Add script for fixing missing admin permissions
Adds a util script to find and fix repositories in user namespaces that are missing admin permissions for the owning user. These admin permissions are required, but were missing in some cases. See: https://github.com/coreos-inc/quay/pull/2998
This commit is contained in:
Brad Ison
parent
846deb75fe
commit
87e55870b7
1 changed files with 70 additions and 0 deletions
70
util/fixuseradmin.py
Normal file
70
util/fixuseradmin.py
Normal file
|
|
@ -0,0 +1,70 @@
|
||||||
|
import argparse
|
||||||
|
import sys
|
||||||
|
|
||||||
|
from app import app
|
||||||
|
from data.database import Namespace, Repository, RepositoryPermission, Role
|
||||||
|
from data.model.permission import get_user_repo_permissions
|
||||||
|
from data.model.user import get_active_users, get_nonrobot_user
|
||||||
|
|
||||||
|
DESCRIPTION = '''
|
||||||
|
Fix user repositories missing admin permissions for owning user.
|
||||||
|
'''
|
||||||
|
|
||||||
|
parser = argparse.ArgumentParser(description=DESCRIPTION)
|
||||||
|
parser.add_argument('users', nargs='*', help='Users to check')
|
||||||
|
parser.add_argument('-a', '--all', action='store_true', help='Check all users')
|
||||||
|
parser.add_argument('-n', '--dry-run', action='store_true', help="Don't act")
|
||||||
|
|
||||||
|
ADMIN = Role.get(name='admin')
|
||||||
|
|
||||||
|
|
||||||
|
def repos_for_namespace(namespace):
|
||||||
|
return (Repository
|
||||||
|
.select(Repository.id, Repository.name, Namespace.username)
|
||||||
|
.join(Namespace)
|
||||||
|
.where(Namespace.username == namespace))
|
||||||
|
|
||||||
|
|
||||||
|
def has_admin(user, repo):
|
||||||
|
perms = get_user_repo_permissions(user, repo)
|
||||||
|
return any(p.role == ADMIN for p in perms)
|
||||||
|
|
||||||
|
|
||||||
|
def get_users(all_users=False, users_list=None):
|
||||||
|
if all_users:
|
||||||
|
return get_active_users(disabled=False)
|
||||||
|
|
||||||
|
return map(get_nonrobot_user, users_list)
|
||||||
|
|
||||||
|
|
||||||
|
def ensure_admin(user, repos, dry_run=False):
|
||||||
|
repos = [repo for repo in repos if not has_admin(user, repo)]
|
||||||
|
|
||||||
|
for repo in repos:
|
||||||
|
print('User {} missing admin on: {}'.format(user.username, repo.name))
|
||||||
|
|
||||||
|
if not dry_run:
|
||||||
|
RepositoryPermission.create(user=user, repository=repo, role=ADMIN)
|
||||||
|
print('Granted {} admin on: {}'.format(user.username, repo.name))
|
||||||
|
|
||||||
|
return len(repos)
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
args = parser.parse_args()
|
||||||
|
found = 0
|
||||||
|
|
||||||
|
if not args.all and len(args.users) == 0:
|
||||||
|
sys.exit('Need a list of users or --all')
|
||||||
|
|
||||||
|
for user in get_users(all_users=args.all, users_list=args.users):
|
||||||
|
if user is not None:
|
||||||
|
repos = repos_for_namespace(user.username)
|
||||||
|
found += ensure_admin(user, repos, dry_run=args.dry_run)
|
||||||
|
|
||||||
|
print('\nFound {} user repos missing admin'
|
||||||
|
' permissions for owner.'.format(found))
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
||||||
Reference in a new issue