Page MenuHomePhabricator

Diffusion repositories created via Striker may not have proper ACLs
Open, Needs TriagePublic

Description

Hello,

When creating a new Diffusion repository (tool-signature-manquante-bot) from the ToolAdmin, I had an error 500 and it created the repo without granting me access to it.

@bd808 told me : "This is either because you had not linked your Phabricator account with your LDAP account before you created the repository or there is some regression bug in repository creation."

I have checked this page and all my accounts are linked...

Also, I have tried again with tool-editcount-fr after checking the accounts were linked and it got me the same result.

Best,

Brclz

Screenshot-500Error.png (559×1 px, 60 KB)

Event Timeline

thanks for the bug report @Brclz. I'll see if I can find the error in the logs so we can fix it.

I do see in the backing database for striker that the LDAP username Brclz (shellname: brclz) is associated with the phabricator account @Brclz.

Logged errors are:

2017-08-03T14:01:13Z [471712b340e541949ba6663a87ed426d] striker.phabricator WARNING: Unknown or missing ldap names: Brclz
2017-08-03T14:10:52Z [9c4bf69088504f5795e457c8e08fbb8f] striker.phabricator WARNING: Unknown or missing ldap names: Brclz
2017-08-03T16:20:07Z [a3c91d357cb047abb25ae1113a430dd1] django.request ERROR: Internal Server Error: /tools/id/editcount-fr/repos/create
Traceback (most recent call last):
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/django/core/handlers/base.py", line 132, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/django/contrib/auth/decorators.py", line 22, in _wrapped_view
    return view_func(request, *args, **kwargs)
  File "./striker/tools/views.py", line 82, in decorated
    return f(*args, **kwargs)
  File "./striker/tools/views.py", line 171, in repo_create
    recipient=Group.objects.get(name=tool.cn),
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/django/db/models/manager.py", line 127, in manager_method
    return getattr(self.get_queryset(), name)(*args, **kwargs)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/django/db/models/query.py", line 334, in get
    self.model._meta.object_name
django.contrib.auth.models.DoesNotExist: Group matching query does not exist.

This error is happening when Striker is trying to post notifications to the members of the editcount-fr tool about the new repo being created. This looks like it it probably caused by T144943: Groups and tools only refreshed at login.

What is not clear is why this would cause anything to be incorrect about the Phabricator ACL for a newly created repo.

I have manually fixed the policies for:

This is a band-aid until I can track down and fix the real underlying problem in Striker.

bd808 renamed this task from New repo are created without access to Diffusion repositories created via Striker may not have proper ACLs.Aug 3 2017, 5:00 PM