Closed Bug 549873 Opened 14 years ago Closed 14 years ago

Update Hg permissions bits to work with new commit access policy

Categories

(mozilla.org Graveyard :: Server Operations, task)

Product:
mozilla.org Graveyard
Component:
Server Operations
Platform:
All
Other
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: gerv, Assigned: aravind)

References

Details

(Whiteboard: 04/22/2010 @ 7pm) 

My understanding is that the new commit access policy requires some changes to the Hg permissions bits. Here's my proposed migration plan that I sent to Aravind (comments welcome):

- Rename hg_mozilla to scm_level_1
- Create a new Hg permissions bit, scm_level_2
- Rename hg_mozsrc to scm_level_3
- Rename hg_l10n to scm_l10n

(This is because the current names are not really clear, and that
problem is exacerbated by the new level 2, which otherwise has no good
name.)

- Give scm_level_2 to everyone who currently has scm_level_1 but
  *not* scm_l10n.
- Give scm_level_2 to everyone who currently has scm_level_3. (This
  catches people like Axel and other l10n drivers.)
- Remove scm_level_2 from the short list of people that Gerv holds
  who were given level_1 access only during the interim period

(The result of this is that l10n committers are left at level 1 + l10n, and
everyone else gets level 2.)

- Change all trees except user trees, try server trees, incubator
  trees, l10n trees and scm_level_3 trees to require scm_level_2
- Change the xforms tree from scm_level_3 to scm_level_2
- Make sure the specific trees listed in the policy require scm_level_3

(This sets up the trees to be in the right place for the permissions
structure just established.)

Gerv
Can someone make this bug public? I forgot to uncheck the checkbox.

(One disadvantage of using the "itrequest" form...)

Gerv
Bug is public.
Group: infra
This also needs to be added to the page documentation so that the individuals operating on the requests will know which bits to ask for.
Marcia: sure. Let's wait for Aravind to approve it and implement it first :-)

Gerv
Assignee: server-ops → aravind
Hi Aravind: do you have an ETA for this? We are already using the new policy, so it would be very good if the technical implementation was well matched to the policy. At the moment, I'm having to keep a manual list of people whose permissions we'll need to fix up...

Gerv
I will have to cut off access to the repos while I fix permissions and muck with ldap perms for users etc.  I can work on this tomorrow (during the maintenance window 7:00 to 10:00 PM PDT).  I think this will mean shutting down build trees etc.  Copying build folks to see if its okay.
Flags: needs-downtime+
Whiteboard: 04/22/2010 @ 7pm
Filed bug 561147 to update the auth logic on the l10n stage server for the new group name.
Blocks: 561147
Okay, I am all done with my changes.  Gerv send me that list of users that I should yank level_2 from?
Aravind: awesome! The list is:

jseward@mozilla.com (or is it jseward@acm.org?) - bug 548595
cleary@mozilla.com (or is it cdleary@mozilla.com?) - bug 548096

Gerv
Removed level_2 access from their accounts.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.