The default bug view has changed. See this FAQ.

Update Hg permissions bits to work with new commit access policy

RESOLVED FIXED

Status

mozilla.org Graveyard
Server Operations
RESOLVED FIXED
7 years ago
2 years ago

People

(Reporter: gerv, Assigned: aravind)

Tracking

Bug Flags:
needs-downtime +

Details

(Whiteboard: 04/22/2010 @ 7pm)

(Reporter)

Description

7 years ago
My understanding is that the new commit access policy requires some changes to the Hg permissions bits. Here's my proposed migration plan that I sent to Aravind (comments welcome):

- Rename hg_mozilla to scm_level_1
- Create a new Hg permissions bit, scm_level_2
- Rename hg_mozsrc to scm_level_3
- Rename hg_l10n to scm_l10n

(This is because the current names are not really clear, and that
problem is exacerbated by the new level 2, which otherwise has no good
name.)

- Give scm_level_2 to everyone who currently has scm_level_1 but
  *not* scm_l10n.
- Give scm_level_2 to everyone who currently has scm_level_3. (This
  catches people like Axel and other l10n drivers.)
- Remove scm_level_2 from the short list of people that Gerv holds
  who were given level_1 access only during the interim period

(The result of this is that l10n committers are left at level 1 + l10n, and
everyone else gets level 2.)

- Change all trees except user trees, try server trees, incubator
  trees, l10n trees and scm_level_3 trees to require scm_level_2
- Change the xforms tree from scm_level_3 to scm_level_2
- Make sure the specific trees listed in the policy require scm_level_3

(This sets up the trees to be in the right place for the permissions
structure just established.)

Gerv
(Reporter)

Comment 1

7 years ago
Can someone make this bug public? I forgot to uncheck the checkbox.

(One disadvantage of using the "itrequest" form...)

Gerv
Bug is public.
Group: infra
This also needs to be added to the page documentation so that the individuals operating on the requests will know which bits to ask for.
(Reporter)

Comment 4

7 years ago
Marcia: sure. Let's wait for Aravind to approve it and implement it first :-)

Gerv

Updated

7 years ago
Assignee: server-ops → aravind
(Reporter)

Comment 5

7 years ago
Hi Aravind: do you have an ETA for this? We are already using the new policy, so it would be very good if the technical implementation was well matched to the policy. At the moment, I'm having to keep a manual list of people whose permissions we'll need to fix up...

Gerv
(Assignee)

Comment 6

7 years ago
I will have to cut off access to the repos while I fix permissions and muck with ldap perms for users etc.  I can work on this tomorrow (during the maintenance window 7:00 to 10:00 PM PDT).  I think this will mean shutting down build trees etc.  Copying build folks to see if its okay.
Flags: needs-downtime+

Updated

7 years ago
Whiteboard: 04/22/2010 @ 7pm

Comment 7

7 years ago
Filed bug 561147 to update the auth logic on the l10n stage server for the new group name.
Blocks: 561147
(Assignee)

Comment 8

7 years ago
Okay, I am all done with my changes.  Gerv send me that list of users that I should yank level_2 from?
(Reporter)

Comment 9

7 years ago
Aravind: awesome! The list is:

jseward@mozilla.com (or is it jseward@acm.org?) - bug 548595
cleary@mozilla.com (or is it cdleary@mozilla.com?) - bug 548096

Gerv
(Assignee)

Comment 10

7 years ago
Removed level_2 access from their accounts.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.