From e00437c2273af5717f6163173a52f2249cc55cf0 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Thu, 13 Jul 2017 12:24:20 +0300 Subject: [PATCH] Add support for disabling an entire namespace, including its team members --- util/disableabuser.py | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/util/disableabuser.py b/util/disableabuser.py index 770300e9a..36b6933e1 100644 --- a/util/disableabuser.py +++ b/util/disableabuser.py @@ -1,16 +1,14 @@ +import argparse + +from datetime import datetime + from app import tf from data import model from data.model import db_transaction from data.database import QueueItem, Repository, RepositoryBuild, RepositoryBuildTrigger from data.queue import WorkQueue -from datetime import datetime - -import argparse - -def disable_abusing_user(username, queue_name): - if not username: - raise Exception('Must enter a username') +def ask_disable_namespace(username, queue_name): user = model.user.get_namespace_user(username) if user is None: raise Exception('Unknown user or organization %s' % username) @@ -33,7 +31,10 @@ def disable_abusing_user(username, queue_name): .where(Repository.namespace_user == user) .count()) - print "Using queue namespace %s" % queue_name + print "=============================================" + print "For namespace %s" % username + print "=============================================" + print "User %s has email address %s" % (username, user.email) print "User %s has %s queued builds in their namespace" % (username, existing_queue_item_count) print "User %s has %s build triggers in their namespace" % (username, repository_trigger_count) @@ -44,8 +45,10 @@ def disable_abusing_user(username, queue_name): print "Action canceled" return - # Disable the user. + print "=============================================" + triggers = [] + count_removed = 0 with db_transaction(): user.enabled = False user.save() @@ -75,13 +78,28 @@ def disable_abusing_user(username, queue_name): dockerfile_build_queue = WorkQueue(queue_name, tf, has_namespace=True) count_removed = dockerfile_build_queue.delete_namespaced_items(user.username) - info = (username, len(triggers), count_removed) + info = (user.username, len(triggers), count_removed) print "Namespace %s disabled, %s triggers deleted, %s queued builds removed" % info + return user + + +def disable_abusing_user(username, queue_name): + if not username: + raise Exception('Must enter a username') + + # Disable the namespace itself. + user = ask_disable_namespace(username, queue_name) + + # If an organization, ask if all team members should be disabled as well. + if user.organization: + members = model.organization.get_organization_member_set(user) + for membername in members: + ask_disable_namespace(membername, queue_name) parser = argparse.ArgumentParser(description='Disables a user abusing the build system') parser.add_argument('username', help='The username of the abuser') parser.add_argument('queuename', help='The name of the dockerfile build queue ' + - '(e.g. `dockerfilebuild` or `dockerfilebuildstaging`)') + '(e.g. `dockerfilebuild` or `dockerfilebuildstaging`)') args = parser.parse_args() disable_abusing_user(args.username, args.queuename)