New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/build: give a few people access to delete TryBot-Result label, but not change it #21299

Open
bradfitz opened this Issue Aug 3, 2017 · 3 comments

Comments

Projects
None yet
3 participants
@bradfitz
Member

bradfitz commented Aug 3, 2017

Currently we have a Gerrit group called "trybot-result-changers":

https://go-review.googlesource.com/admin/groups/1025

The intent of that group is that some people can delete TryBot-Result on failed flakes and cause the trybots to re-run.

But the way we implemented that group is this ACL:

(in All-Projects project.config)

[access "refs/heads/*"]
...
        label-Run-TryBot = +0..+1 group approvers
        label-Run-TryBot = +0..+1 group may-start-trybots
        label-TryBot-Result = -1..+1 group trybot-result-changers

I think we want to use this instead:

https://gerrit-review.googlesource.com/Documentation/access-control.html#category_review_labels

For every configured label My-Name in the project, there is a corresponding permission label-My-Name with a range corresponding to the defined values. There is also a corresponding labelAs-My-Name permission that enables editing another user’s label.

We want some people to be able to delete the gopherbot's TryBot-Result label, but not set it themselves.

Is that possible?

Leaving for @andybons

@gopherbot gopherbot added this to the Unreleased milestone Aug 3, 2017

@gopherbot gopherbot added the Builders label Aug 3, 2017

@bradfitz

This comment has been minimized.

Member

bradfitz commented Aug 3, 2017

Btw, the harm in the current system is that the UI is cluttered now and it's too easy to accidentally "vote" on TryBot-Result instead of Run-TryBot:

screen shot 2017-08-03 at 1 38 48 pm

@bradfitz

This comment has been minimized.

Member

bradfitz commented Feb 14, 2018

Andy, did you see this earlier?

@andybons

This comment has been minimized.

Member

andybons commented Feb 14, 2018

I did not. Will take a look. Need to go through all my assigned bugs. 😬

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment