Fix errors in sync script.

We were ignoring launchpad team membership because of a programming error (person instead of person.name). We were also removing people from some gerrit-only groups like "Administrators". This adds several kinds of protection to make sure we don't sync inappropriate groups. Change-Id: Id7952591c54cf3532a37631408b386ebacd653b4 Reviewed-on: https://review.openstack.org/17317 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-12-02 11:22:25 -08:00 · 2012-12-02 11:22:25 -08:00 · 559dc91e51
commit 559dc91e51
parent 0087c4956f
1 changed files with 25 additions and 1 deletions
--- a/modules/launchpad_sync/files/update_gerrit_users.py
+++ b/modules/launchpad_sync/files/update_gerrit_users.py
@ -184,6 +184,17 @@ class GerritUser(object):
        self.openids = []

 class Sync(object):
+    never_sync_list = ['Administrators',
+                       'Anonymous Users',
+                       'Project Owners',
+                       'Registered Users',
+                       'Non-Interactive Users',
+                       'Project Bootstrappers',
+                       'Continuous Integration Tools',
+                       'External Testing Tools',
+                       'Release Managers',
+                       ]
+
    def __init__(self):
        self.log = logging.getLogger('sync')
        self.cursor = cur
@ -289,13 +300,17 @@ class Sync(object):
        self.cursor.execute("select group_id, name from account_groups")
        for row in self.cursor.fetchall():
            id, name = row
+            if name in self.never_sync_list:
+                continue
+            if name[0] >= 'A' and name[0] <= 'Z':
+                continue
            self.groups[name] = Group(name, id)

    def getOpenID(self, openid):
        person = launchpad.people.getByOpenIDIdentifier(identifier=openid)
        if not person:
            return
-        lp_user = self.lp_users.get(person)
+        lp_user = self.lp_users.get(person.name)
        if not lp_user:
            lp_user = LPUser(person.name)
            self.lp_users[person.name] = lp_user
@ -656,11 +671,20 @@ class Sync(object):
        groups_to_rm = []

        for team in lp_user.teams:
+            if team.name in self.never_sync_list:
+                continue
            groups_to_add.append(self.groups[team.name])

        # groups_to_add is now the full list of all groups we think the user
        # should belong to. we want to limit the users groups to this list
        for group in self.groups.values():
+            if group.name in self.never_sync_list:
+                continue
+            team = self.teams.get(group.name)
+            if not team:
+                # There is no corresponding LP team, so this may be
+                # a gerrit-only group
+                continue
            if group not in groups_to_add:
                if group not in groups_to_rm:
                    groups_to_rm.append(group)