org icon indicating copy to clipboard operation
org copied to clipboard
verified publisher icon kubernetes

Use peribolos to manage team repo permissions

Open spiffxp opened this issue 5 years ago • 12 comments

Peribolos supports defining which repos a given team should have which level of access to (ref: https://github.com/kubernetes/test-infra/tree/master/prow/cmd/peribolos#org-configuration)

Currently this is all done manually. I think it would reduce our toil and make team permission changes more auditable if we drove this through our config files.

Some things to consider:

  • the config looks like it only supports in-org assignments, do we need to support out-of-org assignments?
  • we might want to consider adding a restrictions model to peribolos (similar to slack-infra), so that e.g. a team in a sub-folder can't arbitrarily give themselves kubernetes/kubernetes admin access

spiffxp avatar Jan 28 '21 16:01 spiffxp

/assign

nikhita avatar Apr 03 '21 20:04 nikhita

the config looks like it only supports in-org assignments, do we need to support out-of-org assignments?

Since GitHub teams are scoped to an org, I think it should be fine to just support in-org assignments.

we might want to consider adding a restrictions model to peribolos (similar to slack-infra), so that e.g. a team in a sub-folder can't arbitrarily give themselves kubernetes/kubernetes admin access

Created https://github.com/kubernetes/org/pull/2614

nikhita avatar Apr 04 '21 10:04 nikhita

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale

fejta-bot avatar Jul 05 '21 03:07 fejta-bot

/remove-lifecycle stale

nikhita avatar Jul 05 '21 10:07 nikhita

This is a test comment to confirm that k8s-triage-robot can comment on issues

k8s-triage-robot avatar Jul 23 '21 03:07 k8s-triage-robot

/milestone v1.23 My read of https://github.com/kubernetes/org/pull/2614 is we need to consider putting in something akin to the restrictions we use for kubernetes-sigs/slack-infra and kubernetes/k8s.io/groups before we want to move forward with this

spiffxp avatar Aug 17 '21 19:08 spiffxp

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Nov 15 '21 19:11 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Dec 15 '21 20:12 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue or PR with /reopen
  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

k8s-triage-robot avatar Jan 14 '22 20:01 k8s-triage-robot

@k8s-triage-robot: Closing this issue.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue or PR with /reopen
  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Jan 14 '22 20:01 k8s-ci-robot

/reopen /lifecycle frozen

ameukam avatar Jan 14 '22 20:01 ameukam

@ameukam: Reopened this issue.

In response to this:

/reopen /lifecycle frozen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Jan 14 '22 20:01 k8s-ci-robot