[MediaWiki-commits] [Gerrit] admin: rename privs to privileges - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: admin: rename privs to privileges .. admin: rename privs to privileges Currently, the sudo module is using privileges, but the admin module is using privs. This is confusing, so pick one of the two. Since privileges is more explicit (and the admin module even iterated privs into privilege), keep that one. Change-Id: Id4e793cf41b05b8e9bbe98ebd47ebc63fc9bb00d --- M modules/admin/README M modules/admin/data/data.yaml M modules/admin/manifests/group.pp M modules/admin/manifests/hashgroup.pp M modules/admin/manifests/hashuser.pp M modules/admin/manifests/sudo.pp M modules/admin/manifests/user.pp M modules/admin/templates/sudoers.erb 8 files changed, 62 insertions(+), 62 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/admin/README b/modules/admin/README index 61ee053..453cdf7 100644 --- a/modules/admin/README +++ b/modules/admin/README @@ -156,7 +156,7 @@ groups: adm: members: [foo, bar] -privs: [ALL=(ALL:ALL) ALL] +privileges: [ALL=(ALL:ALL) ALL] Creates: '/etc/sudoers.d/adm' @@ -169,13 +169,13 @@ foo: ensure: present -privs: [ALL=(ALL:ALL) ALL] +privileges: [ALL=(ALL:ALL) ALL] Assigning one-off (single user, single case) sudo permissions: admin::sudo { foo_user_only_should_do_x: -user='bob', -privs=['ALL = NOPASSWD: X'], +user ='bob', +privileges =['ALL = NOPASSWD: X'], } Creates '/etc/sudoers.d/foo_user_only_should_do_x': diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml index 1175d5a..dabe657 100644 --- a/modules/admin/data/data.yaml +++ b/modules/admin/data/data.yaml @@ -12,17 +12,17 @@ members: [filippo, jgreen, bblack, andrew, faidon, rush, marc, oblivian, laner, yuvipanda, dzahn, akosiaris, springle, mark, gage, ariel, cmjohnson, otto, robh, tstarling, ori, midom] -privs: ['ALL = (ALL) NOPASSWD: ALL'] +privileges: ['ALL = (ALL) NOPASSWD: ALL'] parsoid-roots: gid: 701 description: RT 5934 members: [gwicke, catrope] -privs: ['ALL = (parsoid) NOPASSWD: ALL'] +privileges: ['ALL = (parsoid) NOPASSWD: ALL'] parsoid-admin: gid: 702 description: RT 5934 members: [ssastry, cscott, arlolra] -privs: ['ALL = (root) NOPASSWD: /usr/sbin/service parsoid stop', +privileges: ['ALL = (root) NOPASSWD: /usr/sbin/service parsoid stop', 'ALL = (root) NOPASSWD: /usr/sbin/service parsoid start', 'ALL = (root) NOPASSWD: /usr/sbin/service parsoid restart', 'ALL = (root) NOPASSWD: /usr/sbin/service parsoid reload'] @@ -30,7 +30,7 @@ gid: 703 description: manage gerrit server members: [demon, catrope] -privs: ['ALL = NOPASSWD: ALL'] +privileges: ['ALL = NOPASSWD: ALL'] gerrit-admin: gid: 704 description: RT 6720 - assist in managing gerrit server @@ -62,12 +62,12 @@ gid: 708 description: users with root on cassandra hosts members: [gwicke, ssastry] -privs: ['ALL = (ALL) NOPASSWD: ALL'] +privileges: ['ALL = (ALL) NOPASSWD: ALL'] elasticsearch-roots: gid: 709 description: manage elasticsearch nodes members: [manybubbles, demon] -privs: ['ALL = NOPASSWD: ALL'] +privileges: ['ALL = NOPASSWD: ALL'] dataset-admins: gid: 710 description: does work on dataset hosts @@ -97,7 +97,7 @@ gid: 715 description: ldap admins members: [robla, reedy, demon] -privs: ['ALL = NOPASSWD: /usr/local/sbin/add-ldap-user', +privileges: ['ALL = NOPASSWD: /usr/local/sbin/add-ldap-user', 'ALL = NOPASSWD: /usr/local/sbin/delete-ldap-user', 'ALL = NOPASSWD: /usr/local/sbin/modify-ldap-user', 'ALL = NOPASSWD: /usr/local/bin/svn-group', @@ -107,7 +107,7 @@ gid: 716 description: non-ops admins for search members: [manybubbles, demon] -privs: ['ALL = NOPASSWD: ALL'] +privileges: ['ALL = NOPASSWD: ALL'] search-users: gid: 717 description: elastic search testing @@ -120,7 +120,7 @@ gid: 719 description: users with some sudo permissions on jenkins hosts members: [bd808, cscott, demon, krinkle, reedy, marktraceur] -privs: ['ALL = (jenkins) NOPASSWD: ALL', +privileges: ['ALL = (jenkins) NOPASSWD: ALL', 'ALL = (jenkins-slave) NOPASSWD: ALL', 'ALL = (gerritslave) NOPASSWD: ALL', 'ALL = (zuul) NOPASSWD: ALL', @@ -131,12 +131,12 @@ gid: 720 description: users who have full root on jenkins servers members: [hashar] -privs: ['ALL = NOPASSWD: ALL'] +privileges: ['ALL = NOPASSWD: ALL'] ocg-render-admins: gid: 721 description: admins for pdf render (rt 6468) members: [cscott, ssastry,
