Closed Bug 1107692 Opened 10 years ago Closed 9 years ago

Code review required for Autoland LDAP group membership check

Categories

(Conduit Graveyard :: Transplant, defect)

Product:
Conduit Graveyard
Component:
Transplant
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: dminor, Unassigned)

References

Details

(Whiteboard: [autoland M2])

As part of the OpSec review for Autoland (Bug 1074197) an internal code review of the LDAP group memberbership check was recommended. This is the portion of the code that ensures that the committer is a member of the appropriate scm_level group to be able to commit code to the target tree. The most relevant portions of the code are [1] where the committer is extracted from a pulse message, [2] where the group check is performed, and [3] which is the code which communicates with the ldap server. Feedback on other portions of the code is of course welcome. [1] https://github.com/dminor/autoland/blob/master/autoland/autoland_pulse.py#L61 [2] https://github.com/dminor/autoland/blob/master/autoland/autoland.py#L215 [3] https://github.com/dminor/autoland/blob/master/autoland/mozilla_ldap.py
Moving this to Milestone 2. I'm in the middle of some refactoring work to support the mozreview -> try workflow, there is no point in doing a code review until that is further along. Since both mozreview and try require scm_level_1, we should not need to do a check for that case. When we support landing to inbound, this will be important again.
Whiteboard: [autoland M1] → [autoland M2]
Bug 1160517 added LDAP checks to Mozreview so there is no longer a need to do these in Autoland unless we start to support non-Mozreview workflows.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
Product: Tree Management → MozReview
Product: MozReview → Conduit
Product: Conduit → Conduit Graveyard
You need to log in before you can comment on or make changes to this bug.