Faidon Liambotis has submitted this change and it was merged. Change subject: admin::sudo: remove comment support ......................................................................
admin::sudo: remove comment support This is sparsely used and when it is, it's really obvious comments, so this probably encourages a bad behavior. Besides, if there's something really important that belongs into a comment, it can be placed in a puppet comment; reading /etc/sudoers.d files manually isn't going to give the full picture anyway. Change-Id: I15506c376c811ce79ec1dfd6f0d714814e0dd670 --- M modules/admin/README M modules/admin/manifests/sudo.pp M modules/admin/templates/sudoers.erb M modules/diamond/manifests/collector/minimalpuppetagent.pp M modules/toollabs/manifests/mailrelay.pp 5 files changed, 0 insertions(+), 12 deletions(-) Approvals: Giuseppe Lavagetto: Looks good to me, but someone else must approve Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/admin/README b/modules/admin/README index aba7207..61ee053 100644 --- a/modules/admin/README +++ b/modules/admin/README @@ -175,7 +175,6 @@ admin::sudo { "foo_user_only_should_do_x": user=>'bob', - comment=>'this is good karma', privs=>['ALL = NOPASSWD: X'], } diff --git a/modules/admin/manifests/sudo.pp b/modules/admin/manifests/sudo.pp index 4d4f406..44ff4bf 100644 --- a/modules/admin/manifests/sudo.pp +++ b/modules/admin/manifests/sudo.pp @@ -15,10 +15,6 @@ # WARNING: Use for user oneoffs. Sudo privs should be handled in # the main user/group definition in almost all cases. # -# [*comment*] -# In case of a non-user definition/non-group definition priv a comment -# can be provided. -# # [*privs*] # An array of lines to be included in a sudoers.d/ file # @@ -30,7 +26,6 @@ define admin::sudo( $ensure='present', $user=undef, - $comment=undef, $privs=[], $is_group=false, ) diff --git a/modules/admin/templates/sudoers.erb b/modules/admin/templates/sudoers.erb index b13ded3..cb12a51 100644 --- a/modules/admin/templates/sudoers.erb +++ b/modules/admin/templates/sudoers.erb @@ -1,8 +1,5 @@ # This file is managed by Puppet! -<%- if @comment %> -#<%= @comment %> -<%- end %> <%- @privs.each do |privilege| -%> <%- if @is_group == true %> %<%= @priv_holder %> <%= privilege %> diff --git a/modules/diamond/manifests/collector/minimalpuppetagent.pp b/modules/diamond/manifests/collector/minimalpuppetagent.pp index 09c74cb..572c43d 100644 --- a/modules/diamond/manifests/collector/minimalpuppetagent.pp +++ b/modules/diamond/manifests/collector/minimalpuppetagent.pp @@ -11,10 +11,8 @@ # puppet, since /var/lib/puppet doesn't have +x set admin::sudo { 'diamond_sudo_for_puppet': user => 'diamond', - comment => "diamond needs sudo to access puppet's last_run_summary.yaml file", privs => ['ALL=(puppet) NOPASSWD: /bin/cat /var/lib/puppet/state/last_run_summary.yaml'] } - diamond::collector { 'MinimalPuppetAgent': source => 'puppet:///modules/diamond/collector/minimalpuppetagent.py', diff --git a/modules/toollabs/manifests/mailrelay.pp b/modules/toollabs/manifests/mailrelay.pp index 3a83b9b..f361d24 100644 --- a/modules/toollabs/manifests/mailrelay.pp +++ b/modules/toollabs/manifests/mailrelay.pp @@ -65,7 +65,6 @@ # Diamond user needs sudo to access exim admin::sudo { 'diamond_sudo_for_exim': user => 'diamond', - comment => 'diamond needs sudo to access exim mail queue length', privs => ['ALL=(root) NOPASSWD: /usr/sbin/exim'] } -- To view, visit https://gerrit.wikimedia.org/r/180508 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I15506c376c811ce79ec1dfd6f0d714814e0dd670 Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org> Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org> Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org> Gerrit-Reviewer: coren <mpellet...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits