summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIan Wienand <iwienand@redhat.com>2018-08-02 11:50:13 +1000
committerIan Wienand <iwienand@redhat.com>2018-08-02 12:44:57 +1000
commit4e23eb18a09fd3187599e8c00e5a84557b505109 (patch)
tree6acdd2ce46d3fab2760199c3bf9fc0cac3c69155
parent2ebab74d16d5c3e77dad39ca8f4a5d67a002d6a5 (diff)
Add alumni to accessbot
By design, accessbot doesn't *remove* access when you remove yourself from the access lists; you are just limited to a lower level. This is noted in the configuration file: # The label 'mask' is special: anyone with perms on a channel that # isn't otherwise listed for the channel or in the global list will # have their access limited to the mask but otherwise left alone. However I'm feel like it's reasonable to assume that when you remove yourself you are giving up your permissions; and in the *very* unlikely case of a bad actor, we would want to know we did actually remove them from all channels. To make this clearer, but still allow for unlisted users to maintain whatever permissions they have, this adds an "alumni" section to the configuration, and allows for alumni to be set on individual channels. If your nick appears in this list, your access is removed. Obviously once this has run once, people could be removed from alumni if there is a need to cater for something tricky like removing global access but then adding permissions. But in general I think it will work to just keep a record of contributors in the common case of "moved on from openstack work and no longer want to admin things". Change-Id: I0858e963cdf4bc90c30f9d60ea524d778ae3d150
Notes
Notes (review): Code-Review+2: Monty Taylor <mordred@inaugust.com> Code-Review+1: Andreas Jaeger <jaegerandi@gmail.com> Code-Review+2: Clark Boylan <cboylan@sapwetik.org> Code-Review+2: James E. Blair <corvus@inaugust.com> Workflow+1: Ian Wienand <iwienand@redhat.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Mon, 06 Aug 2018 00:07:11 +0000 Reviewed-on: https://review.openstack.org/588115 Project: openstack-infra/puppet-accessbot Branch: refs/heads/master
-rwxr-xr-xfiles/accessbot.py13
1 files changed, 11 insertions, 2 deletions
diff --git a/files/accessbot.py b/files/accessbot.py
index aa59b9e..15c1baf 100755
--- a/files/accessbot.py
+++ b/files/accessbot.py
@@ -92,6 +92,7 @@ class SetAccess(irc.client.SimpleIRCClient):
92 92
93 def _get_access_list(self, channel_name): 93 def _get_access_list(self, channel_name):
94 ret = {} 94 ret = {}
95 alumni = []
95 channel = None 96 channel = None
96 for c in self.config['channels']: 97 for c in self.config['channels']:
97 if c['name'] == channel_name: 98 if c['name'] == channel_name:
@@ -104,12 +105,15 @@ class SetAccess(irc.client.SimpleIRCClient):
104 if access == 'mask': 105 if access == 'mask':
105 mask = self.config['access'].get(nicks) 106 mask = self.config['access'].get(nicks)
106 continue 107 continue
108 if access == 'alumni':
109 alumni += nicks
110 continue
107 flags = self.config['access'].get(access) 111 flags = self.config['access'].get(access)
108 if flags is None: 112 if flags is None:
109 continue 113 continue
110 for nick in nicks: 114 for nick in nicks:
111 ret[nick] = flags 115 ret[nick] = flags
112 return mask, ret 116 return mask, ret, alumni
113 117
114 def _get_access_change(self, current, target, mask): 118 def _get_access_change(self, current, target, mask):
115 remove = '' 119 remove = ''
@@ -136,13 +140,18 @@ class SetAccess(irc.client.SimpleIRCClient):
136 return change 140 return change
137 141
138 def _get_access_changes(self): 142 def _get_access_changes(self):
139 mask, target = self._get_access_list(self.current_channel) 143 mask, target, alumni = self._get_access_list(self.current_channel)
140 self.log.debug("Mask for %s: %s" % (self.current_channel, mask)) 144 self.log.debug("Mask for %s: %s" % (self.current_channel, mask))
141 self.log.debug("Target for %s: %s" % (self.current_channel, target)) 145 self.log.debug("Target for %s: %s" % (self.current_channel, target))
142 all_nicks = set() 146 all_nicks = set()
147 global_alumni = self.config.get('alumni', {})
143 current = {} 148 current = {}
144 changes = [] 149 changes = []
145 for nick, flags, msg in self.current_list: 150 for nick, flags, msg in self.current_list:
151 if nick in global_alumni or nick in alumni :
152 self.log.debug("%s is an alumni; removing access", nick)
153 changes.append('access #%s del %s' % (self.current_channel, nick))
154 continue
146 all_nicks.add(nick) 155 all_nicks.add(nick)
147 current[nick] = flags 156 current[nick] = flags
148 for nick in target.keys(): 157 for nick in target.keys():