Fix some non-inclusive language
Change-Id: I948f1ad236b2c751d257cb3a5635d01e684b66ad
Reviewed-on: https://skia-review.googlesource.com/c/buildbot/+/301948
Commit-Queue: Eric Boren <borenet@google.com>
Reviewed-by: Joe Gregorio <jcgregorio@google.com>
diff --git a/PRESUBMIT.py b/PRESUBMIT.py
index 67d7809..041c463 100644
--- a/PRESUBMIT.py
+++ b/PRESUBMIT.py
@@ -20,24 +20,24 @@
If include_extensions is empty, all files, even those without any extension,
are included.
"""
- white_list = [input_api.re.compile(r'.+')]
+ include = [input_api.re.compile(r'.+')]
if include_extensions:
- white_list = [input_api.re.compile(r'.+\.%s$' % ext)
- for ext in include_extensions]
- black_list = []
+ include = [input_api.re.compile(r'.+\.%s$' % ext)
+ for ext in include_extensions]
+ exclude = []
if exclude_extensions:
- black_list = [input_api.re.compile(r'.+\.%s$' % ext)
- for ext in exclude_extensions]
+ exclude = [input_api.re.compile(r'.+\.%s$' % ext)
+ for ext in exclude_extensions]
if exclude_filenames:
- black_list += [input_api.re.compile(r'.*%s$' % filename.replace('.', '\.'))
+ exclude += [input_api.re.compile(r'.*%s$' % filename.replace('.', '\.'))
for filename in exclude_filenames]
- if len(black_list) == 0:
- # If black_list is empty, the InputApi default is used, so always include at
+ if len(exclude) == 0:
+ # If exclude is empty, the InputApi default is used, so always include at
# least one regexp.
- black_list = [input_api.re.compile(r'^$')]
+ exclude = [input_api.re.compile(r'^$')]
- return lambda x: input_api.FilterSourceFile(x, white_list=white_list,
- black_list=black_list)
+ return lambda x: input_api.FilterSourceFile(x, white_list=include,
+ black_list=exclude)
def _CheckNonAscii(input_api, output_api):
"""Check for non-ASCII characters and throw warnings if any are found."""
@@ -191,12 +191,12 @@
"""
results = []
- pylint_blacklist = [
+ pylint_skip = [
r'infra[\\\/]bots[\\\/]recipes.py',
r'.*[\\\/]\.recipe_deps[\\\/].*',
r'.*[\\\/]node_modules[\\\/].*',
]
- pylint_blacklist.extend(input_api.DEFAULT_BLACK_LIST)
+ pylint_skip.extend(input_api.DEFAULT_BLACK_LIST)
pylint_disabled_warnings = (
'F0401', # Unable to import.
'E0611', # No name in module.
@@ -210,7 +210,7 @@
results += input_api.canned_checks.RunPylint(
input_api, output_api,
disabled_warnings=pylint_disabled_warnings,
- black_list=pylint_blacklist)
+ black_list=pylint_skip)
# Use 100 for max length for files other than python. Python length is
# already checked during the Pylint above. No max length for Go files.
diff --git a/autoroll/config/chromite-chromium.json b/autoroll/config/chromite-chromium.json
index 7b1d268..011a623 100644
--- a/autoroll/config/chromite-chromium.json
+++ b/autoroll/config/chromite-chromium.json
@@ -51,7 +51,7 @@
"timeWindow": "M-F 15:00-19:00",
"notifiers": [
{
- "msgTypeWhitelist": ["last n failed"],
+ "includeMsgTypes": ["last n failed"],
"monorail": {
"project": "chromium",
"owner": "bpastene@chromium.org",
diff --git a/autoroll/config/skia-skiabot-test.json b/autoroll/config/skia-skiabot-test.json
index f83dd05..563e021 100644
--- a/autoroll/config/skia-skiabot-test.json
+++ b/autoroll/config/skia-skiabot-test.json
@@ -46,7 +46,7 @@
"maxRollFrequency": "0m",
"notifiers": [
{
- "msgTypeWhitelist": ["last n failed"],
+ "includeMsgTypes": ["last n failed"],
"monorail": {
"project": "skia",
"owner": "borenet",
diff --git a/autoroll/go/autoroll-fe/main.go b/autoroll/go/autoroll-fe/main.go
index 109a93d..876f61e 100644
--- a/autoroll/go/autoroll-fe/main.go
+++ b/autoroll/go/autoroll-fe/main.go
@@ -55,7 +55,7 @@
resourcesDir = flag.String("resources_dir", "", "The directory to find templates, JS, and CSS files. If blank the current directory will be used.")
