revoke-sudo: only revoke when zuul is sudoer
This change makes unittests jobs usable on read-only environment. Change-Id: I36cfe7e5849687dbed510396a825dc0ec45542b3
This commit is contained in:
Tristan Cacqueray
parent
28bf5c0dcc
commit
892dc6a095
@ -1,11 +1,18 @@
|
|||||||
|
- name: Check if zuul is sudoer
|
||||||
|
command: sudo -n true
|
||||||
|
failed_when: false
|
||||||
|
register: zuul_is_sudoer
|
||||||
|
|
||||||
- name: Remove sudo access for zuul user.
|
- name: Remove sudo access for zuul user.
|
||||||
become: yes
|
become: yes
|
||||||
file:
|
file:
|
||||||
path: /etc/sudoers.d/zuul
|
path: /etc/sudoers.d/zuul
|
||||||
state: absent
|
state: absent
|
||||||
|
when: zuul_is_sudoer.rc == 0
|
||||||
|
|
||||||
- name: Prove that general sudo access is actually revoked.
|
- name: Prove that general sudo access is actually revoked.
|
||||||
shell: '! sudo -n true'
|
shell: '! sudo -n true'
|
||||||
tags:
|
tags:
|
||||||
# We really need shell above, skip warning
|
# We really need shell above, skip warning
|
||||||
- skip_ansible_lint
|
- skip_ansible_lint
|
||||||
|
when: zuul_is_sudoer.rc == 0
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user