[MediaWiki-commits] [Gerrit] admin: rename privs to privileges - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/180510 Change subject: admin: rename privs to privileges .. admin: rename privs to privileges Currently, the sudo module is using privileges, but the admin module is using privs. This is confusing, so pick one of the two. Since privileges is more explicit (and the admin module even iterated privs into privilege), keep that one. Change-Id: Id4e793cf41b05b8e9bbe98ebd47ebc63fc9bb00d --- M modules/admin/README M modules/admin/data/data.yaml M modules/admin/manifests/group.pp M modules/admin/manifests/hashgroup.pp M modules/admin/manifests/hashuser.pp M modules/admin/manifests/sudo.pp M modules/admin/manifests/user.pp M modules/admin/templates/sudoers.erb 8 files changed, 62 insertions(+), 62 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/10/180510/1 diff --git a/modules/admin/README b/modules/admin/README index 61ee053..453cdf7 100644 --- a/modules/admin/README +++ b/modules/admin/README @@ -156,7 +156,7 @@ groups: adm: members: [foo, bar] -privs: [ALL=(ALL:ALL) ALL] +privileges: [ALL=(ALL:ALL) ALL] Creates: '/etc/sudoers.d/adm' @@ -169,13 +169,13 @@ foo: ensure: present -privs: [ALL=(ALL:ALL) ALL] +privileges: [ALL=(ALL:ALL) ALL] Assigning one-off (single user, single case) sudo permissions: admin::sudo { foo_user_only_should_do_x: -user='bob', -privs=['ALL = NOPASSWD: X'], +user ='bob', +privileges =['ALL = NOPASSWD: X'], } Creates '/etc/sudoers.d/foo_user_only_should_do_x': diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml index 6d43e84..15a7b8a 100644 --- a/modules/admin/data/data.yaml +++ b/modules/admin/data/data.yaml @@ -12,17 +12,17 @@ members: [filippo, jgreen, bblack, andrew, faidon, rush, marc, oblivian, laner, yuvipanda, dzahn, akosiaris, springle, mark, gage, ariel, cmjohnson, otto, robh, tstarling, ori, midom] -privs: ['ALL = (ALL) NOPASSWD: ALL'] +privileges: ['ALL = (ALL) NOPASSWD: ALL'] parsoid-roots: gid: 701 description: RT 5934 members: [gwicke, catrope] -privs: ['ALL = (parsoid) NOPASSWD: ALL'] +privileges: ['ALL = (parsoid) NOPASSWD: ALL'] parsoid-admin: gid: 702 description: RT 5934 members: [ssastry, cscott, arlolra] -privs: ['ALL = (root) NOPASSWD: /usr/sbin/service parsoid stop', +privileges: ['ALL = (root) NOPASSWD: /usr/sbin/service parsoid stop', 'ALL = (root) NOPASSWD: /usr/sbin/service parsoid start', 'ALL = (root) NOPASSWD: /usr/sbin/service parsoid restart', 'ALL = (root) NOPASSWD: /usr/sbin/service parsoid reload'] @@ -30,7 +30,7 @@ gid: 703 description: manage gerrit server members: [demon, catrope] -privs: ['ALL = NOPASSWD: ALL'] +privileges: ['ALL = NOPASSWD: ALL'] gerrit-admin: gid: 704 description: RT 6720 - assist in managing gerrit server @@ -62,12 +62,12 @@ gid: 708 description: users with root on cassandra hosts members: [gwicke, ssastry] -privs: ['ALL = (ALL) NOPASSWD: ALL'] +privileges: ['ALL = (ALL) NOPASSWD: ALL'] elasticsearch-roots: gid: 709 description: manage elasticsearch nodes members: [manybubbles, demon] -privs: ['ALL = NOPASSWD: ALL'] +privileges: ['ALL = NOPASSWD: ALL'] dataset-admins: gid: 710 description: does work on dataset hosts @@ -97,7 +97,7 @@ gid: 715 description: ldap admins members: [robla, reedy, demon] -privs: ['ALL = NOPASSWD: /usr/local/sbin/add-ldap-user', +privileges: ['ALL = NOPASSWD: /usr/local/sbin/add-ldap-user', 'ALL = NOPASSWD: /usr/local/sbin/delete-ldap-user', 'ALL = NOPASSWD: /usr/local/sbin/modify-ldap-user', 'ALL = NOPASSWD: /usr/local/bin/svn-group', @@ -107,7 +107,7 @@ gid: 716 description: non-ops admins for search members: [manybubbles, demon] -privs: ['ALL = NOPASSWD: ALL'] +privileges: ['ALL = NOPASSWD: ALL'] search-users: gid: 717 description: elastic search testing @@ -120,7 +120,7 @@ gid: 719 description: users with some sudo permissions on jenkins hosts members: [bd808, cscott, demon, krinkle, reedy, marktraceur] -privs: ['ALL = (jenkins) NOPASSWD: ALL', +privileges: ['ALL = (jenkins) NOPASSWD: ALL', 'ALL = (jenkins-slave) NOPASSWD: ALL', 'ALL = (gerritslave) NOPASSWD: ALL', 'ALL = (zuul) NOPASSWD: ALL', @@ -131,12 +131,12 @@ gid: 720 description: users who have full root on jenkins servers members: [hashar] -privs: ['ALL = NOPASSWD: ALL'] +privileges: ['ALL = NOPASSWD: ALL'] ocg-render-admins: gid: 721 description: admins for pdf render (rt