Merge "Use a sudoers file for jenkins sudo rights"

modules/jenkins/files/jenkins-sudo.sudo

@@ -0,0 +1 @@
+jenkins ALL=(root) NOPASSWD:ALL

modules/jenkins/manifests/jenkinsuser.pp

@@ -3,19 +3,12 @@
 class jenkins::jenkinsuser(
   $ssh_key = '',
   $ensure = present,
-  $sudo = false,
 ) {
 
   group { 'jenkins':
     ensure => present,
   }
 
-  if ($sudo == true) {
-    $groups = ['sudo', 'admin']
-  } else {
-    $groups = []
-  }
-
   user { 'jenkins':
     ensure     => present,
     comment    => 'Jenkins User',
@@ -23,7 +16,7 @@ class jenkins::jenkinsuser(
     gid        => 'jenkins',
     shell      => '/bin/bash',
     membership => 'minimum',
-    groups     => $groups,
+    groups     => [],
     require    => Group['jenkins'],
   }
 

modules/jenkins/manifests/slave.pp

@@ -16,7 +16,6 @@ class jenkins::slave(
   if ($user == true) {
     class { 'jenkins::jenkinsuser':
       ensure  => present,
-      sudo    => $sudo,
       ssh_key => $ssh_key,
     }
   }
@@ -400,6 +399,16 @@ class jenkins::slave(
     source  => 'puppet:///modules/jenkins/slave_scripts',
   }
 
+  if ($sudo == true) {
+    file { '/etc/sudoers.d/jenkins-sudo':
+      ensure => present,
+      source => 'puppet:///modules/jenkins/jenkins-sudo.sudo',
+      owner  => 'root',
+      group  => 'root',
+      mode   => '0440',
+    }
+  }
+
   file { '/etc/sudoers.d/jenkins-sudo-grep':
     ensure => present,
     source => 'puppet:///modules/jenkins/jenkins-sudo-grep.sudo',