hang = flag.Bool("hang", false, "If true, don't spin up the server, just hang without doing anything.")
- WHITELISTED_VIEWERS = []string{
+ allowedViewers = []string{
"prober@skia-public.iam.gserviceaccount.com",
"skia-status@skia-public.iam.gserviceaccount.com",
"skia-status-internal@skia-corp.google.com.iam.gserviceaccount.com",
@@ -362,7 +362,7 @@
// config file, and viewers are either public or @google.com.
var viewAllow allowed.Allow
if *internal {
- viewAllow = allowed.UnionOf(allowed.NewAllowedFromList(WHITELISTED_VIEWERS), allowed.Googlers())
+ viewAllow = allowed.UnionOf(allowed.NewAllowedFromList(allowedViewers), allowed.Googlers())
}
login.InitWithAllow(serverURL+login.DEFAULT_OAUTH2_CALLBACK, allowed.Googlers(), allowed.Googlers(), viewAllow)
diff --git a/autoroll/go/notifier/notifier.go b/autoroll/go/notifier/notifier.go
index 5a3b9f1..46e6d6e 100644
--- a/autoroll/go/notifier/notifier.go
+++ b/autoroll/go/notifier/notifier.go
@@ -15,7 +15,7 @@
const (
// Types of notification message sent by the roller. These can be
- // whitelisted in the notifier configs.
+ // selected via notifier.Config.IncludeMsgTypes.
MSG_TYPE_ISSUE_UPDATE = "issue update"
MSG_TYPE_LAST_N_FAILED = "last n failed"
MSG_TYPE_MODE_CHANGE = "mode change"
diff --git a/autoroll/go/status/status.go b/autoroll/go/status/status.go
index f6a2f42..8513390 100644
--- a/autoroll/go/status/status.go
+++ b/autoroll/go/status/status.go
@@ -17,7 +17,7 @@
var (
// Insert the AutoRollMiniStatus for these internal rollers into the
// external datastore.
- EXPORT_WHITELIST = []string{
+ exportRollers = []string{
"android-master-autoroll",
"google3-autoroll",
}
@@ -111,7 +111,7 @@
// Optionally export the mini version of the internal roller's status
// to the external datastore.
- if util.In(rollerName, EXPORT_WHITELIST) {
+ if util.In(rollerName, exportRollers) {
exportStatus := &AutoRollStatus{
AutoRollMiniStatus: st.AutoRollMiniStatus,
}
diff --git a/ct/modules/pageset-selector-sk/pageset-selector-sk.js b/ct/modules/pageset-selector-sk/pageset-selector-sk.js
index 6e5e537..2bad228 100644
--- a/ct/modules/pageset-selector-sk/pageset-selector-sk.js
+++ b/ct/modules/pageset-selector-sk/pageset-selector-sk.js
@@ -102,8 +102,8 @@
}
_filterPageSets() {
- const blacklist = this._hideIfKeyContains;
- const psHasSubstring = (ps) => blacklist.some((s) => ps.key.includes(s));
+ const exclude = this._hideIfKeyContains;
+ const psHasSubstring = (ps) => exclude.some((s) => ps.key.includes(s));
this._pageSets = this._unfilteredPageSets
.filter((ps) => !psHasSubstring(ps));
}
diff --git a/datahopper/go/datahopper/main.go b/datahopper/go/datahopper/main.go
index 91377d9..c188c1b 100644
--- a/datahopper/go/datahopper/main.go
+++ b/datahopper/go/datahopper/main.go
@@ -7,7 +7,6 @@
import (
"context"
"flag"
- "regexp"
"time"
"cloud.google.com/go/bigtable"
@@ -36,7 +35,7 @@
"google.golang.org/api/option"
)
-const APPNAME = "datahopper"
+const appName = "datahopper"
// flags
var (
@@ -55,20 +54,9 @@
swarmingPools = common.NewMultiStringFlag("swarming_pool", nil, "Swarming pools to use.")
