[MediaWiki-commits] [Gerrit] Replace admin::sudo calls with sudo::user/group - change (operations/puppet)

[Faidon Liambotis (Code Review)]

Faidon Liambotis has submitted this change and it was merged.

Change subject: Replace admin::sudo calls with sudo::user/group
......................................................................


Replace admin::sudo calls with sudo::user/group

admin::sudo was never meant for system users and it was misused across
the tree. Replace with sudo::user & sudo::group instead. The distinction
is subtle and is about to go away as part of a broader admin/sudo
consolidation.

Change-Id: I51ccfe7a5e1d8e1c341e5c0ece4385c62aafceca
---
M modules/diamond/manifests/collector/minimalpuppetagent.pp
M modules/releases/manifests/reprepro.pp
M modules/toollabs/manifests/mailrelay.pp
3 files changed, 9 insertions(+), 9 deletions(-)

Approvals:
  Giuseppe Lavagetto: Looks good to me, but someone else must approve
  Faidon Liambotis: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/diamond/manifests/collector/minimalpuppetagent.pp 
b/modules/diamond/manifests/collector/minimalpuppetagent.pp
index 572c43d..55f0914 100644
--- a/modules/diamond/manifests/collector/minimalpuppetagent.pp
+++ b/modules/diamond/manifests/collector/minimalpuppetagent.pp
@@ -9,9 +9,9 @@
 
     # Diamond user needs sudo to access last_run_summary.yaml file generated by
     # puppet, since /var/lib/puppet doesn't have +x set
-    admin::sudo { 'diamond_sudo_for_puppet':
-        user    => 'diamond',
-        privs   => ['ALL=(puppet) NOPASSWD: /bin/cat 
/var/lib/puppet/state/last_run_summary.yaml']
+    sudo::user { 'diamond_sudo_for_puppet':
+        user       => 'diamond',
+        privileges => ['ALL=(puppet) NOPASSWD: /bin/cat 
/var/lib/puppet/state/last_run_summary.yaml']
     }
 
     diamond::collector { 'MinimalPuppetAgent':
diff --git a/modules/releases/manifests/reprepro.pp 
b/modules/releases/manifests/reprepro.pp
index 7c0677b..a7b7857 100644
--- a/modules/releases/manifests/reprepro.pp
+++ b/modules/releases/manifests/reprepro.pp
@@ -150,8 +150,8 @@
         before => File['/usr/local/bin/deb-upload'],
     }
 
-    admin::sudo { 'releases_dput':
-        user  => $sudo_user,
-        privs => ["ALL = (${user}) NOPASSWD: /usr/bin/dput"],
+    sudo::user { 'releases_dput':
+        user       => $sudo_user,
+        privileges => ["ALL = (${user}) NOPASSWD: /usr/bin/dput"],
     }
 }
diff --git a/modules/toollabs/manifests/mailrelay.pp 
b/modules/toollabs/manifests/mailrelay.pp
index f361d24..e68f01a 100644
--- a/modules/toollabs/manifests/mailrelay.pp
+++ b/modules/toollabs/manifests/mailrelay.pp
@@ -63,9 +63,9 @@
     }
 
     # Diamond user needs sudo to access exim
-    admin::sudo { 'diamond_sudo_for_exim':
-        user    => 'diamond',
-        privs   => ['ALL=(root) NOPASSWD: /usr/sbin/exim']
+    sudo::user { 'diamond_sudo_for_exim':
+        user       => 'diamond',
+        privileges => ['ALL=(root) NOPASSWD: /usr/sbin/exim']
     }
 
     diamond::collector { 'Exim':

-- 
To view, visit https://gerrit.wikimedia.org/r/180509
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I51ccfe7a5e1d8e1c341e5c0ece4385c62aafceca
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: coren <mpellet...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits