9 Commits

Author SHA1 Message Date
Thierry Carrez
1ad0d5d6bd Update team exceptions in ACL issues script
Update the team exceptions section in the aclissues.py detection script
so that it reflects that ironic and Puppet OpenStack teams have been
exempted from strict release management rules, together with references
to the changes that introduced the exemptions in the first place.

With this change, the aclissues.py script no longer reports false
negatives in ACLs for deliverables from those teams.

Change-Id: I63dddeb04dec129cbc1fffd9c638a1f35708aafb
2024-05-17 11:19:22 +02:00
Thierry Carrez
ef806a0d71 Ignore ironic deliverables in ACL checks
Ironic team has several exception rules in their deliverables ACLs, in
order to be able to tag bugfixes releases amongst other things. This
change adds the Ironic team to the exception list (and removes the
Infrastructure team exception since they are no longer listed in the
governance file).

Change-Id: I33e3ecf66c66faac3e65fc8d07bdf2a6cdc022ac
2023-10-30 14:38:19 +01:00
Sean McGinnis
08cd1fb33c
Switch to PyYaml safe_load
The load() call from PyYaml is considered a higher security risk in that
it uses the FullLoader. safe_loade() is considered more safe by using
the SafeLoader instead.

Since the 5.1 release of PyYaml added warning output when using load(),
this switches over to safe_load() to avoid the unnecessary noise.

Change-Id: I1949deed094822d2c2c56659eadb1fc5ea6a59e5
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
2020-07-27 16:18:19 -05:00
Sean McGinnis
44d6736a5e
Be explicit about python3 executable
Per best practices, explicitly use the python3 executable rather than
assuming the platform with have a "python" executable that maps to
python3.

https://www.python.org/dev/peps/pep-0394/

Change-Id: I39b8a1013a891f4570f374d8faa3cfa2ecaf3347
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
2019-10-16 09:45:29 -05:00
Jean-Philippe Evrard
196c4f2df2 Use env python instead of /usr/bin/python
If running with tox venv, the python version (where all the
requirements are installed) might be different than /usr/bin/python.

We should use the one in the env.

Change-Id: Ic69282b289fefeafa5a63b6da284f44c4b3c4b15
2019-03-04 20:20:59 +01:00
Thierry Carrez
c1b2b78b07 Skip repos if not handled by release management
Leverage the newly-introduced 'release-management' key from
projects.yaml to skip repositories in deliverables that are
not handled by the release-management team.

No longer maintain a local list of repository exceptions.

Change-Id: I0e5eab7a2aeb3bd09acf7bf01356a9f664530b0f
2019-01-31 16:43:18 +01:00
Sean McGinnis
7cb17cc296
Fix py3 issues with aclissues script
This code was using the remove iteritems() call. Updated to just call
items() instead.

Change-Id: I29bff1a6a4e9be8e11d5411de227da0c3fa83447
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
2018-08-14 09:39:00 -05:00
Sean McGinnis
7f2ab71663 Remove Rally from aclfixer exceptions
ACLs are being updated for rally, so we can stop
including them as an exception for acl checks.

Depends-on: https://review.openstack.org/575130
Change-Id: I13abbf1e4d75afcc540d3e82904cbc0391154b4a
2018-06-29 14:13:11 +02:00
Thierry Carrez
fa30fbe25e Report ACL violations as issues by default
By default, the tool should report ACL violations rather than
fix them in place. Add a --patch option to explicitly ask to
fix the ACL files in place.

Rename tool to aclissues.py to better reflect what it does by
default (report issues instead of fixing them).

Change-Id: I04744746b6492a1f3ab0790ebb565235f292caf9
2018-06-27 18:29:47 +02:00