[MediaWiki-commits] [Gerrit] operations/puppet[production]: Fix absent check for users which formerly only had LDAP access

[Muehlenhoff (Code Review)]

Muehlenhoff has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/339461 )

Change subject: Fix absent check for users which formerly only had LDAP access
......................................................................


Fix absent check for users which formerly only had LDAP access

Change-Id: I7c2213796c9da133d24c736f70ef6499cda1d256
---
M modules/admin/data/data.yaml
M modules/openldap/files/cross-validate-accounts.py
2 files changed, 7 insertions(+), 3 deletions(-)

Approvals:
  Muehlenhoff: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml
index 819375a..391cf09 100644
--- a/modules/admin/data/data.yaml
+++ b/modules/admin/data/data.yaml
@@ -1,6 +1,6 @@
 groups:
   absent:
-    description: meta group for absented users
+    description: meta group for absented users with previous cluster shell 
access
     members: [ananthrk, avar, bsitu, cmcmahon, csalvia, diederik, edenhill, 
erik, gage,
               handrade, howief, jdouglas, jgonera, jsahleen, mah, maryana, 
mglaser, mvolz,
               mwalker, nimishg, rainman, ssmith, swalling, sumanah, werdna, 
rmoen,
@@ -8,6 +8,9 @@
               manybubbles, haithams, jzerebecki, ashwinpp, ironholds, robla, 
asherman,
               laner, declerambaul, srijan, junikowski, krenair, springle, 
jhobs, vbaranetsky,
               yurik, bsimmers, bcohn, hjiang]
+  absent_ldap:
+    description: meta group for absented users which had privileged LDAP 
access in the past
+    members: [siddharth11]
   wikidev:
     gid: 500
     description: container group for primary user groups.
diff --git a/modules/openldap/files/cross-validate-accounts.py 
b/modules/openldap/files/cross-validate-accounts.py
index 5ffb1f8..0dc93d9 100644
--- a/modules/openldap/files/cross-validate-accounts.py
+++ b/modules/openldap/files/cross-validate-accounts.py
@@ -52,11 +52,12 @@
 def validate_absented_users(yamldata):
     log = ""
     absented_users = yamldata['groups']['absent']['members']
+    absented_users += yamldata['groups']['absent_ldap']['members']
     for table in ['users', 'ldap_only_users']:
         for username, userdata in yamldata[table].items():
             if userdata['ensure'] == 'absent':
                 if username not in absented_users:
-                    log += username + " is absent, but missing in absent 
group\n"
+                    log += username + " is absent, but missing in absent 
groups\n"
     return log
 
 
@@ -148,7 +149,7 @@
 def validate_all_yaml_group_members_are_defined(known_users, yamldata):
     log = ""
     for group, groupdata in yamldata['groups'].items():
-        if group == "absent":
+        if group == "absent" or group == "absent_ldap":
             continue
         for member in groupdata['members']:
             if member not in known_users:

-- 
To view, visit https://gerrit.wikimedia.org/r/339461
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I7c2213796c9da133d24c736f70ef6499cda1d256
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org>
Gerrit-Reviewer: Alex Monk <kren...@gmail.com>
Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org>
Gerrit-Reviewer: Volans <rcocci...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits