Add revoke-sudo role
Also add a .gitignore and establish a documentation pattern. Change-Id: Ib447ac13d03de4ab61171d50b19117ff654ad329 Co-Authored-By: Paul Belanger <pabelanger@redhat.com>
This commit is contained in:
parent
e5ebc400cb
commit
46684654cb
|
@ -0,0 +1,10 @@
|
|||
# Unit test / coverage reports
|
||||
.coverage
|
||||
.tox
|
||||
|
||||
# Sphinx
|
||||
doc/build
|
||||
|
||||
# pbr generates these
|
||||
AUTHORS
|
||||
ChangeLog
|
|
@ -3,6 +3,8 @@
|
|||
.. toctree::
|
||||
:maxdepth: 2
|
||||
|
||||
roles
|
||||
|
||||
Indices and tables
|
||||
==================
|
||||
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
Roles
|
||||
=====
|
||||
|
||||
revoke-sudo
|
||||
-----------
|
||||
.. include:: ../../roles/revoke-sudo/README.rst
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
Remove sudo access for the Zuul user.
|
||||
|
||||
If the file ``/etc/sudoers.d/zuul-sudo`` exists, then it will be
|
||||
removed. This is to facilitate systems which may use the same image
|
||||
for tests which require sudo and those which do not.
|
||||
|
||||
This role also asserts that sudo access has been removed and will
|
||||
fail if it has not.
|
|
@ -0,0 +1,8 @@
|
|||
- name: Remove sudo access for zuul user.
|
||||
become: yes
|
||||
file:
|
||||
path: /etc/sudoers.d/zuul-sudo
|
||||
state: absent
|
||||
|
||||
- name: Prove that general sudo access is actually revoked.
|
||||
shell: ! sudo -n true
|
Loading…
Reference in New Issue