0eaa5cf59a
- bumps ansible-lint to 5.0 - updates our custom rules to make them compatible with 5.0 - replace custom module mocking with native ansible-lint ones - remove custom call of ansible-playbook --syntax-check as now this is done by ansible-lint - assured molecule vars are hosted under a vars/ folder in order to avoid confusing linter detection. - replaced custom rule for loop var names in role as now this this an optional core feature of the linter (see config) - replaced custom rule no-same-owner with opt-in one (see config) Change-Id: I233fae8c9036d295968a97ee80e07fde8846c633
21 lines
680 B
YAML
21 lines
680 B
YAML
- name: Check if zuul is sudoer
|
|
command: sudo -n true
|
|
failed_when: false
|
|
register: zuul_is_sudoer
|
|
|
|
# We do this in one command and not in a loop
|
|
# to make sure we don't revoke sudo in the first file
|
|
# and then error because we lost sudo access when we
|
|
# try to delete the next file.
|
|
- name: Remove sudo access for zuul user.
|
|
become: yes
|
|
command: rm -rf /etc/sudoers.d/zuul /etc/sudoers.d/90-cloud-init-users # noqa deprecated-command-syntax
|
|
when: zuul_is_sudoer.rc == 0
|
|
|
|
- name: Prove that general sudo access is actually revoked.
|
|
shell: '! sudo -n true'
|
|
tags:
|
|
# We really need shell above, skip warning
|
|
- skip_ansible_lint
|
|
when: zuul_is_sudoer.rc == 0
|