Fix security owners check to be compatible with presubmit --files/--all
The security owners check only issues a blocking error now if there is
a Gerrit issue attached to the change: it is not possible (through the
normal tooling anyway) to directly commit a change without first
uploading it to Gerrit, so no safety is lost there. In addition, the
security owners check now respects Owners-Override as well.
Testing this fix also revealed an issue where the security review
exceptions for Blink metrics enums did not work quite correctly, since
the same directory contained both mojoms that required security review
and mojoms that did not.
To fix this, move all the mojoms that do not require a security review
into their own subdirectory and merge the PRESUBMIT scripts into one,
updating the PRESUBMIT to the latest style.
Moving the enums also required updating numerous paths throughout
Chrome. It also slightly changes the output of the enum validation
script, so regenerate enums.xml to reflect the new paths. This also
updates the shebang line in the enum generation scripts to use
python3 explicitly instead of just python (which is often not present
on gLinux machines, or is mapped to python2).
Bug: 801315
Change-Id: If1809126a0103e295b7c350a8996401c766a2931
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3648594
Reviewed-by: Kentaro Hara <[email protected]>
Owners-Override: Kentaro Hara <[email protected]>
Commit-Queue: Daniel Cheng <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1003666}
diff --git a/PRESUBMIT_test.py b/PRESUBMIT_test.py
index ca9f2750..9cbd92f 100755
--- a/PRESUBMIT_test.py
+++ b/PRESUBMIT_test.py
@@ -2292,6 +2292,14 @@
class _SecurityOwnersTestCase(unittest.TestCase):
+ def _setupFakeChange(self, input_api):
+ class FakeGerrit(object):
+ def IsOwnersOverrideApproved(self, issue):
+ return False
+
+ input_api.change.issue = 123
+ input_api.gerrit = FakeGerrit()
+
def _injectFakeOwnersClient(self, input_api, owners):
class FakeOwnersClient(object):
def ListOwners(self, f):
@@ -2328,6 +2336,7 @@
mock_input_api.files = [
MockAffectedFile(f'services/goat/public/goat.mojom',
['// Scary contents.'])]
+ self._setupFakeChange(mock_input_api)
self._injectFakeOwnersClient(
mock_input_api,
['[email protected]', '[email protected]'])
@@ -2350,6 +2359,7 @@
mock_input_api.files = [
MockAffectedFile(f'services/goat/public/goat.mojom',
['// Scary contents.'])]
+ self._setupFakeChange(mock_input_api)
self._injectFakeOwnersClient(
mock_input_api,
['[email protected]', '[email protected]'])
@@ -2372,6 +2382,7 @@
mock_input_api.files = [
MockAffectedFile(f'services/goat/public/goat.mojom',
['// Scary contents.'])]
+ self._setupFakeChange(mock_input_api)
self._injectFakeOwnersClient(
mock_input_api,
['[email protected]', '[email protected]'])
@@ -2396,6 +2407,7 @@
mock_input_api.files = [
MockAffectedFile(f'services/goat/public/{filename}',
['// Scary contents.'])]
+ self._setupFakeChange(mock_input_api)
self._injectFakeOwnersClient(
mock_input_api,
['[email protected]', '[email protected]'])
@@ -2421,6 +2433,7 @@
mock_input_api.files = [
MockAffectedFile(f'services/goat/public/{filename}',
['// Scary contents.'])]
+ self._setupFakeChange(mock_input_api)
self._injectFakeOwnersClient(
mock_input_api,
['[email protected]', '[email protected]'])
@@ -2455,6 +2468,7 @@
'#include "services/goat/public/cpp/manifest.h"',
'const service_manager::Manifest& GetManifest() {}',
])]
+ self._setupFakeChange(mock_input_api)
self._injectFakeOwnersClient(mock_input_api,
['[email protected]', '[email protected]'])
self._injectFakeChangeOwnerAndReviewers(
@@ -2497,6 +2511,7 @@
[
'library test.fidl'
])]
+ self._setupFakeChange(mock_input_api)
self._injectFakeOwnersClient(mock_input_api,
['[email protected]', '[email protected]'])
self._injectFakeChangeOwnerAndReviewers(
@@ -2519,6 +2534,7 @@
[
'{ "that is no": "manifest!" }'
])]
+ self._setupFakeChange(mock_input_api)
self._injectFakeOwnersClient(mock_input_api,
['[email protected]', '[email protected]'])
self._injectFakeChangeOwnerAndReviewers(
@@ -2541,11 +2557,12 @@
[
'{ "that is no": "manifest!" }'
])]
- mock_output_api = MockOutputApi()
+ self._setupFakeChange(mock_input_api)
self._injectFakeOwnersClient(mock_input_api,
['[email protected]', '[email protected]'])
self._injectFakeChangeOwnerAndReviewers(
mock_input_api, '[email protected]', ['[email protected]'])
+ mock_output_api = MockOutputApi()
errors = PRESUBMIT.CheckSecurityOwners(
mock_input_api, mock_output_api)
self.assertEqual(2, len(errors))
@@ -2639,6 +2656,7 @@
def testChangeOwnersMissing(self):
mock_input_api = MockInputApi()
+ self._setupFakeChange(mock_input_api)
self._injectFakeOwnersClient(mock_input_api,
['[email protected]', '[email protected]'])
self._injectFakeChangeOwnerAndReviewers(
@@ -2659,6 +2677,7 @@
def testChangeOwnersMissingAtCommit(self):
mock_input_api = MockInputApi()
+ self._setupFakeChange(mock_input_api)
self._injectFakeOwnersClient(mock_input_api,
['[email protected]', '[email protected]'])
self._injectFakeChangeOwnerAndReviewers(
@@ -2694,6 +2713,7 @@
def testChangeOwnerIsSecurityOwner(self):
mock_input_api = MockInputApi()
+ self._setupFakeChange(mock_input_api)
self._injectFakeOwnersClient(mock_input_api,
['[email protected]', '[email protected]'])
self._injectFakeChangeOwnerAndReviewers(
