Last Comment Bug 549873 - Update Hg permissions bits to work with new commit access policy
: Update Hg permissions bits to work with new commit access policy
Status: RESOLVED FIXED
04/22/2010 @ 7pm
:
Product: mozilla.org Graveyard
Classification: Graveyard
Component: Server Operations (show other bugs)
: other
: All Other
: -- normal (vote)
: ---
Assigned To: Aravind Gottipati [:aravind]
: matthew zeier [:mrz]
:
Mentors:
Depends on:
Blocks: 561147
  Show dependency treegraph
 
Reported: 2010-03-03 03:01 PST by Gervase Markham [:gerv]
Modified: 2015-03-12 08:17 PDT (History)
10 users (show)
aravind: needs‑downtime+
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments

Description Gervase Markham [:gerv] 2010-03-03 03:01:41 PST
My understanding is that the new commit access policy requires some changes to the Hg permissions bits. Here's my proposed migration plan that I sent to Aravind (comments welcome):

- Rename hg_mozilla to scm_level_1
- Create a new Hg permissions bit, scm_level_2
- Rename hg_mozsrc to scm_level_3
- Rename hg_l10n to scm_l10n

(This is because the current names are not really clear, and that
problem is exacerbated by the new level 2, which otherwise has no good
name.)

- Give scm_level_2 to everyone who currently has scm_level_1 but
  *not* scm_l10n.
- Give scm_level_2 to everyone who currently has scm_level_3. (This
  catches people like Axel and other l10n drivers.)
- Remove scm_level_2 from the short list of people that Gerv holds
  who were given level_1 access only during the interim period

(The result of this is that l10n committers are left at level 1 + l10n, and
everyone else gets level 2.)

- Change all trees except user trees, try server trees, incubator
  trees, l10n trees and scm_level_3 trees to require scm_level_2
- Change the xforms tree from scm_level_3 to scm_level_2
- Make sure the specific trees listed in the policy require scm_level_3

(This sets up the trees to be in the right place for the permissions
structure just established.)

Gerv
Comment 1 Gervase Markham [:gerv] 2010-03-03 03:02:47 PST
Can someone make this bug public? I forgot to uncheck the checkbox.

(One disadvantage of using the "itrequest" form...)

Gerv
Comment 2 Shyam Mani [:fox2mike] 2010-03-03 03:05:21 PST
Bug is public.
Comment 3 Marcia Knous [:marcia - use ni] 2010-03-03 17:28:39 PST
This also needs to be added to the page documentation so that the individuals operating on the requests will know which bits to ask for.
Comment 4 Gervase Markham [:gerv] 2010-03-04 01:29:46 PST
Marcia: sure. Let's wait for Aravind to approve it and implement it first :-)

Gerv
Comment 5 Gervase Markham [:gerv] 2010-04-19 08:09:29 PDT
Hi Aravind: do you have an ETA for this? We are already using the new policy, so it would be very good if the technical implementation was well matched to the policy. At the moment, I'm having to keep a manual list of people whose permissions we'll need to fix up...

Gerv
Comment 6 Aravind Gottipati [:aravind] 2010-04-19 15:10:33 PDT
I will have to cut off access to the repos while I fix permissions and muck with ldap perms for users etc.  I can work on this tomorrow (during the maintenance window 7:00 to 10:00 PM PDT).  I think this will mean shutting down build trees etc.  Copying build folks to see if its okay.
Comment 7 Axel Hecht [:Pike] 2010-04-22 11:19:50 PDT
Filed bug 561147 to update the auth logic on the l10n stage server for the new group name.
Comment 8 Aravind Gottipati [:aravind] 2010-04-22 19:58:01 PDT
Okay, I am all done with my changes.  Gerv send me that list of users that I should yank level_2 from?
Comment 9 Gervase Markham [:gerv] 2010-04-23 02:13:02 PDT
Aravind: awesome! The list is:

jseward@mozilla.com (or is it jseward@acm.org?) - bug 548595
cleary@mozilla.com (or is it cdleary@mozilla.com?) - bug 548096

Gerv
Comment 10 Aravind Gottipati [:aravind] 2010-04-23 07:25:04 PDT
Removed level_2 access from their accounts.

Note You need to log in before you can comment on or make changes to this bug.