Switch the IRC access check to OFTC
Make some adjustments to the IRC access check script so that it works in the OFTC network now. Also update the channel config to reflect the new ACL paradigms there. Remove our volunteer operators temporarily until we can confirm their nicks there. Also rip out the channel forwarding for unregistered nicks, we can work on readding it there later if we determine it's necessary after all, but it will need implementing differently anyway if so. Change-Id: Ib3c43ef5ba22191d869629cd01d3800f3e235ea4
This commit is contained in:
parent
9e35441f1a
commit
e858068643
@ -14,9 +14,8 @@
|
|||||||
|
|
||||||
# In general, to add a new channel for an official OpenStack project
|
# In general, to add a new channel for an official OpenStack project
|
||||||
# to this file, just add the name to the list in "channels" without
|
# to this file, just add the name to the list in "channels" without
|
||||||
# anything else. Projects who wish to maintain full permissions
|
# anything else. Additional admins or ops can be added as keys under the
|
||||||
# outside the "official" infra list can optionally set "mask" to
|
# channel name.
|
||||||
# "full_mask".
|
|
||||||
|
|
||||||
# Each channel is a dictionary with a keys as follows
|
# Each channel is a dictionary with a keys as follows
|
||||||
#
|
#
|
||||||
@ -24,16 +23,12 @@
|
|||||||
# (str) unique channel name (no #)
|
# (str) unique channel name (no #)
|
||||||
# alumni:
|
# alumni:
|
||||||
# (list) list of nicks that should be removed from ChanServ access
|
# (list) list of nicks that should be removed from ChanServ access
|
||||||
# mask:
|
|
||||||
# (str) default mask for users with chanserv access but not
|
|
||||||
# otherwise listed in the channel or global config. Access is
|
|
||||||
# limited to the mask but otherwise left alone.
|
|
||||||
# mode:
|
# mode:
|
||||||
# (str) mode mask for mlock. Note that flags here are enforced, but
|
# (str) mode mask for mlock. Note that flags here are enforced, but
|
||||||
# flags outside the list are left alone.
|
# flags outside the list are left alone.
|
||||||
# *:
|
# *:
|
||||||
# (list) every other key is assumed to be a key in the "access:"
|
# (list) every other key is assumed to be a key in the "access:"
|
||||||
# list. The provided list of nicks will have the flags for that
|
# list. The provided list of nicks will have the levels for that
|
||||||
# key applied.
|
# key applied.
|
||||||
#
|
#
|
||||||
# NOTE each channel looks up these values in the "global:" list first.
|
# NOTE each channel looks up these values in the "global:" list first.
|
||||||
@ -43,20 +38,10 @@
|
|||||||
# Global definitions
|
# Global definitions
|
||||||
#
|
#
|
||||||
|
|
||||||
# To forward unregistered users to a channel with +f you need to be an
|
# Access levels (map names in this file to chanserv access levels):
|
||||||
# op in that channel. This pre-joins and ops (via chanserv) in the
|
|
||||||
# given channels.
|
|
||||||
op_channels:
|
|
||||||
- openstack-unregistered
|
|
||||||
|
|
||||||
# Access levels (map names in this file to chanserv flags):
|
|
||||||
access:
|
access:
|
||||||
masters: +AFRefiorstv
|
admins: MASTER
|
||||||
status: +Vt
|
ops: CHANOP
|
||||||
meetbots: +O
|
|
||||||
operators: +Aeforstv
|
|
||||||
channel_op_mask: +AOVefortv
|
|
||||||
full_mask: +AFORVefiorstv
|
|
||||||
|
|
||||||
# Define configuration that should apply to all channels.
|
# Define configuration that should apply to all channels.
|
||||||
global:
|
global:
|
||||||
@ -74,51 +59,38 @@ global:
|
|||||||
- Shrews
|
- Shrews
|
||||||
- dmsimard
|
- dmsimard
|
||||||
- pabelanger
|
- pabelanger
|
||||||
mask:
|
# https://www.oftc.net/ChannelModes/
|
||||||
channel_op_mask
|
# c - no color messages allowed
|
||||||
# This sets the following
|
# n - no external messages (from clients that are not on the channels)
|
||||||
# c : no colors
|
# t - only chanops may change Topic
|
||||||
# n : message can not be sent from outside channel
|
# z - messages that would otherwise be blocked go to channel operators
|
||||||
# r : registered users only
|
# M - client may speak only when registered and identified to NickServ
|
||||||
# t : op to modify topic
|
# R - client may join only when registered and identified to NickServ
|
||||||
# f : forward unregistered users to #openstack-unregistered
|
# S - client may join only when using SSL Connection
|
||||||
mode: '+cnrtf #openstack-unregistered'
|
mode: '+cnt'
|
||||||
masters:
|
admins:
|
||||||
- openstackinfra
|
|
||||||
operators:
|
|
||||||
- AJaeger
|
|
||||||
- clarkb
|
- clarkb
|
||||||
- diablo_rojo
|
|
||||||
- frickler
|
- frickler
|
||||||
- fungi
|
- fungi
|
||||||
- ianw
|
- ianw
|
||||||
- jeblair
|
- jeblair
|
||||||
- jhesketh
|
- mordred
|
||||||
- mnaser
|
- opendevaccess
|
||||||
- mtaylor
|
ops:
|
||||||
- ttx
|
- opendevmeet
|
||||||
status:
|
- opendevstatus
|
||||||
- openstackstatus
|
|
||||||
meetbots:
|
|
||||||
- open_stack
|
|
||||||
|
|
||||||
# Individual channel configuration:
|
# Individual channel configuration:
|
||||||
channels:
|
channels:
|
||||||
- name: airshipit
|
- name: airshipit
|
||||||
mask: full_mask
|
|
||||||
- name: airshipit-gerritbot
|
- name: airshipit-gerritbot
|
||||||
mask: full_mask
|
|
||||||
- name: cloudkitty
|
- name: cloudkitty
|
||||||
- name: edge-computing-group
|
- name: edge-computing-group
|
||||||
- name: git-upstream
|
- name: git-upstream
|
||||||
mask: full_mask
|
|
||||||
- name: heat
|
- name: heat
|
||||||
- name: kata-dev
|
- name: kata-dev
|
||||||
mask: full_mask
|
|
||||||
- name: kata-general
|
- name: kata-general
|
||||||
mask: full_mask
|
|
||||||
- name: midonet
|
- name: midonet
|
||||||
mask: full_mask
|
|
||||||
- name: oooq
|
- name: oooq
|
||||||
- name: opendev
|
- name: opendev
|
||||||
- name: opendev-meeting
|
- name: opendev-meeting
|
||||||
@ -163,7 +135,6 @@ channels:
|
|||||||
- name: openstack-golang
|
- name: openstack-golang
|
||||||
- name: openstack-ha
|
- name: openstack-ha
|
||||||
- name: openstack-helm
|
- name: openstack-helm
|
||||||
mask: full_mask
|
|
||||||
- name: openstack-horizon
|
- name: openstack-horizon
|
||||||
- name: openstack-hyper-v
|
- name: openstack-hyper-v
|
||||||
- name: openstack-i18n
|
- name: openstack-i18n
|
||||||
@ -177,7 +148,6 @@ channels:
|
|||||||
- name: openstack-kolla
|
- name: openstack-kolla
|
||||||
- name: openstack-kuryr
|
- name: openstack-kuryr
|
||||||
- name: openstack-lbaas
|
- name: openstack-lbaas
|
||||||
mask: full_mask
|
|
||||||
- name: openstack-loci
|
- name: openstack-loci
|
||||||
- name: openstack-manila
|
- name: openstack-manila
|
||||||
- name: openstack-masakari
|
- name: openstack-masakari
|
||||||
@ -203,7 +173,6 @@ channels:
|
|||||||
- name: openstack-oslo
|
- name: openstack-oslo
|
||||||
- name: openstack-pandaman
|
- name: openstack-pandaman
|
||||||
- name: openstack-placement
|
- name: openstack-placement
|
||||||
mask: full_mask
|
|
||||||
- name: openstack-poppy
|
- name: openstack-poppy
|
||||||
- name: openstack-qa
|
- name: openstack-qa
|
||||||
- name: openstack-quota
|
- name: openstack-quota
|
||||||
@ -219,7 +188,6 @@ channels:
|
|||||||
- name: openstack-snaps
|
- name: openstack-snaps
|
||||||
- name: openstack-solar
|
- name: openstack-solar
|
||||||
- name: openstack-spaceport
|
- name: openstack-spaceport
|
||||||
mask: full_mask
|
|
||||||
- name: openstack-stable
|
- name: openstack-stable
|
||||||
- name: openstack-state-management
|
- name: openstack-state-management
|
||||||
- name: openstack-steth
|
- name: openstack-steth
|
||||||
@ -228,7 +196,6 @@ channels:
|
|||||||
- name: openstack-tc
|
- name: openstack-tc
|
||||||
- name: openstack-telemetry
|
- name: openstack-telemetry
|
||||||
- name: openstack-third-party-ci
|
- name: openstack-third-party-ci
|
||||||
mask: full_mask
|
|
||||||
- name: openstack-trove
|
- name: openstack-trove
|
||||||
- name: openstack-upstream-institute
|
- name: openstack-upstream-institute
|
||||||
- name: openstack-vahana
|
- name: openstack-vahana
|
||||||
@ -240,7 +207,6 @@ channels:
|
|||||||
- name: openstack-zaqar
|
- name: openstack-zaqar
|
||||||
- name: openstack-zun
|
- name: openstack-zun
|
||||||
- name: osism
|
- name: osism
|
||||||
mask: full_mask
|
|
||||||
- name: refstack
|
- name: refstack
|
||||||
- name: senlin
|
- name: senlin
|
||||||
- name: solum
|
- name: solum
|
||||||
@ -251,9 +217,7 @@ channels:
|
|||||||
- name: swiftonhpss
|
- name: swiftonhpss
|
||||||
- name: swift3
|
- name: swift3
|
||||||
- name: syscompass
|
- name: syscompass
|
||||||
mask: full_mask
|
|
||||||
- name: tacker
|
- name: tacker
|
||||||
mask: full_mask
|
|
||||||
- name: tripleo
|
- name: tripleo
|
||||||
- name: wsme
|
- name: wsme
|
||||||
- name: zuul
|
- name: zuul
|
||||||
|
@ -34,7 +34,6 @@ class CheckAccess(irc.client.SimpleIRCClient):
|
|||||||
|
|
||||||
def __init__(self, channels, nick, flags):
|
def __init__(self, channels, nick, flags):
|
||||||
irc.client.SimpleIRCClient.__init__(self)
|
irc.client.SimpleIRCClient.__init__(self)
|
||||||
self.identify_msg_cap = False
|
|
||||||
self.channels = channels
|
self.channels = channels
|
||||||
self.nick = nick
|
self.nick = nick
|
||||||
self.flags = flags
|
self.flags = flags
|
||||||
@ -49,30 +48,10 @@ class CheckAccess(irc.client.SimpleIRCClient):
|
|||||||
sys.exit(0)
|
sys.exit(0)
|
||||||
|
|
||||||
def on_welcome(self, c, e):
|
def on_welcome(self, c, e):
|
||||||
self.identify_msg_cap = False
|
|
||||||
self.log.debug("Requesting identify-msg capability")
|
|
||||||
c.cap('REQ', 'identify-msg')
|
|
||||||
c.cap('END')
|
|
||||||
|
|
||||||
def on_cap(self, c, e):
|
|
||||||
self.log.debug("Received cap response %s" % repr(e.arguments))
|
|
||||||
if e.arguments[0] == 'ACK' and 'identify-msg' in e.arguments[1]:
|
|
||||||
self.log.debug("identify-msg cap acked")
|
|
||||||
self.identify_msg_cap = True
|
|
||||||
self.advance()
|
self.advance()
|
||||||
|
|
||||||
def on_privnotice(self, c, e):
|
def on_privnotice(self, c, e):
|
||||||
if not self.identify_msg_cap:
|
msg = e.arguments[0]
|
||||||
self.log.debug("Ignoring message because identify-msg "
|
|
||||||
"cap not enabled")
|
|
||||||
return
|
|
||||||
nick = e.source.split('!')[0]
|
|
||||||
auth = e.arguments[0][0]
|
|
||||||
msg = e.arguments[0][1:]
|
|
||||||
if auth != '+' or nick != 'ChanServ':
|
|
||||||
self.log.debug("Ignoring message from unauthenticated "
|
|
||||||
"user %s" % nick)
|
|
||||||
return
|
|
||||||
self.advance(msg)
|
self.advance(msg)
|
||||||
|
|
||||||
def advance(self, msg=None):
|
def advance(self, msg=None):
|
||||||
@ -82,11 +61,13 @@ class CheckAccess(irc.client.SimpleIRCClient):
|
|||||||
return
|
return
|
||||||
self.current_channel = self.channels.pop()
|
self.current_channel = self.channels.pop()
|
||||||
self.current_list = []
|
self.current_list = []
|
||||||
self.connection.privmsg('chanserv', 'access list %s' %
|
self.connection.privmsg('chanserv', 'access %s list' %
|
||||||
self.current_channel)
|
self.current_channel)
|
||||||
time.sleep(1)
|
time.sleep(1)
|
||||||
return
|
return
|
||||||
if msg.endswith('is not registered.'):
|
if not msg:
|
||||||
|
return
|
||||||
|
if msg.endswith('is not registered with channel services.'):
|
||||||
self.failed = True
|
self.failed = True
|
||||||
print("%s is not registered with ChanServ." %
|
print("%s is not registered with ChanServ." %
|
||||||
self.current_channel)
|
self.current_channel)
|
||||||
@ -133,7 +114,7 @@ def main():
|
|||||||
default='/etc/accessbot/channels.yaml',
|
default='/etc/accessbot/channels.yaml',
|
||||||
help='path to the config file')
|
help='path to the config file')
|
||||||
parser.add_argument('-s', dest='server',
|
parser.add_argument('-s', dest='server',
|
||||||
default='chat.freenode.net',
|
default='irc.oftc.net',
|
||||||
help='IRC server')
|
help='IRC server')
|
||||||
parser.add_argument('-p', dest='port',
|
parser.add_argument('-p', dest='port',
|
||||||
default=6697,
|
default=6697,
|
||||||
|
2
tox.ini
2
tox.ini
@ -71,7 +71,7 @@ deps =
|
|||||||
ruamel.yaml
|
ruamel.yaml
|
||||||
irc
|
irc
|
||||||
commands =
|
commands =
|
||||||
{toxinidir}/tools/check_irc_access.py -l accessbot/channels.yaml openstackinfra
|
{toxinidir}/tools/check_irc_access.py -l accessbot/channels.yaml opendevaccess
|
||||||
{toxinidir}/tools/irc_tests.py
|
{toxinidir}/tools/irc_tests.py
|
||||||
{toxinidir}/tools/check-channels-yaml.sh
|
{toxinidir}/tools/check-channels-yaml.sh
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user