Fix errors in sync script.
We were ignoring launchpad team membership because of a programming error (person instead of person.name). We were also removing people from some gerrit-only groups like "Administrators". This adds several kinds of protection to make sure we don't sync inappropriate groups. Change-Id: Id7952591c54cf3532a37631408b386ebacd653b4 Reviewed-on: https://review.openstack.org/17317 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
This commit is contained in:
parent
0087c4956f
commit
559dc91e51
@ -184,6 +184,17 @@ class GerritUser(object):
|
||||
self.openids = []
|
||||
|
||||
class Sync(object):
|
||||
never_sync_list = ['Administrators',
|
||||
'Anonymous Users',
|
||||
'Project Owners',
|
||||
'Registered Users',
|
||||
'Non-Interactive Users',
|
||||
'Project Bootstrappers',
|
||||
'Continuous Integration Tools',
|
||||
'External Testing Tools',
|
||||
'Release Managers',
|
||||
]
|
||||
|
||||
def __init__(self):
|
||||
self.log = logging.getLogger('sync')
|
||||
self.cursor = cur
|
||||
@ -289,13 +300,17 @@ class Sync(object):
|
||||
self.cursor.execute("select group_id, name from account_groups")
|
||||
for row in self.cursor.fetchall():
|
||||
id, name = row
|
||||
if name in self.never_sync_list:
|
||||
continue
|
||||
if name[0] >= 'A' and name[0] <= 'Z':
|
||||
continue
|
||||
self.groups[name] = Group(name, id)
|
||||
|
||||
def getOpenID(self, openid):
|
||||
person = launchpad.people.getByOpenIDIdentifier(identifier=openid)
|
||||
if not person:
|
||||
return
|
||||
lp_user = self.lp_users.get(person)
|
||||
lp_user = self.lp_users.get(person.name)
|
||||
if not lp_user:
|
||||
lp_user = LPUser(person.name)
|
||||
self.lp_users[person.name] = lp_user
|
||||
@ -656,11 +671,20 @@ class Sync(object):
|
||||
groups_to_rm = []
|
||||
|
||||
for team in lp_user.teams:
|
||||
if team.name in self.never_sync_list:
|
||||
continue
|
||||
groups_to_add.append(self.groups[team.name])
|
||||
|
||||
# groups_to_add is now the full list of all groups we think the user
|
||||
# should belong to. we want to limit the users groups to this list
|
||||
for group in self.groups.values():
|
||||
if group.name in self.never_sync_list:
|
||||
continue
|
||||
team = self.teams.get(group.name)
|
||||
if not team:
|
||||
# There is no corresponding LP team, so this may be
|
||||
# a gerrit-only group
|
||||
continue
|
||||
if group not in groups_to_add:
|
||||
if group not in groups_to_rm:
|
||||
groups_to_rm.append(group)
|
||||
|
Loading…
x
Reference in New Issue
Block a user