-
Notifications
You must be signed in to change notification settings - Fork 839
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
groups: allow restricting creation of new groups in sub-directories #2401
Conversation
From #460 (comment):
FYI I haven't added the |
This commit allows restricting creation of new groups in sub-directories by specifying the restrictions in a config file called `restrictions.yaml`. It follows a similar model to the one we use in slack-infra today: https://github.com/kubernetes/community/blob/master/communication/slack-config/restrictions.yaml This is done to ensure that approvers in groups/sig-foo/OWNERS don't accidentally create random official-sounding groups without sufficient review/oversight. After this commit: - Creation of new groups will require changes to `restrictions.yaml` and will require approval from groups/OWNERS. - Updates to existing groups can be approved by groups/sig-foo/OWNERS, if appropriate restrictions are specified in `restrictions.yaml`.
dde5dc8
to
9e3bb6c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
/lgtm
Thank you so much!
I don't have my paranoia engine spun up enough to decide if we want to add something like disallowed members so I'll save that for followup on whether we're comfortable enough to add approvers to subdirs
/hold cancel |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: nikhita, spiffxp The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This isn't quite working as expected. Will take a look in hopefully an hour
|
Took longer for me to get back here, and somehow it was just now that I realized how untested this thing is. It's a pile of funcs. #2413 will get us back up and running I'll have another PR that includes other stuff I did along the way to find that, but let's get back to green first |
For #460 (comment)
This PR allows restricting creation of new groups in sub-directories
by specifying the restrictions in a config file called
restrictions.yaml
.It follows a similar model to the one we use in slack-infra today:
https://github.com/kubernetes/community/blob/master/communication/slack-config/restrictions.yaml
This is done to ensure that approvers in groups/sig-foo/OWNERS don't
accidentally create random official-sounding groups without sufficient review/oversight.
After this PR:
restrictions.yaml
andwill require approval from groups/OWNERS.
if appropriate restrictions are specified in
restrictions.yaml
.If a new group is specified in a sub-directory but
restrictions.yaml
is not updated, an error will be displayed:/assign @spiffxp