)
-var (
- // Regexp matching non-alphanumeric characters.
- re = regexp.MustCompile("[^A-Za-z0-9]+")
-
- BUILDSLAVE_OFFLINE_BLACKLIST = []string{
- "build3-a3",
- "build4-a3",
- "vm255-m3",
- }
-)
-
func main() {
common.InitWithMust(
- APPNAME,
+ appName,
common.PrometheusOpt(promPort),
common.MetricsLoggingOpt(),
)
@@ -101,7 +89,7 @@
ProjectID: *btProject,
InstanceID: *btInstance,
TableID: *gitstoreTable,
- AppProfile: APPNAME,
+ AppProfile: appName,
}
repos, err := bt_gitstore.NewBTGitStoreMap(ctx, *repoUrls, btConf)
if err != nil {
diff --git a/datahopper/go/swarming_metrics/bots.go b/datahopper/go/swarming_metrics/bots.go
index 8c06142..22757d8 100644
--- a/datahopper/go/swarming_metrics/bots.go
+++ b/datahopper/go/swarming_metrics/bots.go
@@ -23,7 +23,7 @@
MEASUREMENT_SWARM_BOTS_UPTIME = "swarming_bots_uptime_s"
)
-var batteryBlacklist = []*regexp.Regexp{
+var ignoreBatteries = []*regexp.Regexp{
// max77621-(cpu|gpu) are on the pixel Cs and constantly at 100. Not useful
regexp.MustCompile("max77621-(cpu|gpu)"),
// dram is on the Nexus players and goes between 0 and 2.
@@ -191,8 +191,8 @@
outer:
for zone, temp := range device.DevTemperatureMap {
- for _, blacklisted := range batteryBlacklist {
- if blacklisted.MatchString(zone) {
+ for _, ignoreBattery := range ignoreBatteries {
+ if ignoreBattery.MatchString(zone) {
continue outer
}
}
diff --git a/datahopper/go/swarming_metrics/tasks.go b/datahopper/go/swarming_metrics/tasks.go
index 3c105ab..cc3f7fc 100644
--- a/datahopper/go/swarming_metrics/tasks.go
+++ b/datahopper/go/swarming_metrics/tasks.go
@@ -31,7 +31,7 @@
)
var (
- DIMENSION_WHITELIST = util.NewStringSet([]string{
+ includeDimensions = util.NewStringSet([]string{
"os",
"model",
"cpu",
@@ -244,11 +244,11 @@
tags := map[string]string{
"task_name": t.TaskResult.Name,
}
- for d := range DIMENSION_WHITELIST {
+ for d := range includeDimensions {
tags[d] = ""
}
for _, dim := range swarming.GetTaskRequestProperties(t).Dimensions {
- if _, ok := DIMENSION_WHITELIST[dim.Key]; ok {
+ if _, ok := includeDimensions[dim.Key]; ok {
tags[dim.Key] = dim.Value
}
}
@@ -408,7 +408,7 @@
// they're left empty.
