Protect against stupid operators who didn't fill out a users.txt before running

[josegonzalez]

I ran this against my organization, thinking it would be awesome. It was. It sent out hundreds of emails to our users - sometimes multiple, depending upon if they setup bots - which means that now everyone is upset at me.

We should instead:

• have a big shiny warning if the file doesn't exist
• fail if the person authenticating isn't on that list (they should be!)
• fail if the list of users in the users.txt doesnt match at least some percentage (25?) of users in the org
• straightup-bomb out if an env var doesnt exist to override the above.

[QuinnyPig]

Alternately, a "dry run" mode of "don't send any emails but tell me what you'll send if I remove the dry-run flag" would help with this.

[rtyley]

Hey, thanks for these suggestions, sorry to hear about the trouble. I think you're right, we should at least remind the operator to create the users.txt file (and get the relevant sponsors to start filling the file) before running gu:who in earnest.

I'm in the middle of a refactor for gu:who, but I'll take a look at implementing this once that's over.

[josegonzalez]

I meant the issue with no disrespect - I was the stupid operator, after all - but good to see that this will be considered!

[rtyley]

I meant the issue with no disrespect

No offence taken! 😄

[kaji-bikash]

was searching for a good way to making developers apply 2FA in their accounts and I found your creation. This is beautiful. I created Docker image and started using with volume mount to save costly downloads because i did not have much experience working with Scala toolchains. But i encountered few unexpected things that i am not aware of and i was wondering you would have the answers !

1. I created private people repository having users.txt pushed before running the bot with proper git credentials passed via environment variables. This did not trigger anything. Is this a normal behaviour ?
2. Since having repo people with bulk pushed all members of org in users.txt and bot running with proper git credentials did not do nothing, I pasted in token and ran it. Then I saw the magic and it's all good. So almost all members of org had issue assigned under labels sponsor, 2FA and Full name . It was the success except i did not understand sponsor part now. Since i bulk pushed all for the first run thereby vouching for all, why it still complained about not having a sponsor ?
3. All members starting address the issue which is what we wanted. Now i am confused about re-checks. Does gu:who bot periodically check on requirement automatically ? Does it need to be triggered manually like the first time ? Have i gotten anything wrong ?

[rtyley]

Hi @kajisaap - thanks for your interest in gu:who! I think your comment is mostly queries about how to set up gu:who, and don't really relate to the specific issue raised by @josegonzalez.

As an experiment, I've created a Gitter channel at https://gitter.im/guardian/gu-who where operator queries like this can be discussed, and could maybe firm up into specific issues around eg usability.

[kaji-bikash]

Yeah i should have created another issue with relevant title. Thanks for creating Gitter channel but not sure how realtime communication could help 100% when we are very far apart in time zones. I am GMT + 5:45

[josegonzalez]

@kajisaap Being in a different timezone doesn't mean another developer can't/won't respond quickly. I'm in NYC and regularly chat with our developers in Asia and Europe when it is midday for them :)

[kaji-bikash]

got ya' 👍
how could @kajisaap be that much narrow-minded ? 😄