Merge pull request #2784 from coreos-inc/update-disable-abuser-script

Update disable abuser script to support organizations

util/disableabuser.py

@@ -1,22 +1,20 @@
+import argparse
+
+from datetime import datetime
+
 from app import tf
 from data import model
 from data.model import db_transaction
 from data.database import QueueItem, Repository, RepositoryBuild, RepositoryBuildTrigger
 from data.queue import WorkQueue
-from datetime import datetime
 
-import argparse
+def ask_disable_namespace(username, queue_name):
-
+  user = model.user.get_namespace_user(username)
-def disable_abusing_user(username, queue_name):
-  if not username:
-    raise Exception('Must enter a username')
-
-  user = model.user.get_user(username)
   if user is None:
-    raise Exception('Unknown user %s' % username)
+    raise Exception('Unknown user or organization %s' % username)
 
   if not user.enabled:
-    print "NOTE: User %s is already disabled" % username
+    print "NOTE: Namespace %s is already disabled" % username
 
   queue_prefix = '%s/%s/%%' % (queue_name, username)
   existing_queue_item_count = (QueueItem
@@ -33,7 +31,10 @@ def disable_abusing_user(username, queue_name):
                               .where(Repository.namespace_user == user)
                               .count())
 
-  print "Using queue namespace %s" % queue_name
+  print "============================================="
+  print "For namespace %s" % username
+  print "============================================="
+
   print "User %s has email address %s" % (username, user.email)
   print "User %s has %s queued builds in their namespace" % (username, existing_queue_item_count)
   print "User %s has %s build triggers in their namespace" % (username, repository_trigger_count)
@@ -44,7 +45,10 @@ def disable_abusing_user(username, queue_name):
     print "Action canceled"
     return
 
-  # Disable the user.
+  print "============================================="
+
+  triggers = []
+  count_removed = 0
   with db_transaction():
     user.enabled = False
     user.save()
@@ -74,13 +78,28 @@ def disable_abusing_user(username, queue_name):
       dockerfile_build_queue = WorkQueue(queue_name, tf, has_namespace=True)
       count_removed = dockerfile_build_queue.delete_namespaced_items(user.username)
 
-  info = (username, len(triggers), count_removed)
+  info = (user.username, len(triggers), count_removed)
-  print "User %s disabled, %s triggers deleted, %s queued builds removed" % info
+  print "Namespace %s disabled, %s triggers deleted, %s queued builds removed" % info
+  return user
+
+
+def disable_abusing_user(username, queue_name):
+  if not username:
+    raise Exception('Must enter a username')
+
+  # Disable the namespace itself.
+  user = ask_disable_namespace(username, queue_name)
+
+  # If an organization, ask if all team members should be disabled as well.
+  if user.organization:
+    members = model.organization.get_organization_member_set(user)
+    for membername in members:
+      ask_disable_namespace(membername, queue_name)
 
 
 parser = argparse.ArgumentParser(description='Disables a user abusing the build system')
 parser.add_argument('username', help='The username of the abuser')
 parser.add_argument('queuename', help='The name of the dockerfile build queue ' +
-                                      '(e.g. `dockerfilebuild` or `dockerfilebuildstaging`)')
+                    '(e.g. `dockerfilebuild` or `dockerfilebuildstaging`)')
 args = parser.parse_args()
 disable_abusing_user(args.username, args.queuename)