search

communitybridge / easycla

The Contributor License Agreement (CLA) service of the Linux Foundation lets project contributors read, sign, and submit contributor license agreements easily.
https://easycla.lfx.linuxfoundation.org
MIT License
64 stars 45 forks source link

Issue with Gerrit Project Whitelisting #305

Closed jpalmerLinuxFoundation closed 4 years ago

jpalmerLinuxFoundation commented 5 years ago

Summary For some Gerrit projects, some companies experience consistent issues in whitelisting their employees Project(s) experiencing most issues listed first:

Background

  1. Go to https://gerrit.onap.org/
  2. Click on 'Settings' cog in the top-right corner
  3. Click on 'Agreements' link in left nav near the bottom of the list
  4. See list of agreements or options to sign CLA.

Expected behavior When a user does at least one of the following:

  1. Signs ICLA

  2. Confirms affiliation with the company that whitelisted them

    The following 4 things are expected:

  3. Signature record on cla-*-signatures table is added for individual (Consistently Failing)
  4. User's LFID is added to the appropriate CLA group (Consistently Failing)
    • Here are the following LDAP CLA groups currently using EasyCLA:
  5. User sees the appropriate agreements listed on Gerrit (Settings > Agreements) (Consistently Failing)
  6. User is able to commit code

Screenshots Gerrit (Settings > Agreements) image

Environment

Additional Context Most recent users experiencing the issue with ONAP

Acceptance Criteria The "done" criteria when this feature or problem is resolved. Such as:

  1. Unit Tests added and running in CI
  2. Functional Tests updated to cover feature, if applicable
  3. Demonstrate the set of capabilities to the product team while the code is running in the STAGING environment.

References Gerrit Walkthrough Video: https://youtu.be/XQcRBuIPQVY Onboarding Details Possible support resources

dealako commented 4 years ago

Needs investigation with engineering write-up.

WillsonHG commented 4 years ago

So in looking at the first user referenced, 3aa8c272-2600-47f6-b6bc-2cd60c761b48 has a signature == false in db. The logs from that timestamp show easycla was unable to match his email to the whitelist even though it was clearly present. This could have been related to the issue that Harold has just fixed with the whitelisting RexEx. It did not give the same error, though. Edit: Actually, the issue Harold fixed was domain whitelisting, not the email whitelisting that is happening here.

edit: removed the link to logs, i have the link if needed.

The second user put in a ticket about this https://jira.linuxfoundation.org/browse/SUPPORT-659 he had the wrong email on file in gerrit, the company had whitelisted a different email for him, so that was working as intended.

There are no other examples listed. I will look back through my tickets to identify any other issues related.

wanyaland commented 4 years ago

@WillsonHG , So if these happen to be the only examples the whitelisting functionality is working fine ?

WillsonHG commented 4 years ago

@wanyaland I think there still may be a problem. The first example 3aa8c272-2600-47f6-b6bc-2cd60c761b48 failed an individual email whitelist check, even though it should have passed.

I am currently looking back through the tickets from October and there are a few tickets from that time that I think may be related. I'll post them as I investigate.