fedora-infrastructure

Clone
Source Code
GIT

#9869 handle fedorabugs group membership in new account system
Closed: Fixed 2 years ago by abompard. Opened 3 years ago by kevin.

Closed: Fixed
Reopen Issue

In FAS2, we had:

roles/fas_server/templates/fas.cfg.j2:auto_approve_groups = 'packager:fedorabugs|qa:fedorabugs|security-team:fedorabugs|qa-beaker-user:qa-automation-shell|docs:fedorabugs|cla_fpca:cla_done|cla_redhat:cla_done|cla_dell:cla_done|cla_ibm:cla_done|cla_intel:cla_done'

auto_approve_groups meant if a user was added to a group, they would automatically be added to another one too.

We use this fedorabugs group to add permissions to users in bugzilla. This is of use to packagers, qa members, etc.

I think in ipa land we can just make fedorabugs contain packager/qa as a meta group or the like.

Metadata Update from @abompard:
- Issue tagged with: authentication
3 years ago

I have checked the UIs and it should work. I can make the change in the group membership, but it'll take a change to be reflected in Noggin: https://github.com/fedora-infra/noggin/pull/597
The other interfaces (ipsilon, sssd) should work as before.

Do you want me to do more cleanup? I could go through all the users in fedorabugs, and remove them as direct members of fedorabugs if they are members of one of the subgroups.

Do you want me to do more cleanup? I could go through all the users in fedorabugs, and remove them as direct members of fedorabugs if they are members of one of the subgroups.

That sounds like a good thing to do if it's not too hard.

Alright, I have written the script, but I should probably wait a couple days after release to run it, no?

I expect the move of the "packagers" group under "fedorabugs" to be pretty long, because IPA will have to set the memberOfIndirect attribute of all users in the packagers group. Probably hours, although I'll know more after I test it in staging.

Yeah, lets wait at least until tomorrow...

It's done. There are still quite a few users directly in fedorabugs, but none that are in the included groups.

I have not moved the cla_* groups since we don't use cla_done anymore anyway.

Metadata Update from @abompard:
- Issue priority set to: Waiting on Reporter (was: Waiting on Assignee)
2 years ago

I'll close this ticket, please reopen if it's not correct.

Metadata Update from @abompard:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
2 years ago

Login to comment on this ticket.

Metadata

medium-gain medium-trouble dev authentication

None
None
Waiting on Reporter
Boards 1
dev Status: Done
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.