Muehlenhoff has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/339461 )
Change subject: Fix absent check for users which formerly only had LDAP access ...................................................................... Fix absent check for users which formerly only had LDAP access Change-Id: I7c2213796c9da133d24c736f70ef6499cda1d256 --- M modules/admin/data/data.yaml M modules/openldap/files/cross-validate-accounts.py 2 files changed, 7 insertions(+), 3 deletions(-) Approvals: Muehlenhoff: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml index 819375a..391cf09 100644 --- a/modules/admin/data/data.yaml +++ b/modules/admin/data/data.yaml @@ -1,6 +1,6 @@ groups: absent: - description: meta group for absented users + description: meta group for absented users with previous cluster shell access members: [ananthrk, avar, bsitu, cmcmahon, csalvia, diederik, edenhill, erik, gage, handrade, howief, jdouglas, jgonera, jsahleen, mah, maryana, mglaser, mvolz, mwalker, nimishg, rainman, ssmith, swalling, sumanah, werdna, rmoen, @@ -8,6 +8,9 @@ manybubbles, haithams, jzerebecki, ashwinpp, ironholds, robla, asherman, laner, declerambaul, srijan, junikowski, krenair, springle, jhobs, vbaranetsky, yurik, bsimmers, bcohn, hjiang] + absent_ldap: + description: meta group for absented users which had privileged LDAP access in the past + members: [siddharth11] wikidev: gid: 500 description: container group for primary user groups. diff --git a/modules/openldap/files/cross-validate-accounts.py b/modules/openldap/files/cross-validate-accounts.py index 5ffb1f8..0dc93d9 100644 --- a/modules/openldap/files/cross-validate-accounts.py +++ b/modules/openldap/files/cross-validate-accounts.py @@ -52,11 +52,12 @@ def validate_absented_users(yamldata): log = "" absented_users = yamldata['groups']['absent']['members'] + absented_users += yamldata['groups']['absent_ldap']['members'] for table in ['users', 'ldap_only_users']: for username, userdata in yamldata[table].items(): if userdata['ensure'] == 'absent': if username not in absented_users: - log += username + " is absent, but missing in absent group\n" + log += username + " is absent, but missing in absent groups\n" return log @@ -148,7 +149,7 @@ def validate_all_yaml_group_members_are_defined(known_users, yamldata): log = "" for group, groupdata in yamldata['groups'].items(): - if group == "absent": + if group == "absent" or group == "absent_ldap": continue for member in groupdata['members']: if member not in known_users: -- To view, visit https://gerrit.wikimedia.org/r/339461 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I7c2213796c9da133d24c736f70ef6499cda1d256 Gerrit-PatchSet: 4 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org> Gerrit-Reviewer: Alex Monk <kren...@gmail.com> Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org> Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org> Gerrit-Reviewer: Volans <rcocci...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits