Alexandros Kosiaris has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/401492 )
Change subject: Add all ops members to docker group
......................................................................
Add all ops members to docker group
Use the *ops_members anchor to add all ops people to the docker group.
The puppet parser function being the primary user of this data struct
is already doing a flatten(2) so the inclusion of a nested array as is
should not cause any problems.
Amend the various utilities in the admin module that are reimplementing
the parsing for their own distinct purposes to also flatten the array
Change-Id: I2e9d6c51bd1d4969c047e076c5949b95f60d061c
---
M modules/admin/data/data.yaml
M modules/admin/data/matrix.py
M modules/admin/data/nda_audit.py
M modules/admin/files/GenSysadminTable.py
M modules/openldap/files/cross-validate-accounts.py
5 files changed, 85 insertions(+), 6 deletions(-)
Approvals:
Alexandros Kosiaris: Verified; Looks good to me, approved
diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml
index f028283..0760df1 100644
--- a/modules/admin/data/data.yaml
+++ b/modules/admin/data/data.yaml
@@ -649,7 +649,7 @@
# Allow this for CI users. There is no gid on purpose, to allow reusing
the package provided one
posix_name: docker # Use posix_name to avoid potential conflicts with
other uses of the docker group
description: Allow releng team to be in the docker group for contint. No
gid on purpose
- members: [akosiaris, dduvall, demon, gjg, hashar, thcipriani,
twentyafterfour, zfilipin]
+ members: [*ops_members, dduvall, demon, gjg, hashar, thcipriani,
twentyafterfour, zfilipin]
users:
rush:
diff --git a/modules/admin/data/matrix.py b/modules/admin/data/matrix.py
index 7282092..b0a3810 100755
--- a/modules/admin/data/matrix.py
+++ b/modules/admin/data/matrix.py
@@ -25,6 +25,26 @@
import yaml
+
+def flatten(l, a=None):
+ '''
+ Flatten a list recursively. Make sure to only flatten list elements, which
+ is a problem with itertools.chain which also flattens strings. a defaults
+ to None instead of the empty list to avoid issues with Copy by reference
+ which is the default in python
+ '''
+
+ if a is None:
+ a = []
+
+ for i in l:
+ if isinstance(i, list):
+ flatten(i, a)
+ else:
+ a.append(i)
+ return a
+
+
parser = argparse.ArgumentParser(
description="Utility to generate a matrix of production users and their
groups",
)
@@ -66,7 +86,7 @@
for group_name in sorted(groups.keys()):
group = groups[group_name]
- group_members = set(group['members'])
+ group_members = set(flatten(group['members']))
if set(users).isdisjoint(group_members):
continue
diff --git a/modules/admin/data/nda_audit.py b/modules/admin/data/nda_audit.py
index 58c0ea5..c9b0701 100644
--- a/modules/admin/data/nda_audit.py
+++ b/modules/admin/data/nda_audit.py
@@ -15,6 +15,25 @@
import csv
+def flatten(l, a=None):
+ '''
+ Flatten a list recursively. Make sure to only flatten list elements, which
+ is a problem with itertools.chain which also flattens strings. a defaults
+ to None instead of the empty list to avoid issues with Copy by reference
+ which is the default in python
+ '''
+
+ if a is None:
+ a = []
+
+ for i in l:
+ if isinstance(i, list):
+ flatten(i, a)
+ else:
+ a.append(i)
+ return a
+
+
def extract_from_yaml():
data = open('data.yaml', 'r')
admins = yaml.safe_load(data)
@@ -27,7 +46,7 @@
groups = []
for group, groupdata in admins['groups'].items():
- if username in groupdata['members']:
+ if username in flatten(groupdata['members']):
groups.append(group)
users[username] = {
diff --git a/modules/admin/files/GenSysadminTable.py
b/modules/admin/files/GenSysadminTable.py
index e24fd3a..ebc295f 100644
--- a/modules/admin/files/GenSysadminTable.py
+++ b/modules/admin/files/GenSysadminTable.py
@@ -2,6 +2,7 @@
# https://meta.wikimedia.org/wiki/System_administrators#List
# Alex Monk, April 2015
+
from __future__ import print_function
from bs4 import BeautifulSoup
import json
@@ -11,6 +12,26 @@
from urllib import request as urllib
except:
import urllib2 as urllib
+
+
+def flatten(l, a=None):
+ '''
+ Flatten a list recursively. Make sure to only flatten list elements, which
+ is a problem with itertools.chain which also flattens strings. a defaults
+ to None instead of the empty list to avoid issues with Copy by reference
+ which is the default in python
+ '''
+
+ if a is None:
+ a = []
+
+ for i in l:
+ if isinstance(i, list):
+ flatten(i, a)
+ else:
+ a.append(i)
+ return a
+
parsoidUrl = "https://meta.wikimedia.org/api/rest_v1"; + \
"/page/html/System_administrators"
@@ -33,7 +54,7 @@
groups = {}
for groupName, groupData in d['groups'].items():
- groups[groupName] = groupData['members']
+ groups[groupName] = flatten(groupData['members'])
sysadmins = groups['ops'] + groups['deployment'] + groups['restricted']
diff --git a/modules/openldap/files/cross-validate-accounts.py
b/modules/openldap/files/cross-validate-accounts.py
index a54a87f..6d38b2f 100644
--- a/modules/openldap/files/cross-validate-accounts.py
+++ b/modules/openldap/files/cross-validate-accounts.py
@@ -13,6 +13,25 @@
import sys
+def flatten(l, a=None):
+ '''
+ Flatten a list recursively. Make sure to only flatten list elements, which
+ is a problem with itertools.chain which also flattens strings. a defaults
+ to None instead of the empty list to avoid issues with Copy by reference
+ which is the default in python
+ '''
+
+ if a is None:
+ a = []
+
+ for i in l:
+ if isinstance(i, list):
+ flatten(i, a)
+ else:
+ a.append(i)
+ return a
+
+
def get_ldap_group_members(group_name):
ldap_conn = ldap.initialize('ldaps://ldap-labs.eqiad.wikimedia.org:636')
ldap_conn.protocol_version = ldap.VERSION3
@@ -71,7 +90,7 @@
groups = []
for group, groupdata in yamldata['groups'].items():
- if username in groupdata['members']:
+ if username in flatten(groupdata['members']):
groups.append(group)
if table == 'users':
@@ -169,7 +188,7 @@
for group, groupdata in yamldata['groups'].items():
if group == "absent" or group == "absent_ldap":
continue
- for member in groupdata['members']:
+ for member in flatten(groupdata['members']):
if member not in known_users:
log += "Group " + group + " has a member not specified in the
users section: "
log += member + "\n"
--
To view, visit https://gerrit.wikimedia.org/r/401492
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I2e9d6c51bd1d4969c047e076c5949b95f60d061c
Gerrit-PatchSet: 6
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Alex Monk <kren...@gmail.com>
Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
