-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Peribolos skip team repo if permissions invalid #14677
Peribolos skip team repo if permissions invalid #14677
Conversation
Hi @adshmh. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: adshmh The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
prow/cmd/peribolos/main.go
Outdated
// nothing to do | ||
continue | ||
if havePermission, haveRepo := have[wantRepo]; haveRepo { | ||
if havePermission == github.None { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure I like the skip behaviour here, or if this even does what's expected.
In this, we are specifying we want a certain permissions level (wantPermission
) but in certain cases we can't do it. And none doesn't just mean "unparsable", it also means "no access".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the review. Since the 'have' items come from GitHub teams API, I thought only repos on which the team has some level of access will be listed, therefore 'none' in the above (should?) only refer to 'unparsable' case, otherwise the repo would not have been listed at all. Does that seem incorrect?
That line is an attempt to avoid updating permission levels according to 'want', if the existing permission, i.e. 'have', cannot be understood (as would be with 'Maintain' and 'Triage' levels).
Regarding the skip behaviour, do you mean it is preferable to just fail updating the team, rather than skipping the updating of its permission level on a repo?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think what we should do is we should not put those teams into the have
bucket at all, just ignore that they were sent to us from the API with none
at all
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that's probably the best plan, because if we have a specified access, then we hammer it.. but if it's omitted, we don't do anything.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah spoke on Slack and not returning items in ListRepoTeams()
when they have none
is the best approach since in the normal V3 API that is not possible anyway
GitHub client's ListTeamRepos now ignores any repos with an invalid permission level, i.e. 'none', for the team. This allows Peribolos to avoid listing repos with permissions it cannot parse, e.g. 'Maintain' and 'Triage' that are not currently exposed by the GitHub API V3. Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com>
e0656d8
to
dda1839
Compare
/ok-to-test |
/assign @stevekuznetsov @cblecker |
@@ -2613,7 +2613,11 @@ func (c *client) ListTeamRepos(id int) ([]Repo, error) { | |||
return &[]Repo{} | |||
}, | |||
func(obj interface{}) { | |||
repos = append(repos, *(obj.(*[]Repo))...) | |||
for _, repo := range *obj.(*[]Repo) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This piece of logic needs a code comment explaining why we are doing this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the review, and sorry I missed this bit that was pending me. I could not reopen the PR, so I will create a new one.
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@adshmh: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@fejta-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/reopen |
@adshmh: Failed to re-open PR: state cannot be changed. The 14325-Peribolos-new-github-team-repo-permissions branch was force-pushed or recreated. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
See #14325
Peribolos will now skip updating a repo for a team if the
existing permission level for the team on the repo is 'none'.
This is to avoid overwriting any of the team's repos if the existing
permission level cannot be parsed, e.g. with new 'Triage' and 'Maintain'
levels not yet exposed by GitHub API v3.
Signed-off-by: Arash Deshmeh adeshmeh@ca.ibm.com