From 17bbf537fdebc17f95b49e0e15d3a9a161105d28 Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Fri, 21 Mar 2014 12:00:06 -0700 Subject: [PATCH] Revoke sudo from almost all jobs Everything except jobs that are designed to run on devstack-precise or tripleo-precise. Even the jobs on the static slaves, just to be more consistent and future-proof (even though it's not strictly necessary). Change-Id: I220e4f8346b5db1394536b334bcb7c3a7dd4dedb --- .../files/jenkins_job_builder/config/api-jobs.yaml | 4 ++++ .../files/jenkins_job_builder/config/elastic-recheck.yaml | 1 + .../files/jenkins_job_builder/config/gerrit.yaml | 6 ++++++ .../files/jenkins_job_builder/config/gitdm.yaml | 2 +- .../files/jenkins_job_builder/config/horizon.yaml | 2 ++ .../jenkins_job_builder/config/infra-publications.yaml | 2 ++ .../files/jenkins_job_builder/config/infra.yaml | 1 + .../files/jenkins_job_builder/config/job-builder.yaml | 2 ++ .../files/jenkins_job_builder/config/manuals-jobs.yaml | 1 + .../files/jenkins_job_builder/config/manuals.yaml | 5 +++++ .../files/jenkins_job_builder/config/mirror.yaml | 6 ++++++ .../files/jenkins_job_builder/config/openstack-planet.yaml | 1 + .../files/jenkins_job_builder/config/openstack-qa.yaml | 1 + .../files/jenkins_job_builder/config/openstackid.yaml | 2 ++ .../files/jenkins_job_builder/config/requirements.yaml | 1 + .../files/jenkins_job_builder/config/storyboard.yaml | 1 + .../files/jenkins_job_builder/config/translation-jobs.yaml | 5 +++++ .../files/jenkins_job_builder/config/zuul.yaml | 3 +++ 18 files changed, 45 insertions(+), 1 deletion(-) diff --git a/modules/openstack_project/files/jenkins_job_builder/config/api-jobs.yaml b/modules/openstack_project/files/jenkins_job_builder/config/api-jobs.yaml index 1b789f8b0f..444000a1c8 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/api-jobs.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/api-jobs.yaml @@ -8,6 +8,7 @@ - timestamps builders: + - revoke-sudo - gerrit-git-prep - tox: envlist: '{envlist}' @@ -27,6 +28,7 @@ node: bare-precise builders: + - revoke-sudo - gerrit-git-prep - tox: envlist: 'publishdocs-api' @@ -50,6 +52,7 @@ node: bare-precise builders: + - revoke-sudo - gerrit-git-prep publishers: @@ -67,6 +70,7 @@ node: bare-precise builders: + - revoke-sudo - gerrit-git-prep - shell: /usr/local/jenkins/slave_scripts/run-xmllint.sh openstack-compute-api-2/src/os-compute-2.wadl diff --git a/modules/openstack_project/files/jenkins_job_builder/config/elastic-recheck.yaml b/modules/openstack_project/files/jenkins_job_builder/config/elastic-recheck.yaml index 269bf1e8d6..5ab39d4f41 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/elastic-recheck.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/elastic-recheck.yaml @@ -3,6 +3,7 @@ node: bare-precise builders: + - revoke-sudo - gerrit-git-prep - docs: github-org: '{github-org}' diff --git a/modules/openstack_project/files/jenkins_job_builder/config/gerrit.yaml b/modules/openstack_project/files/jenkins_job_builder/config/gerrit.yaml index 229193e185..bce0220fac 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/gerrit.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/gerrit.yaml @@ -10,6 +10,7 @@ - timestamps prebuilders: + - revoke-sudo - gerrit-git-prep - gerrit-preclean @@ -43,6 +44,7 @@ - timestamps prebuilders: + - revoke-sudo - gerrit-git-prep - gerrit-preclean @@ -71,6 +73,7 @@ - timestamps prebuilders: + - revoke-sudo - gerrit-git-prep - gerrit-preclean @@ -102,6 +105,7 @@ - timestamps builders: + - revoke-sudo - shell: | #!/bin/bash -xe mkdir -p gerrit @@ -141,6 +145,7 @@ - timestamps builders: + - revoke-sudo - shell: | #!/bin/bash -xe mkdir -p gerrit @@ -176,6 +181,7 @@ - timestamps builders: + - revoke-sudo - shell: | #!/bin/bash -xe mkdir -p gerrit diff --git a/modules/openstack_project/files/jenkins_job_builder/config/gitdm.yaml b/modules/openstack_project/files/jenkins_job_builder/config/gitdm.yaml index 4bcba1e052..2b36ab5feb 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/gitdm.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/gitdm.yaml @@ -4,9 +4,9 @@ node: '{node}' builders: + - revoke-sudo - link-logs - net-info - - revoke-sudo - gerrit-git-prep - shell: | #!/bin/bash -xe diff --git a/modules/openstack_project/files/jenkins_job_builder/config/horizon.yaml b/modules/openstack_project/files/jenkins_job_builder/config/horizon.yaml index 0b93a34142..a7b4c1e78d 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/horizon.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/horizon.yaml @@ -3,6 +3,7 @@ node: bare-precise builders: + - revoke-sudo - gerrit-git-prep - selenium: github-org: openstack @@ -22,6 +23,7 @@ - timestamps builders: + - revoke-sudo - gerrit-git-prep - shell: '/usr/local/jenkins/slave_scripts/run-unittests.sh 27dj14 openstack horizon' - assert-no-extra-files diff --git a/modules/openstack_project/files/jenkins_job_builder/config/infra-publications.yaml b/modules/openstack_project/files/jenkins_job_builder/config/infra-publications.yaml index ca8d5c5019..d57b1185d7 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/infra-publications.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/infra-publications.yaml @@ -4,6 +4,7 @@ node: bare-precise builders: + - revoke-sudo - gerrit-git-prep - shell: | #!/bin/bash -x @@ -30,6 +31,7 @@ node: bare-precise builders: + - revoke-sudo - gerrit-git-prep - shell: | #!/bin/bash -xe diff --git a/modules/openstack_project/files/jenkins_job_builder/config/infra.yaml b/modules/openstack_project/files/jenkins_job_builder/config/infra.yaml index e8daa06de7..e4a5a5ebcf 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/infra.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/infra.yaml @@ -16,6 +16,7 @@ node: bare-precise builders: + - revoke-sudo - gerrit-git-prep - tox: envlist: 'irc' diff --git a/modules/openstack_project/files/jenkins_job_builder/config/job-builder.yaml b/modules/openstack_project/files/jenkins_job_builder/config/job-builder.yaml index 8be338d9b2..de92fc40c1 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/job-builder.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/job-builder.yaml @@ -4,6 +4,7 @@ node: bare-precise builders: + - revoke-sudo - gerrit-git-prep - docs: github-org: openstack-infra @@ -23,6 +24,7 @@ node: bare-precise builders: + - revoke-sudo - gerrit-git-prep - shell: | source /usr/local/jenkins/slave_scripts/select-mirror.sh openstack-infra jenkins-job-builder diff --git a/modules/openstack_project/files/jenkins_job_builder/config/manuals-jobs.yaml b/modules/openstack_project/files/jenkins_job_builder/config/manuals-jobs.yaml index 0f1638ff24..e390ab14aa 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/manuals-jobs.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/manuals-jobs.yaml @@ -181,6 +181,7 @@ - timestamps builders: + - revoke-sudo - gerrit-git-prep - tox: envlist: '{envlist}' diff --git a/modules/openstack_project/files/jenkins_job_builder/config/manuals.yaml b/modules/openstack_project/files/jenkins_job_builder/config/manuals.yaml index f3f293b050..805ee918bf 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/manuals.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/manuals.yaml @@ -4,6 +4,7 @@ node: bare-precise builders: + - revoke-sudo - gerrit-git-prep - shell: "./tools/validate.py" @@ -16,6 +17,7 @@ node: bare-precise builders: + - revoke-sudo - gerrit-git-prep publishers: @@ -44,6 +46,7 @@ properties-file: gerrit-doc.properties prebuilders: + - revoke-sudo - gerrit-git-prep - shell: | asciidoc -b docbook -d book -o - doc/high-availability-guide/ha-guide.txt | xsltproc -o - /usr/share/xml/docbook/stylesheet/docbook5/db4-upgrade.xsl - | xmllint --format - | sed -e 's, doc/high-availability-guide/bk-ha-guide.xml @@ -81,6 +84,7 @@ properties-file: gerrit-doc.properties prebuilders: + - revoke-sudo - gerrit-git-prep maven: @@ -116,6 +120,7 @@ properties-file: gerrit-doc.properties builders: + - revoke-sudo - gerrit-git-prep - shell: | #!/bin/bash -xe diff --git a/modules/openstack_project/files/jenkins_job_builder/config/mirror.yaml b/modules/openstack_project/files/jenkins_job_builder/config/mirror.yaml index 7e436d4e82..ebaa64b990 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/mirror.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/mirror.yaml @@ -9,6 +9,7 @@ - timestamps builders: + - revoke-sudo - link-logs - net-info - update-pypi-mirror @@ -28,6 +29,7 @@ - timestamps builders: + - revoke-sudo - link-logs - net-info - update-pypi-mirror @@ -47,6 +49,7 @@ - timestamps builders: + - revoke-sudo - link-logs - net-info - update-pypi-mirror @@ -66,6 +69,7 @@ - timestamps builders: + - revoke-sudo - link-logs - net-info - update-pypi-mirror @@ -85,6 +89,7 @@ - timestamps builders: + - revoke-sudo - link-logs - net-info - update-pypi-mirror @@ -104,6 +109,7 @@ - timestamps builders: + - revoke-sudo - link-logs - net-info - update-pypi-mirror diff --git a/modules/openstack_project/files/jenkins_job_builder/config/openstack-planet.yaml b/modules/openstack_project/files/jenkins_job_builder/config/openstack-planet.yaml index a8b519b23e..ed243800a9 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/openstack-planet.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/openstack-planet.yaml @@ -4,6 +4,7 @@ node: bare-precise builders: + - revoke-sudo - gerrit-git-prep - shell: | python test.py diff --git a/modules/openstack_project/files/jenkins_job_builder/config/openstack-qa.yaml b/modules/openstack_project/files/jenkins_job_builder/config/openstack-qa.yaml index bda0b031a5..bac02c6aed 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/openstack-qa.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/openstack-qa.yaml @@ -5,6 +5,7 @@ node: bare-precise builders: + - revoke-sudo - gerrit-git-prep - shell: | export HUDSON_PUBLISH_DOCS=1 diff --git a/modules/openstack_project/files/jenkins_job_builder/config/openstackid.yaml b/modules/openstack_project/files/jenkins_job_builder/config/openstackid.yaml index b99fa97924..2d5da95d63 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/openstackid.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/openstackid.yaml @@ -3,6 +3,7 @@ node: 'bare-precise' builders: + - revoke-sudo - gerrit-git-prep - shell: | #!/bin/bash -xe @@ -23,6 +24,7 @@ node: '{node}' builders: + - revoke-sudo - gerrit-git-prep - shell: | #!/bin/bash -xe diff --git a/modules/openstack_project/files/jenkins_job_builder/config/requirements.yaml b/modules/openstack_project/files/jenkins_job_builder/config/requirements.yaml index b5d10ee14d..c648219e52 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/requirements.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/requirements.yaml @@ -37,6 +37,7 @@ node: proposal builders: + - revoke-sudo - link-logs - net-info - gerrit-git-prep diff --git a/modules/openstack_project/files/jenkins_job_builder/config/storyboard.yaml b/modules/openstack_project/files/jenkins_job_builder/config/storyboard.yaml index 18b95992c1..58da80e1e8 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/storyboard.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/storyboard.yaml @@ -4,6 +4,7 @@ node: bare-precise builders: + - revoke-sudo - gerrit-git-prep - docs: github-org: openstack-infra diff --git a/modules/openstack_project/files/jenkins_job_builder/config/translation-jobs.yaml b/modules/openstack_project/files/jenkins_job_builder/config/translation-jobs.yaml index a9e3b9d8d7..120a6073a7 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/translation-jobs.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/translation-jobs.yaml @@ -2,6 +2,7 @@ name: '{name}-upstream-translation-update' builders: + - revoke-sudo - gerrit-git-prep - shell: | #!/bin/bash -xe @@ -16,6 +17,7 @@ name: '{name}-propose-translation-update' builders: + - revoke-sudo - shell: | #!/bin/bash -xe /usr/local/jenkins/slave_scripts/propose_translation_update.sh {github-org} {name} @@ -35,6 +37,7 @@ name: 'horizon-upstream-translation-update' builders: + - revoke-sudo - gerrit-git-prep - shell: | #!/bin/bash -xe @@ -49,6 +52,7 @@ name: '{name}-manuals-upstream-translation-update' builders: + - revoke-sudo - gerrit-git-prep - shell: | #!/bin/bash -xe @@ -63,6 +67,7 @@ name: '{name}-manuals-propose-translation-update' builders: + - revoke-sudo - shell: | #!/bin/bash -xe /usr/local/jenkins/slave_scripts/propose_translation_update_manuals.sh {name} diff --git a/modules/openstack_project/files/jenkins_job_builder/config/zuul.yaml b/modules/openstack_project/files/jenkins_job_builder/config/zuul.yaml index e5a9c1cdfa..fb17d75284 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/zuul.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/zuul.yaml @@ -4,6 +4,7 @@ node: bare-precise builders: + - revoke-sudo - gerrit-git-prep - docs: github-org: openstack-infra @@ -23,6 +24,7 @@ node: bare-precise builders: + - revoke-sudo - gerrit-git-prep - coverage: github-org: openstack-infra @@ -42,6 +44,7 @@ - timestamps builders: + - revoke-sudo - python27: github-org: 'openstack-infra' project: 'zuul'