Closed Bug 1433595 Opened 7 years ago Closed 7 years ago

restrict wptsync user to mozilla-inbound

Categories

(Developer Services :: General, task)

Product:
Developer Services
Component:
General
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: impossibus, Assigned: impossibus)

References

Details

Attachments

(1 file)

hghooks: restrict wptsync@mozilla.com to pushing to mozilla-inbound only (bug 1433595);
59 bytes, text/x-review-board-request
gps
: review+
Details
Comment on attachment 8945975 [details] hghooks: restrict wptsync@mozilla.com to pushing to mozilla-inbound only (bug 1433595); https://reviewboard.mozilla.org/r/216036/#review221840 ::: hghooks/mozhghooks/check/prevent_wptsync_changes.py:54 (Diff revision 1) > pass > > def check(self, ctx): > success = True > if os.environ['USER'] == 'wptsync@mozilla.com': > + if self.repo_metadata['path'] == "integration/mozilla-inbound": This is my guess at how to detect mozilla-inbound. Is that right?
Comment on attachment 8945975 [details] hghooks: restrict wptsync@mozilla.com to pushing to mozilla-inbound only (bug 1433595); https://reviewboard.mozilla.org/r/216036/#review222070 This is mostly good. But it needs a tweak and an additional test case to properly restrict permissions. ::: hghooks/mozhghooks/check/prevent_wptsync_changes.py:45 (Diff revision 1) > def relevant(self): > return self.repo_metadata['firefox_releasing'] We'll want to change this to `return True` so the hook runs on all repos. Or change it to `return os.environ['USER'] == 'wptsync@mozilla.com'` so the body of the hook only runs if the current user is the one whose permissions we care about. By leaving this the way it is, the hook won't run on level 3 repos that aren't releasing Firefox repos. That will result in permissions not being restricted. This also means we should have a test case showing that pushing to a non-Firefox repo is denied.
Attachment #8945975 - Flags: review?(gps) → review-
Comment on attachment 8945975 [details] hghooks: restrict wptsync@mozilla.com to pushing to mozilla-inbound only (bug 1433595); https://reviewboard.mozilla.org/r/216036/#review222548 Looks good!
Attachment #8945975 - Flags: review?(gps) → review+
Pushed by gszorc@mozilla.com: https://hg.mozilla.org/hgcustom/version-control-tools/rev/ae84ef90223b hghooks: restrict wptsync@mozilla.com to pushing to mozilla-inbound only ; r=gps
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: