp
M modules/admin/templates/sudoers.erb
M modules/diamond/manifests/collector/minimalpuppetagent.pp
M modules/toollabs/manifests/mailrelay.pp
5 files changed, 0 insertions(+), 12 deletions(-)
Approvals:
Giuseppe Lavagetto: Looks good to me, but someone else must approve
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/admin/README b/modules/admin/README
index aba7207..61ee053 100644
--- a/modules/admin/README
+++ b/modules/admin/README
@@ -175,7 +175,6 @@
admin::sudo { "foo_user_only_should_do_x":
user=>'bob',
- comment=>'this is good karma',
privs=>['ALL = NOPASSWD: X'],
}
diff --git a/modules/admin/manifests/sudo.pp b/modules/admin/manifests/sudo.pp
index 4d4f406..44ff4bf 100644
--- a/modules/admin/manifests/sudo.pp
+++ b/modules/admin/manifests/sudo.pp
@@ -15,10 +15,6 @@
# WARNING: Use for user oneoffs. Sudo privs should be handled in
# the main user/group definition in almost all cases.
#
-# [*comment*]
-# In case of a non-user definition/non-group definition priv a comment
-# can be provided.
-#
# [*privs*]
# An array of lines to be included in a sudoers.d/ file
#
@@ -30,7 +26,6 @@
define admin::sudo(
$ensure='present',
$user=undef,
- $comment=undef,
$privs=[],
$is_group=false,
)
diff --git a/modules/admin/templates/sudoers.erb
b/modules/admin/templates/sudoers.erb
index b13ded3..cb12a51 100644
--- a/modules/admin/templates/sudoers.erb
+++ b/modules/admin/templates/sudoers.erb
@@ -1,8 +1,5 @@
# This file is managed by Puppet!
-<%- if @comment %>
-#<%= @comment %>
-<%- end %>
<%- @privs.each do |privilege| -%>
<%- if @is_group == true %>
%<%= @priv_holder %> <%= privilege %>
diff --git a/modules/diamond/manifests/collector/minimalpuppetagent.pp
b/modules/diamond/manifests/collector/minimalpuppetagent.pp
index 09c74cb..572c43d 100644
--- a/modules/diamond/manifests/collector/minimalpuppetagent.pp
+++ b/modules/diamond/manifests/collector/minimalpuppetagent.pp
@@ -11,10 +11,8 @@
# puppet, since /var/lib/puppet doesn't have +x set
admin::sudo { 'diamond_sudo_for_puppet':
user => 'diamond',
- comment => "diamond needs sudo to access puppet's
last_run_summary.yaml file",
privs => ['ALL=(puppet) NOPASSWD: /bin/cat
/var/lib/puppet/state/last_run_summary.yaml']
}
-
diamond::collector { 'MinimalPuppetAgent':
source => 'puppet:///modules/diamond/collector/minimalpuppetagent.py',
diff --git a/modules/toollabs/manifests/mailrelay.pp
b/modules/toollabs/manifests/mailrelay.pp
index 3a83b9b..f361d24 100644
--- a/modules/toollabs/manifests/mailrelay.pp
+++ b/modules/toollabs/manifests/mailrelay.pp
@@ -65,7 +65,6 @@
# Diamond user needs sudo to access exim
admin::sudo { 'diamond_sudo_for_exim':
user => 'diamond',
- comment => 'diamond needs sudo to access exim mail queue length',
privs => ['ALL=(root) NOPASSWD: /usr/sbin/exim']
}
--
To view, visit https://gerrit.wikimedia.org/r/180508
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I15506c376c811ce79ec1dfd6f0d714814e0dd670
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: coren <mpellet...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
