On Tue, 29 Sep 2015 08:27:01 -0600 Tim Flink <tflink@xxxxxxxxxx> wrote: > Long story short, when the batcave upgrade happened on Friday we found > out that rbac_playbook doesn't work on el7 due to an issue with > nss-altfiles. > > I figured out how to sidestep the issue by changing the approach that > rbac_playbook takes. It used to get all the groups for the user > running the script and check for an intersection between those groups > and the required groups for the playbook being run. > > The new version looks at the groups required for the playbook being > run, gathers all the users in those groups and verifies that the user > running rbac_playbook is in that list before proceeding. > > I've included the changes below for security review before updating > anything on batcave01 Thanks for the reviews. Code has been pushed to git, I've built a new ansible_utils package and put that in the el7 infrastructure repo. Tim
Attachment:
pgpneKgMr9px3.pgp
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/postorius/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
