[MediaWiki-commits] [Gerrit] sudo: fix sudo::user/group's ensure => absent - change (operations/puppet)

Thu, 28 May 2015 07:32:01 -0700 

Faidon Liambotis has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/214346

Change subject: sudo: fix sudo::user/group's ensure => absent
......................................................................

sudo: fix sudo::user/group's ensure => absent

We don't currently use ensure => absent for sudo::user or sudo::group
anywhere yet, but it was broken (the template gets evaluated anyway and
borks if there are no privileges defined) and needed fixing anyway.

Change-Id: I706e891c8ce7d858d8ef59a1fabbc03a84ac2858
---
M modules/sudo/manifests/group.pp
M modules/sudo/manifests/user.pp
2 files changed, 24 insertions(+), 16 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/46/214346/1

diff --git a/modules/sudo/manifests/group.pp b/modules/sudo/manifests/group.pp
index 2ee2118..7c234f4 100644
--- a/modules/sudo/manifests/group.pp
+++ b/modules/sudo/manifests/group.pp
@@ -32,20 +32,24 @@
     $title_safe = regsubst($title, '\W', '-', 'G')
     $filename = "/etc/sudoers.d/${title_safe}"
 
-    file { $filename:
-        ensure  => $ensure,
-        owner   => 'root',
-        group   => 'root',
-        mode    => '0440',
-        content => template('sudo/sudoers.erb'),
-    }
-
     if $ensure == 'present' {
+        file { $filename:
+            ensure  => $ensure,
+            owner   => 'root',
+            group   => 'root',
+            mode    => '0440',
+            content => template('sudo/sudoers.erb'),
+        }
+
         exec { "sudo_group_${title}_linting":
             command     => "/bin/rm -f ${filename} && /bin/false",
             unless      => "/usr/sbin/visudo -cqf ${filename}",
             refreshonly => true,
             subscribe   => File[$filename],
         }
+    } else {
+        file { $filename:
+            ensure => $ensure,
+        }
     }
 }
diff --git a/modules/sudo/manifests/user.pp b/modules/sudo/manifests/user.pp
index 6a64fdc..424491f 100644
--- a/modules/sudo/manifests/user.pp
+++ b/modules/sudo/manifests/user.pp
@@ -32,20 +32,24 @@
     $title_safe = regsubst($title, '\W', '-', 'G')
     $filename = "/etc/sudoers.d/${title_safe}"
 
-    file { $filename:
-        ensure  => $ensure,
-        owner   => 'root',
-        group   => 'root',
-        mode    => '0440',
-        content => template('sudo/sudoers.erb'),
-    }
-
     if $ensure == 'present' {
+        file { $filename:
+            ensure  => $ensure,
+            owner   => 'root',
+            group   => 'root',
+            mode    => '0440',
+            content => template('sudo/sudoers.erb'),
+        }
+
         exec { "sudo_user_${title}_linting":
             command     => "/bin/rm -f ${filename} && /bin/false",
             unless      => "/usr/sbin/visudo -cqf ${filename}",
             refreshonly => true,
             subscribe   => File[$filename],
         }
+    } else {
+        file { $filename:
+            ensure => $ensure,
+        }
     }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/214346
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I706e891c8ce7d858d8ef59a1fabbc03a84ac2858
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to