for _, tagSet := range tagSets {
tagSet["task_name"] = ""
- for k := range DIMENSION_WHITELIST {
+ for k := range includeDimensions {
tagSet[k] = ""
}
}
diff --git a/datahopper/go/swarming_metrics/tasks_test.go b/datahopper/go/swarming_metrics/tasks_test.go
index f3e81b6..5684c85 100644
--- a/datahopper/go/swarming_metrics/tasks_test.go
+++ b/datahopper/go/swarming_metrics/tasks_test.go
@@ -220,7 +220,7 @@
"stream": streamForPool("Skia"),
"task_name": "my-task",
}
- for k := range DIMENSION_WHITELIST {
+ for k := range includeDimensions {
if _, ok := tags[k]; !ok {
tags[k] = ""
}
diff --git a/docker_pushes_watcher/README.md b/docker_pushes_watcher/README.md
index 0c1bbc3..20a5277 100644
--- a/docker_pushes_watcher/README.md
+++ b/docker_pushes_watcher/README.md
@@ -57,8 +57,8 @@
### Docker Pushes Watcher App
The [docker pushes watcher](https://skia.googlesource.com/buildbot/+show/master/docker_pushes_watcher/) app listens for [pubsub messages](https://skia.googlesource.com/buildbot/+show/master/go/docker/build/pubsub/pubsub.go#15) for 2 main tasks:
-* Tags images in the app's whitelist with the "prod" tag when they correspond to the latest commit in the Skia/Buildbot repository. This is done to account for bots running out of order because of backfilling.
-* Deploys apps to k8s using pushk for images in the app's whitelist when they correspond to the latest commit.
+* Tags images in the app's list with the "prod" tag when they correspond to the latest commit in the Skia/Buildbot repository. This is done to account for bots running out of order because of backfilling.
+* Deploys apps to k8s using pushk for images in the app's list when they correspond to the latest commit.
## Auto-deploying infra apps
diff --git a/docker_pushes_watcher/go/docker_pushes_watcher/main.go b/docker_pushes_watcher/go/docker_pushes_watcher/main.go
index 6d25f81..c000979 100644
--- a/docker_pushes_watcher/go/docker_pushes_watcher/main.go
+++ b/docker_pushes_watcher/go/docker_pushes_watcher/main.go
@@ -1,5 +1,5 @@
// docker_pushes_watcher monitors pubsub events for docker pushes and looks at a
-// whitelist of image names to do one or more of the following:
+// list of image names to do one or more of the following:
// * tag new images with "prod"
// * deploy images using pushk
@@ -374,7 +374,7 @@
return
}
- // See if the image is in the whitelist of images to be tagged.
+ // See if the image is in the list of images to be tagged.
if util.In(baseImageName(imageName), *tagProdImages) {
// Instantiate gitiles using the repo.
gitRepo := gitiles.NewRepo(buildInfo.Repo, httpClient)
@@ -388,7 +388,7 @@
}
tagFailure.Reset()
if taggedWithProd {
- // See if the image is in the whitelist of images to be deployed by pushk.
+ // See if the image is in the list of images to be deployed by pushk.
if util.In(baseImageName(imageName), *deployImages) {
pushFailure := metrics2.GetCounter(PUSH_FAILURE_METRIC, map[string]string{"image": baseImageName(imageName), "repo": buildInfo.Repo})
fullyQualifiedImageName := fmt.Sprintf("%s:%s", imageName, tag)
@@ -399,11 +399,11 @@
}
pushFailure.Reset()
} else {
- sklog.Infof("Not going to deploy %s. It is not in the whitelist of images to deploy: %s", buildInfo, *deployImages)
+ sklog.Infof("Not going to deploy %s. It is not in the list of images to deploy: %s", buildInfo, *deployImages)
}
}
} else {
- sklog.Infof("Not going to tag %s with prod. It is not in the whitelist of images to tag: %s", buildInfo, *tagProdImages)
+ sklog.Infof("Not going to tag %s with prod. It is not in the list of images to tag: %s", buildInfo, *tagProdImages)
}
pubSubReceive.Reset()
diff --git a/docserverk/go/config/config.go b/docserverk/go/config/config.go
index 502e9ed..bee65ab 100644
--- a/docserverk/go/config/config.go
+++ b/docserverk/go/config/config.go
@@ -11,6 +11,6 @@
)
var (
- // WHITELIST is the list of domains that are allowed to have their CLs previewed.
- WHITELIST = []string{"google.com", "chromium.org", "skia.org"}
+ // ALLOWED_DOMAINS is the list of domains that are allowed to have their CLs previewed.
