Hello Faidon Liambotis, Chasemp, I'd like you to do a code review. Please visit
https://gerrit.wikimedia.org/r/326376 to review the following change. Change subject: sudo: Use validate_cmd for validating sudoers files ...................................................................... sudo: Use validate_cmd for validating sudoers files Change-Id: Ifc8f1c3e72d188d8a6ba6a6c72df02aadf6002a9 --- M modules/sudo/manifests/group.pp M modules/sudo/manifests/user.pp 2 files changed, 12 insertions(+), 24 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/76/326376/1 diff --git a/modules/sudo/manifests/group.pp b/modules/sudo/manifests/group.pp index 7c234f4..c13c817 100644 --- a/modules/sudo/manifests/group.pp +++ b/modules/sudo/manifests/group.pp @@ -34,18 +34,12 @@ if $ensure == 'present' { file { $filename: - ensure => $ensure, - owner => 'root', - group => 'root', - mode => '0440', - content => template('sudo/sudoers.erb'), - } - - exec { "sudo_group_${title}_linting": - command => "/bin/rm -f ${filename} && /bin/false", - unless => "/usr/sbin/visudo -cqf ${filename}", - refreshonly => true, - subscribe => File[$filename], + ensure => $ensure, + owner => 'root', + group => 'root', + mode => '0440', + content => template('sudo/sudoers.erb'), + validate_cmd => '/usr/sbin/visudo -cqf %' } } else { file { $filename: diff --git a/modules/sudo/manifests/user.pp b/modules/sudo/manifests/user.pp index 424491f..200622d 100644 --- a/modules/sudo/manifests/user.pp +++ b/modules/sudo/manifests/user.pp @@ -34,18 +34,12 @@ if $ensure == 'present' { file { $filename: - ensure => $ensure, - owner => 'root', - group => 'root', - mode => '0440', - content => template('sudo/sudoers.erb'), - } - - exec { "sudo_user_${title}_linting": - command => "/bin/rm -f ${filename} && /bin/false", - unless => "/usr/sbin/visudo -cqf ${filename}", - refreshonly => true, - subscribe => File[$filename], + ensure => $ensure, + owner => 'root', + group => 'root', + mode => '0440', + content => template('sudo/sudoers.erb'), + validate_cmd => '/usr/sbin/visudo -cqf %' } } else { file { $filename: -- To view, visit https://gerrit.wikimedia.org/r/326376 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ifc8f1c3e72d188d8a6ba6a6c72df02aadf6002a9 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Tim Landscheidt <t...@tim-landscheidt.de> Gerrit-Reviewer: Chasemp <r...@wikimedia.org> Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits