Update the team exceptions section in the aclissues.py detection script
so that it reflects that ironic and Puppet OpenStack teams have been
exempted from strict release management rules, together with references
to the changes that introduced the exemptions in the first place.
With this change, the aclissues.py script no longer reports false
negatives in ACLs for deliverables from those teams.
Change-Id: I63dddeb04dec129cbc1fffd9c638a1f35708aafb
Ironic team has several exception rules in their deliverables ACLs, in
order to be able to tag bugfixes releases amongst other things. This
change adds the Ironic team to the exception list (and removes the
Infrastructure team exception since they are no longer listed in the
governance file).
Change-Id: I33e3ecf66c66faac3e65fc8d07bdf2a6cdc022ac
The load() call from PyYaml is considered a higher security risk in that
it uses the FullLoader. safe_loade() is considered more safe by using
the SafeLoader instead.
Since the 5.1 release of PyYaml added warning output when using load(),
this switches over to safe_load() to avoid the unnecessary noise.
Change-Id: I1949deed094822d2c2c56659eadb1fc5ea6a59e5
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
Per best practices, explicitly use the python3 executable rather than
assuming the platform with have a "python" executable that maps to
python3.
https://www.python.org/dev/peps/pep-0394/
Change-Id: I39b8a1013a891f4570f374d8faa3cfa2ecaf3347
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
If running with tox venv, the python version (where all the
requirements are installed) might be different than /usr/bin/python.
We should use the one in the env.
Change-Id: Ic69282b289fefeafa5a63b6da284f44c4b3c4b15
Leverage the newly-introduced 'release-management' key from
projects.yaml to skip repositories in deliverables that are
not handled by the release-management team.
No longer maintain a local list of repository exceptions.
Change-Id: I0e5eab7a2aeb3bd09acf7bf01356a9f664530b0f
This code was using the remove iteritems() call. Updated to just call
items() instead.
Change-Id: I29bff1a6a4e9be8e11d5411de227da0c3fa83447
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
ACLs are being updated for rally, so we can stop
including them as an exception for acl checks.
Depends-on: https://review.openstack.org/575130
Change-Id: I13abbf1e4d75afcc540d3e82904cbc0391154b4a
By default, the tool should report ACL violations rather than
fix them in place. Add a --patch option to explicitly ask to
fix the ACL files in place.
Rename tool to aclissues.py to better reflect what it does by
default (report issues instead of fixing them).
Change-Id: I04744746b6492a1f3ab0790ebb565235f292caf9
