Closed Bug 670781 Opened 13 years ago Closed 13 years ago

Ability to check branch commit permissions

Categories

(mozilla.org Graveyard :: Server Operations, task)

Product:
mozilla.org Graveyard
Component:
Server Operations
Platform:
x86
macOS
Type:
task
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mjessome, Assigned: nmeyerhans)

Details

We are looking for a way to automate the checking of commit permissions on specific branches.
From what has been explained to me, these permissions are stored solely on the Unix filesystem, so this request is to ask for some sort of access so that we can check those permissions. The thought that we've had is to simply ssh in and query the filesystem for group permissions.

bug 661629 gave us the ability to find who has certain levels of access, and now we need to know which levels of access correspond to which repositories.

Thanks
Assignee: server-ops → nmeyerhans
OS: Mac OS X → Linux
Is there any update available as to what can be done to resolve this? Thanks.
OS: Linux → Mac OS X
We're working on a pretty tight deadline for this because of Marc's internship duration so an eta on this would be great for us to plan with.  Thanks.
Severity: normal → major
So, my proposal would be to implement this as a simple CGI.  E.g.
http://hg.mozilla.org/repo-group?repo=/mozilla-central
which would return a text/plain response containing the group ownership for the given repository.  (e.g. scm_level_3)  This information is public and documented on the mozilla wiki, so I don't see any reason to restrict access to this interface (though I also wouldn't go out of my way to advertise it)

Does this work?  If so, it should be a pretty simple thing to implement, and I should be able to do it in the next day or so.
(In reply to comment #3)
> So, my proposal would be to implement this as a simple CGI.  E.g.
> http://hg.mozilla.org/repo-group?repo=/mozilla-central
> which would return a text/plain response containing the group ownership for
> the given repository.  (e.g. scm_level_3)  This information is public and
> documented on the mozilla wiki, so I don't see any reason to restrict access
> to this interface (though I also wouldn't go out of my way to advertise it)
> 
> Does this work?  If so, it should be a pretty simple thing to implement, and
> I should be able to do it in the next day or so.

This works very well for our purposes, thank you.
When doing this can we please have the urls match the repo location by relative path to hg.m.o?  You might have already been planning to do it this way but I just wanted to make sure.

eg:

mozilla-central
try
integration/mozilla-inbound
projects/jaegermonkey
Here's an example run:
$ curl -s http://hg.mozilla.org/repo-group?repo=/releases/mozilla-aurora
scm_level_3

The varnish cache that sits in front of hg.m.o will cache the results, which I don't think we really want, but this should only matter for short-lived repositories.  Other than that, have at it.
Perfect, and that caching issue, as you said, shouldn't be a problem for our uses at all.
I can't thank you enough Noah!
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.