[MediaWiki-commits] [Gerrit] operations/puppet[production]: sudo: Use validate_cmd for validating sudoers files

Sun, 11 Dec 2016 16:20:46 -0800 

Hello Faidon Liambotis, Chasemp,

I'd like you to do a code review.  Please visit

    https://gerrit.wikimedia.org/r/326376

to review the following change.


Change subject: sudo: Use validate_cmd for validating sudoers files
......................................................................

sudo: Use validate_cmd for validating sudoers files

Change-Id: Ifc8f1c3e72d188d8a6ba6a6c72df02aadf6002a9
---
M modules/sudo/manifests/group.pp
M modules/sudo/manifests/user.pp
2 files changed, 12 insertions(+), 24 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/76/326376/1

diff --git a/modules/sudo/manifests/group.pp b/modules/sudo/manifests/group.pp
index 7c234f4..c13c817 100644
--- a/modules/sudo/manifests/group.pp
+++ b/modules/sudo/manifests/group.pp
@@ -34,18 +34,12 @@
 
     if $ensure == 'present' {
         file { $filename:
-            ensure  => $ensure,
-            owner   => 'root',
-            group   => 'root',
-            mode    => '0440',
-            content => template('sudo/sudoers.erb'),
-        }
-
-        exec { "sudo_group_${title}_linting":
-            command     => "/bin/rm -f ${filename} && /bin/false",
-            unless      => "/usr/sbin/visudo -cqf ${filename}",
-            refreshonly => true,
-            subscribe   => File[$filename],
+            ensure       => $ensure,
+            owner        => 'root',
+            group        => 'root',
+            mode         => '0440',
+            content      => template('sudo/sudoers.erb'),
+            validate_cmd => '/usr/sbin/visudo -cqf %'
         }
     } else {
         file { $filename:
diff --git a/modules/sudo/manifests/user.pp b/modules/sudo/manifests/user.pp
index 424491f..200622d 100644
--- a/modules/sudo/manifests/user.pp
+++ b/modules/sudo/manifests/user.pp
@@ -34,18 +34,12 @@
 
     if $ensure == 'present' {
         file { $filename:
-            ensure  => $ensure,
-            owner   => 'root',
-            group   => 'root',
-            mode    => '0440',
-            content => template('sudo/sudoers.erb'),
-        }
-
-        exec { "sudo_user_${title}_linting":
-            command     => "/bin/rm -f ${filename} && /bin/false",
-            unless      => "/usr/sbin/visudo -cqf ${filename}",
-            refreshonly => true,
-            subscribe   => File[$filename],
+            ensure       => $ensure,
+            owner        => 'root',
+            group        => 'root',
+            mode         => '0440',
+            content      => template('sudo/sudoers.erb'),
+            validate_cmd => '/usr/sbin/visudo -cqf %'
         }
     } else {
         file { $filename:

-- 
To view, visit https://gerrit.wikimedia.org/r/326376
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifc8f1c3e72d188d8a6ba6a6c72df02aadf6002a9
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Tim Landscheidt <t...@tim-landscheidt.de>
Gerrit-Reviewer: Chasemp <r...@wikimedia.org>
Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to