+ ALLOWED_DOMAINS = []string{"google.com", "chromium.org", "skia.org"}
)
diff --git a/docserverk/go/docset/docset.go b/docserverk/go/docset/docset.go
index 1f2e34f..93896b4 100644
--- a/docserverk/go/docset/docset.go
+++ b/docserverk/go/docset/docset.go
@@ -231,7 +231,7 @@
return nil, fmt.Errorf("CL contains invalid author email: %s", err)
}
domain := strings.Split(addr.Address, "@")[1]
- if !util.In(domain, config.WHITELIST) {
+ if !util.In(domain, config.ALLOWED_DOMAINS) {
return nil, fmt.Errorf("User is not authorized to test docset CLs.")
}
return newDocSet(ctx, workDir, repo, issue, patchset, false)
diff --git a/gitsync/go/watcher/watcher.go b/gitsync/go/watcher/watcher.go
index b99e9d4..a86cac9 100644
--- a/gitsync/go/watcher/watcher.go
+++ b/gitsync/go/watcher/watcher.go
@@ -484,14 +484,14 @@
if err != nil {
return skerr.Wrapf(err, "Failed loading branches from Gitiles.")
}
- // If any of the whitelisted old branches disappeared, add it back.
+ // If any of the ignoreDeletedBranches disappeared, add it back.
newBranches := make(map[string]string, len(branches))
for _, branch := range branches {
newBranches[branch.Name] = branch.Head
}
for name, b := range oldBranches {
if _, ok := newBranches[name]; !ok && ignoreDeletedBranch[r.gitiles.URL][name] {
- sklog.Warningf("Branch %q missing from new branches; ignoring due to explicit whitelist.", name)
+ sklog.Warningf("Branch %q missing from new branches; ignoring.", name)
branches = append(branches, b)
}
}
diff --git a/go/allowed/infra_auth_allowed.go b/go/allowed/infra_auth_allowed.go
index d090017..58ebe68 100644
--- a/go/allowed/infra_auth_allowed.go
+++ b/go/allowed/infra_auth_allowed.go
@@ -44,7 +44,7 @@
// NewAllowedFromChromeInfraAuth creates an AllowedFromChromeInfraAuth.
//
-// client - Must be authenticated and whitelisted to access GROUP_URL_TEMPLATE.
+// client - Must be authenticated and allowed to access GROUP_URL_TEMPLATE.
// group - The name of the group we want to restrict access to.
//
// The presumption is that an AllowedFromChromeInfraAuth will be created
diff --git a/go/auth/auth.go b/go/auth/auth.go
index 86e0624..287cd2e 100644
--- a/go/auth/auth.go
+++ b/go/auth/auth.go
@@ -410,8 +410,8 @@
// request. For more information, see:
// https://github.com/luci/luci-py/blob/master/client/LUCI_CONTEXT.md
//
-// Individual scopes need to be whitelisted by the LUCI token server. For this
-// reason, it is recommended to use the compute.CloudPlatform scope.
+// Individual scopes need to be specifically allowed by the LUCI token server.
+// For this reason, it is recommended to use the compute.CloudPlatform scope.
func NewLUCIContextTokenSource(scopes ...string) (oauth2.TokenSource, error) {
authenticator := luci_auth.NewAuthenticator(context.Background(), luci_auth.SilentLogin, luci_auth.Options{
Method: luci_auth.LUCIContextMethod,
diff --git a/go/firestore/firestore.go b/go/firestore/firestore.go
index a974f14..ba1fbe8 100644
--- a/go/firestore/firestore.go
+++ b/go/firestore/firestore.go
@@ -396,7 +396,7 @@
// Do not retry if the passed-in context is expired.
return ctx.Err()
} else if st, ok := status.FromError(unwrapped); ok {
- // Retry if we encountered a whitelisted error code.
+ // Retry if we encountered a retryable error code.
code := st.Code()
retry := false
for _, retryCode := range retryErrors {
diff --git a/go/firestore/firestore_test.go b/go/firestore/firestore_test.go
index 812ba41..eb2a9b0 100644
--- a/go/firestore/firestore_test.go
+++ b/go/firestore/firestore_test.go
@@ -70,7 +70,7 @@
require.NoError(t, err)
require.Equal(t, 1, attempted)
- // Retry whitelisted errors.
+ // Retry retryable errors.
attempted = 0
e := status.Errorf(codes.ResourceExhausted, "Retry Me")
err = c.withTimeoutAndRetries(context.Background(), maxAttempts, timeout, func(ctx context.Context) error {
@@ -80,7 +80,7 @@
require.EqualError(t, err, e.Error())
require.Equal(t, maxAttempts, attempted)
- // No retry for non-whitelisted errors.
+ // No retry for non-retryable errors.
attempted = 0
err = c.withTimeoutAndRetries(context.Background(), maxAttempts, timeout, func(ctx context.Context) error {
attempted++
diff --git a/go/imports/imports_test.go b/go/imports/imports_test.go
index fd014ed..b13e4ae 100644
--- a/go/imports/imports_test.go
+++ b/go/imports/imports_test.go
@@ -69,7 +69,7 @@
util.In(pkg, testPackages))
}
-// testImportAllowed returns true if the given non-test package is whitelisted
+// testImportAllowed returns true if the given non-test package is allowed
// to import the given test package.
func testImportAllowed(importer, importee string) bool {
return util.In(importee, legacyTestImportExceptions[importer])
@@ -113,8 +113,8 @@
// Verify that legacyTestImportExceptions doesn't contain more
// entries than it should.
// TODO: Remove this once legacyTestImportExceptions is empty.
- for _, whitelistedTestImport := range legacyTestImportExceptions[name] {
- assert.Truef(t, util.In(whitelistedTestImport, pkg.Imports), "Non-test package %s is whitelisted to import %s but does not.", name, whitelistedTestImport)
+ for _, allowedTestImport := range legacyTestImportExceptions[name] {
+ assert.Truef(t, util.In(allowedTestImport, pkg.Imports), "Non-test package %s is allowed to import %s but does not.", name, allowedTestImport)
}
}
diff --git a/go/isolate/isolate.go b/go/isolate/isolate.go
index 5626e04..a7d08e6 100644
--- a/go/isolate/isolate.go
+++ b/go/isolate/isolate.go
@@ -67,7 +67,7 @@
// NewClientWithServiceAccount returns a Client instance which uses
// "--service-account-json" for its isolate binary calls. This is required for
-// servers that are not ip whitelisted in chrome-infra-auth/ip_whitelist.cfg.
+// servers that are not listed in the chrome-infra-auth bypass list.
func NewClientWithServiceAccount(workdir, server, serviceAccountJSON string) (*Client, error) {
c, err := NewClient(workdir, server)
if err != nil {
diff --git a/go/issues/issues.go b/go/issues/issues.go
index 1cf6d6b..6b8a50e 100644
--- a/go/issues/issues.go
+++ b/go/issues/issues.go
@@ -83,10 +83,9 @@
// MonorailIssueTracker implements IssueTracker.
//
-// Note that to use a MonorailIssueTracker from GCE that client id of the
-// project needs to be whitelisted in Monorail, which is already done for Skia
-// Infra. Also note that the instance running needs to have the
-// https://www.googleapis.com/auth/userinfo.email scope added to it.
+// Note that, in order to use a MonorailIssueTracker from GCE, the client id of
+// the project needs to be known to Monorail. Also note that the
+// https://www.googleapis.com/auth/userinfo.email scope is needed.
type MonorailIssueTracker struct {
client *http.Client
project string
diff --git a/go/login/login.go b/go/login/login.go
index 14b1e47..d03178a 100644
--- a/go/login/login.go
+++ b/go/login/login.go
@@ -57,17 +57,19 @@
SESSION_COOKIE_NAME = "sksession"
DEFAULT_COOKIE_SALT = "notverysecret"
- // DEFAULT_REDIRECT_URL is the redirect URL to use if Init is called with DEFAULT_DOMAIN_WHITELIST.
