The members of the Fedora DEI Team sub-group on GitLab should only contain sponsored members of the Fedora DEI Team in FAS. Previously on Pagure, we relied on private issues for certain workflows in our team. Currently, there are over 100 members in the Fedora DEI Team GitLab sub-group with the Reporter level of access. We want to limit this access to only sponsored members of the Fedora DEI Team, which we manage at the FAS group membership level.
By Friday, 13 October 2023. We are planning communications around Fedora Appreciation Week for the Fedora 20th anniversary, and we are relying on people opening confidential issues and being able to remain anonymous except to members of the Fedora DEI Team.
CC: @jonatoni @ekidney
@dkirwan You worked on the operator that is doing the sync between FAS and Gitlab if I remember correctly. Do you think this is possible?
Metadata Update from @phsmoura: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: medium-gain, medium-trouble, ops
I think we can do this by making a fas group and linking it to 'reporter' level... then it should just remove anyone not in the group.
Metadata Update from @kevin: - Issue untagged with: medium-gain, medium-trouble, ops - Issue priority set to: Needs Review (was: Waiting on Assignee)
Metadata Update from @kevin: - Issue assigned to kevin
Metadata Update from @kevin: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: medium-gain, medium-trouble, ops
I've created gitlab-fedora-dei-reporter and added you as a manager/member.
Would you like to add some more people and then I can set it in gitlab and it should remove all the reporters not in that group.
To update the ticket, we have had some back-and-forth discussion on Matrix about the implementation. What we landed on is that the diversity-team FAS group should have the Developer role and @kevin created a new gitlab-fedora-dei-admin for people to have the Owner role.
diversity-team
gitlab-fedora-dei-admin
What remains pending is changing the existing level of access to the tens of people who have Reporter level access due to top-level inheritance in the main GitLab org.
yeah, and I have now done that... so this should be set I think...
It may not show things correctly until users login, but when they do, it should refresh their access and show them correctly.
We did test this with another user. So, I think we are set here and can close this now? Can you confirm?
OK. I think this is set now. I see many people are showing as Guest level access now, and these are folks that I assume have likely re-authed in a somewhat recent time period.
Our need here is complete. Happy for this to be closed. Thanks for rubber-ducking this, @kevin! :raised_hands:
Thanks!
Metadata Update from @kevin: - Issue close_status updated to: Fixed with Explanation - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.