revoke-sudo: only revoke when zuul is sudoer

This change makes unittests jobs usable on read-only environment. Change-Id: I36cfe7e5849687dbed510396a825dc0ec45542b3
2017-11-22 14:05:49 +00:00 · 2017-11-22 14:05:49 +00:00 · 892dc6a095
commit 892dc6a095
parent 28bf5c0dcc
1 changed files with 7 additions and 0 deletions
--- a/roles/revoke-sudo/tasks/main.yaml
+++ b/roles/revoke-sudo/tasks/main.yaml
@ -1,11 +1,18 @@
+- name: Check if zuul is sudoer
+  command: sudo -n true
+  failed_when: false
+  register: zuul_is_sudoer
+
 - name: Remove sudo access for zuul user.
  become: yes
  file:
    path: /etc/sudoers.d/zuul
    state: absent
+  when: zuul_is_sudoer.rc == 0

 - name: Prove that general sudo access is actually revoked.
  shell: '! sudo -n true'
  tags:
    # We really need shell above, skip warning
    - skip_ansible_lint
+  when: zuul_is_sudoer.rc == 0