Add revoke-sudo role and update tox jobs
Change-Id: Ie0df08b6c4e4442e6d769b6ca26e59f919889566
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
diff --git a/playbooks/roles/revoke-sudo/tasks/main.yaml b/playbooks/roles/revoke-sudo/tasks/main.yaml
new file mode 100644
index 0000000..1c18187
--- /dev/null
+++ b/playbooks/roles/revoke-sudo/tasks/main.yaml
@@ -0,0 +1,8 @@
+- name: Remove sudo access for zuul user.
+ become: yes
+ file:
+ path: /etc/sudoers.d/zuul-sudo
+ state: absent
+
+- name: Prove that general sudo access is actually revoked.
+ shell: ! sudo -n true
diff --git a/playbooks/tox-cover.yaml b/playbooks/tox-cover.yaml
index 19921fc..642eb4e 100644
--- a/playbooks/tox-cover.yaml
+++ b/playbooks/tox-cover.yaml
@@ -1,4 +1,5 @@
- hosts: all
roles:
- extra-test-setup
+ - revoke-sudo
- run-cover
diff --git a/playbooks/tox-docs.yaml b/playbooks/tox-docs.yaml
index 98b3313..028e1c5 100644
--- a/playbooks/tox-docs.yaml
+++ b/playbooks/tox-docs.yaml
@@ -1,3 +1,4 @@
- hosts: all
roles:
+ - revoke-sudo
- run-docs
diff --git a/playbooks/tox-linters.yaml b/playbooks/tox-linters.yaml
index 9da2e8a..d1e7f13 100644
--- a/playbooks/tox-linters.yaml
+++ b/playbooks/tox-linters.yaml
@@ -2,4 +2,5 @@
vars:
run_tox_envlist: pep8
roles:
+ - revoke-sudo
- run-tox
diff --git a/playbooks/tox-py27.yaml b/playbooks/tox-py27.yaml
index 64721e9..fd45f27 100644
--- a/playbooks/tox-py27.yaml
+++ b/playbooks/tox-py27.yaml
@@ -3,4 +3,5 @@
run_tox_envlist: py27
roles:
- extra-test-setup
+ - revoke-sudo
- run-tox