Page MenuHomePhabricator
Create Task
Maniphest T172413

Diffusion repositories created via Striker may not have proper ACLs
Closed, DeclinedPublic
Actions

Description

Hello,

When creating a new Diffusion repository (tool-signature-manquante-bot) from the ToolAdmin, I had an error 500 and it created the repo without granting me access to it.

@bd808 told me : "This is either because you had not linked your Phabricator account with your LDAP account before you created the repository or there is some regression bug in repository creation."

I have checked this page and all my accounts are linked...

Also, I have tried again with tool-editcount-fr after checking the accounts were linked and it got me the same result.

Best,

Brclz

Screenshot-500Error.png (559×1 px, 60 KB)

Related Objects

Event Timeline

Brclz created this task.Aug 3 2017, 4:32 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 3 2017, 4:32 PM
bd808 added a comment.Aug 3 2017, 4:35 PM

thanks for the bug report @Brclz. I'll see if I can find the error in the logs so we can fix it.

bd808 added a comment.Aug 3 2017, 4:51 PM

I do see in the backing database for striker that the LDAP username Brclz (shellname: brclz) is associated with the phabricator account @Brclz.

Logged errors are:

2017-08-03T14:01:13Z [471712b340e541949ba6663a87ed426d] striker.phabricator WARNING: Unknown or missing ldap names: Brclz
2017-08-03T14:10:52Z [9c4bf69088504f5795e457c8e08fbb8f] striker.phabricator WARNING: Unknown or missing ldap names: Brclz
2017-08-03T16:20:07Z [a3c91d357cb047abb25ae1113a430dd1] django.request ERROR: Internal Server Error: /tools/id/editcount-fr/repos/create
Traceback (most recent call last):
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/django/core/handlers/base.py", line 132, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/django/contrib/auth/decorators.py", line 22, in _wrapped_view
    return view_func(request, *args, **kwargs)
  File "./striker/tools/views.py", line 82, in decorated
    return f(*args, **kwargs)
  File "./striker/tools/views.py", line 171, in repo_create
    recipient=Group.objects.get(name=tool.cn),
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/django/db/models/manager.py", line 127, in manager_method
    return getattr(self.get_queryset(), name)(*args, **kwargs)
  File "/srv/deployment/striker/venv/lib/python3.4/site-packages/django/db/models/query.py", line 334, in get
    self.model._meta.object_name
django.contrib.auth.models.DoesNotExist: Group matching query does not exist.

This error is happening when Striker is trying to post notifications to the members of the editcount-fr tool about the new repo being created. This looks like it it probably caused by T144943: Groups and tools only refreshed at login.

What is not clear is why this would cause anything to be incorrect about the Phabricator ACL for a newly created repo.

bd808 added a comment.Aug 3 2017, 4:59 PM

I have manually fixed the policies for:

This is a band-aid until I can track down and fix the real underlying problem in Striker.

bd808 renamed this task from New repo are created without access to Diffusion repositories created via Striker may not have proper ACLs.Aug 3 2017, 5:00 PM
taavi edited projects, added Striker; removed Diffusion, Toolforge.Feb 11 2023, 10:07 PM
taavi subscribed.

Is this still a problem (after the migration to GitLab)?

Brclz unsubscribed.Feb 11 2023, 10:44 PM
bd808 closed this task as Declined.Feb 11 2023, 11:30 PM

There may still be a similar problem with GitLab repo creation, but let's close this and wait for a bug report.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits