~chad.smith/cloud-init:more-doc-sudo-false

Branch merges

Propose for merging

Merged into cloud-init:master at revision a670eb816c8bd73262f29f3821b64b59ae09da94

Server Team CI bot: Approve (continuous-integration) on 2018-06-19

Joshua Powers (community): Approve on 2018-06-19

Diff: 26 lines (+6/-2)

1 file modified

cloudinit/config/cc_users_groups.py (+6/-2)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

5612095... by Chad Smith on 2018-06-19

docs: represent sudo:false in docs for user_groups config module

1c294cc... by Jacob Bednarz on 2018-05-29

Update documentation for explicit `sudo: False` usage

e91a624... by Jacob Bednarz on 2018-05-25

Add test for explicit `sudo: False` usage

c3af032... by Jacob Bednarz on 2018-05-16

Explicitly prevent `sudo` access for user module

To deny a user elevated access, you can omit the `sudo` key from the
`users` dictionary. This works fine however it's implicitly defined
based on defaults of `cloud-init`. If the project moves to have `sudo`
access allowed for all by default (quite unlikely but still possible)
this will catch a few people out.

This introduces the ability to define an explicit `sudo: False` in the
`users` dictionary and it will prevent `sudo` access. The behaviour is
identical to omitting the key.

Fixes: https://bugs.launchpad.net/cloud-init/+bug/1771468

0d7ee55... by Scott Moser on 2018-05-15

ds-identify: recognize container-other as a container, test SmartOS.

In playing with a SmartOS container I found that ds-identify did
not identify the container there as a container. Systemd-detect-virt
identifies it as 'container-other'.

Also here are tests for ds-identify for the SmartOS platform
identification, and some indentation fixes in ds-identify.

d5374bb... by Scott Moser on 2018-05-14

cloud-config.service: run After snap.seeded.service.

This makes cloud-config.service (and as a result cloud-final.service)
run After snap.seeded.service. This is required to ensure that
pre-seeded snaps can be used by cloud-init or user-data input.

The snap.seeded.service was added to snapd at:
  https://github.com/snapcore/snapd/pull/5124

Note that the following would be a workaround:
 snap:
  commands:
   00: snap wait system seed.loaded

LP: #1767131

3b712fc... by Lars Kellogg-Stedman on 2018-05-10

tests: do not rely on host /proc/cmdline in test_net.py

Make test_net.TestGenerateFallbackConfig.test_unstable_names mock
the value of /proc/cmdline in the same way as the existing
test_unstable_names_disabled test.

LP: #1769952

bde3007... by Scott Moser on 2018-05-10

ds-identify: Remove dupe call to is_ds_enabled, improve debug message.

We had two calls to is_ds_enabled, and the debug message looked
something like this:
  is_ds_enabled returned 1: ConfigDrive NoCloud
Now instead we have just one call, and the debug message like:
  is_ds_enabled(IBMCloud) = true

23a84d2... by Scott Moser on 2018-05-09

SmartOS: fix get_interfaces for nics that do not have addr_assign_type.

When attempting to apply network configuration for SmartOS's container
platform, cloud-init would not identify nics. The nics on provided
in this container service do not have 'addr_assign_type'. That
was being interpreted as being a "stolen" mac, and would be filtered
out by get_interfaces.

323eb30... by Chad Smith on 2018-05-09

tests: fix package and ca_cert cloud_tests on bionic

package_update_upgrade_install was failing as htop is now included in
Bionic images. Switch this test to install 'sl' instead.

ca_certs integration test fails on cert_count test because bionic
update-ca-certificates on bionic generates less symlinks for a given cert.

Integration tests now collect dpkg-query --show output on every instance.
Add a new assertPackageInstalled helper method which finds the package or
package version installed on the instance.

Adapt existing byobu, package_update_upgrade_install, ntp and salt_minion
tests to use assertPackageInstalled method.

LP: #1769985