From 2cb2e29e3664136f7235a314ef6fdf64e16d2080 Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@openstack.org>
Date: Tue, 11 Feb 2014 13:59:21 -0800
Subject: [PATCH] Revoke sudo permissions before infra jobs

This should actually be a noop -- the sudo file should not be in
place yet, but the revoke-sudo builder needs to work regardless
of whether the file is in place or not.  This tests the latter
condition.

Next step is to add this to all jobs that run on bare-precise nodes
and then enable sudo on bare-precise nodes.

Change-Id: Ib6241d39cefc2a4df66e6f1b3f2e9e18bd08db09
---
 .../files/jenkins_job_builder/config/infra.yaml          | 5 +++++
 .../files/jenkins_job_builder/config/macros.yaml         | 9 +++++++++
 2 files changed, 14 insertions(+)

diff --git a/modules/openstack_project/files/jenkins_job_builder/config/infra.yaml b/modules/openstack_project/files/jenkins_job_builder/config/infra.yaml
index f31cf7baaf..79246060e6 100644
--- a/modules/openstack_project/files/jenkins_job_builder/config/infra.yaml
+++ b/modules/openstack_project/files/jenkins_job_builder/config/infra.yaml
@@ -3,6 +3,7 @@
     node: bare-precise
 
     builders:
+      - revoke-sudo
       - gerrit-git-prep
       - shell: "./tools/run-compare-xml.sh openstack-infra config"
 
@@ -15,6 +16,7 @@
     node: bare-precise
 
     builders:
+      - revoke-sudo
       - gerrit-git-prep
       - shell: |
           source /usr/local/jenkins/slave_scripts/select-mirror.sh openstack-infra config
@@ -30,6 +32,7 @@
     node: bare-precise
 
     builders:
+      - revoke-sudo
       - gerrit-git-prep
       - docs:
           github-org: openstack-infra
@@ -50,6 +53,7 @@
     node: bare-precise
 
     builders:
+      - revoke-sudo
       - gerrit-git-prep
       - docs:
           github-org: openstack-infra
@@ -65,6 +69,7 @@
     node: bare-precise
 
     builders:
+      - revoke-sudo
       - gerrit-git-prep
       - shell: "tools/check_projects_yaml_alphabetized.sh"
 
diff --git a/modules/openstack_project/files/jenkins_job_builder/config/macros.yaml b/modules/openstack_project/files/jenkins_job_builder/config/macros.yaml
index 9677b19c68..35774f55c8 100644
--- a/modules/openstack_project/files/jenkins_job_builder/config/macros.yaml
+++ b/modules/openstack_project/files/jenkins_job_builder/config/macros.yaml
@@ -3,6 +3,15 @@
     builders:
       - shell: "/usr/local/jenkins/slave_scripts/gerrit-git-prep.sh https://review.openstack.org http://zuul.openstack.org git://git.openstack.org"
 
+- builder:
+    name: revoke-sudo
+    builders:
+      - shell: |
+          #!/bin/bash
+          if [ -f /etc/sudoers.d/jenkins-sudo ] ; then
+              sudo rm /etc/sudoers.d/jenkins-sudo
+          fi
+
 - builder:
     name: coverage
     builders: