On Wed, 31 Jul 2013 13:34:45 +0300 Paul Sokolovsky Paul.Sokolovsky@linaro.org wrote:
[]
Argh:
user_name, group_name, slug, is_public, is_anonymous = BundleStream.parse_pathname(pathname)
So, it takes group_name from bundle path, and then expects user to be member of that group. And we don't have "linaro" group for LAVA usage any more, but kinda still want to create bundle streams with that in the path.
Fairly speaking, I don't know what to do. My stance would be to avoid any exceptions to the general rule - if bundle stream path requires inclusion of name of the group, then it always should be name of real group, not something else (because something else can be anything, and this negates original rule and leads to confusion). Otherwise, it shows that applying ACLs based on the path of stream wasn't exactly the brightest choice - names and access restrictions tend to change independently in the real world.
We discussed this situation with Dave and Antonio and concluded that the solution of the least resistance is to reinstate and keep supporting linaro-lava-access (real group) -> linaro (viertual group) group mapping. Other alternative is to analyze impact of switching everyone to the real linaro-lava-access group, possibly migrating bundle streams, and making sure everyone used new bundle streams - something we didn't plan for and have lot of other useful work instead.
So, group mapping was reinstated and Fathi confirmed success with creating the stream. I'm going to work to add group mapping support to django-crowd-rest-backend, so Crowd switchover for LAVA is delayed a bit.