It is possible to make a tool account a maintainer of another tool account. Striker doesn't understand this. Compare:
Here's the backing LDAP data:
$ ldapsearch -xLLL cn=tools.quentinv57-tools dn: cn=tools.quentinv57-tools,ou=servicegroups,dc=wikimedia,dc=org objectClass: groupofnames objectClass: posixgroup objectClass: top member: uid=cyberpower678,ou=people,dc=wikimedia,dc=org member: uid=quentinv57,ou=people,dc=wikimedia,dc=org member: uid=jem,ou=people,dc=wikimedia,dc=org member: uid=tools.stewardbots,ou=people,ou=servicegroups,dc=wikimedia,dc=org cn: tools.quentinv57-tools gidNumber: 51559
I'm not exactly sure the best behavior here. At the unix shell if userA is a maintainer of toolA, and toolA is a maintainer of toolB then:
- userA can directly become toolA
- userA can not directly become toolB
- userA can become toolA and then as toolA become toolB
I'm not sure if this transitive membership of userA in toolB should mean that:
- userA is listed as a member of and given management rights for toolB, and/or
- Striker should show that toolA has "membership" in toolB.
Option 2 should certainly happen. Choosing option 1 only makes sense if OpenStackManager currently follows similar logic and lets userA add and remove maintainers from toolB.