sbp commented on issue #234:
URL:
https://github.com/apache/tooling-trusted-release/issues/234#issuecomment-3312445332
We were getting committees from the ASFQuart user information using the
incorrect dictionary key `pmcs` instead of the correct key `committees`. The
reason behind this confusion is illuminated by following line from `session.py`
in ASFQuart:
```
self.committees = raw_data.get("pmcs", [])
```
Data from the Quart cookie, bearer token, LDAP, or session writers uses
`pmcs` as the committees key, but the ASFQuart `ClientSession` object
subsequently stores it as `committees`. As an example of where this is
confusing, when we set a session in our `admin_browse_as` function we use
ASFQuart's `session.write` function to update the cookie. This requires `pmcs`
to be used, and our code correctly sets `pmcs`. But when it's read back from
ASFQuart using `session.read`, this same data will be in `committees` instead.
The initial fix was 65be23fe73ddce65411ab825a2a32f82d741d143. Even though
`ClientSession` is a dictionary, attributes can be used to access its contents
as well as dictionary keys. To solve this in greater depth, therefore, the ATR
code now reads from attributes corresponding to the keys, as implemented in
41a18614c4474383c59c89af4b6e81b47c5a8d85. This is easier to type check. As to
why this wasn't covered by tests, we already plan to cover this and similar
functionality shortly as part of issue #209. Please note that if you test this
again and the keys are already present in the database, you will receive the
message "Processed 0 keys: 0 successful, 0 failed". There is a TODO in the
source code about improving this message to indicate already uploaded keys.
The problem during the ATR demonstration was that Dave could not start a
release for the `otava` committee. Dave is not a member of the `otava`
committee, so by design he could not start a release. We may change this as a
result of issue #229, which will include discussing permission levels for all
ATR actions. The present issue would likely have affected him anyway, but it
did not because he made a `tooling` release instead, and we have a special case
for `tooling` members in the ATR source.
Thanks very much for this bug report.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
