openstack/releases
Code Issues Proposed changes

Report ACL violations as issues by default

Browse Source 
By default, the tool should report ACL violations rather than
fix them in place. Add a --patch option to explicitly ask to
fix the ACL files in place.

Rename tool to aclissues.py to better reflect what it does by
default (report issues instead of fixing them).

Change-Id: I04744746b6492a1f3ab0790ebb565235f292caf9
This commit is contained in:
Thierry Carrez
2018-06-27 17:49:04 +02:00
parent 8ba7eb9608
commit fa30fbe25e
1 changed files with 19 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
tools/aclissues.py Executable file
View File

@@ -0,0 +1,137 @@
#!/usr/bin/python
#
# Tool to generate a patch to remove direct tagging / branch-creating
# rights for official OpenStack deliverables
#
# Copyright 2018 Thierry Carrez <thierry@openstack.org>
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import argparse
import os
import re
import sys
import yaml
TEAM_EXCEPTIONS = [
# Teams that are likely to be moved off TC governance
'Infrastructure',
'RefStack',
# Deployment tool teams with externally-released artifacts
'OpenStack Charms',
'Chef OpenStack',
'OpenStack-Helm',
# Others
'rally',
]
WILDCARD_REPO_EXCEPTIONS = [
]
REPO_EXCEPTIONS = [
]
def is_a_repo_exception(repo):
for pattern in WILDCARD_REPO_EXCEPTIONS:
if re.match(pattern, repo):
return True
return repo in REPO_EXCEPTIONS
def is_a_team_exception(team):
return team in TEAM_EXCEPTIONS
def issues_in_acl(repo, fullfilename, patch):
newcontent = ""
with open(fullfilename) as aclfile:
skip = False
issues = False
for line in aclfile:
# Skip until start of next section if in skip mode
if skip:
if line.startswith('['):
skip = False
else:
continue
# Remove [access ref/tags/*] sections
if line.startswith('[access "refs/tag'):
skip = True
issues = True
continue
# Remove 'create' lines
if line.startswith('create ='):
issues = True
continue
# Copy the current line over
newcontent += line
if patch:
with open(fullfilename, 'w') as aclfile:
aclfile.write(newcontent)
return issues
def main(args=sys.argv[1:]):
parser = argparse.ArgumentParser()
parser.add_argument('project_config_repo')
parser.add_argument('governance_repo')
parser.add_argument(
'--patch',
default=False,
help='patch ACL files in project-config to fix violations',
action='store_true')
args = parser.parse_args(args)
# Load repo/aclfile mapping from Gerrit config
projectsyaml = os.path.join(args.project_config_repo,
'gerrit', 'projects.yaml')
acl = {}
config = yaml.load(open(projectsyaml))
for project in config:
aclfilename = project.get('acl-config')
if aclfilename:
(head, tail) = os.path.split(aclfilename)
acl[project['project']] = os.path.join(os.path.basename(head),
tail)
else:
acl[project['project']] = project['project'] + '.config'
aclbase = os.path.join(args.project_config_repo, 'gerrit', 'acls')
governanceyaml = os.path.join(args.governance_repo,
'reference', 'projects.yaml')
teams = yaml.load(open(governanceyaml))
for tname, team in teams.iteritems():
if is_a_team_exception(tname):
continue
for dname, deliverable in team['deliverables'].iteritems():
for repo in deliverable.get('repos'):
if not is_a_repo_exception(repo):
aclpath = os.path.join(aclbase, acl[repo])
if issues_in_acl(repo, aclpath, args.patch):
print('%s (%s) in %s' % (repo, tname, acl[repo]))
if __name__ == '__main__':
main()