+ // DEFAULT_REDIRECT_URL is the redirect URL to use if Init is called with
+ // DEFAULT_ALLOWED_DOMAINS.
DEFAULT_REDIRECT_URL = "https://skia.org/oauth2callback/"
// DEFAULT_OAUTH2_CALLBACK is the default relative OAuth2 redirect URL.
DEFAULT_OAUTH2_CALLBACK = "/oauth2callback/"
- // DEFAULT_DOMAIN_WHITELIST is a white list of domains we use frequently.
- DEFAULT_DOMAIN_WHITELIST = "google.com chromium.org skia.org"
+ // DEFAULT_ALLOWED_DOMAINS is a list of domains we use frequently.
+ DEFAULT_ALLOWED_DOMAINS = "google.com chromium.org skia.org"
- // DEFAULT_ADMIN_WHITELIST is the white list of users we consider admins when we can't retrieve the whitelist from metadata.
- DEFAULT_ADMIN_WHITELIST = "borenet@google.com jcgregorio@google.com kjlubick@google.com lovisolo@google.com rmistry@google.com westont@google.com"
+ // DEFAULT_ADMIN_LIST is list of users we consider to be admins as a
+ // fallback when we can't retrieve the list from metadata.
+ DEFAULT_ADMIN_LIST = "borenet@google.com jcgregorio@google.com kjlubick@google.com lovisolo@google.com rmistry@google.com westont@google.com"
// COOKIE_DOMAIN_SKIA_ORG is the cookie domain for skia.org.
COOKIE_DOMAIN_SKIA_ORG = "skia.org"
@@ -97,24 +99,23 @@
RedirectURL: "http://localhost:8000/oauth2callback/",
}
- // activeUserDomainWhiteList is the list of domains that are allowed to
+ // activeUserDomainAllowList is the list of domains that are allowed to
// log in.
- activeUserDomainWhiteList map[string]bool
+ activeUserDomainAllowList map[string]bool
- // activeUserEmailWhiteList is the list of email addresses that are
- // allowed to log in (even if the domain is not whitelisted).
- activeUserEmailWhiteList map[string]bool
+ // activeUserEmailAllowList is the list of email addresses that are
+ // allowed to log in (even if the domain is not explicitly allowed).
+ activeUserEmailAllowList map[string]bool
- // activeAdminEmailWhiteList is the list of email addresses that are
+ // activeAdminEmailAllowList is the list of email addresses that are
// allowed to perform admin tasks.
- activeAdminEmailWhiteList map[string]bool
+ activeAdminEmailAllowList map[string]bool
// DEFAULT_SCOPE is the scope we request when logging in.
DEFAULT_SCOPE = []string{"email"}
// Auth groups which determine whether a given user has particular types
- // of access. If nil, fall back on domain and individual email
- // whitelist.
+ // of access. If nil, fall back on domain and individual email allow lists.
adminAllow allowed.Allow
editAllow allowed.Allow
viewAllow allowed.Allow
@@ -129,8 +130,8 @@
}
// SimpleInitMust initializes the login system for the default case, which uses
-// DEFAULT_REDIRECT_URL in prod along with the DEFAULT_DOMAIN_WHITELIST and
-// uses a localhost'port' redirect URL if 'local' is true.
+// DEFAULT_REDIRECT_URL in prod along with the DEFAULT_ALLOWED_DOMAINS and uses
+// a localhost'port' redirect URL if 'local' is true.
//
// If an error occurs then the function fails fatally.
func SimpleInitMust(port string, local bool) {
@@ -138,14 +139,14 @@
if !local {
redirectURL = DEFAULT_REDIRECT_URL
}
- if err := Init(redirectURL, DEFAULT_DOMAIN_WHITELIST, ""); err != nil {
+ if err := Init(redirectURL, DEFAULT_ALLOWED_DOMAINS, ""); err != nil {
sklog.Fatalf("Failed to initialize the login system: %s", err)
}
}
// SimpleInitWithAllow initializes the login system for the default case (see
// docs for SimpleInitMust) and sets the admin, editor, and viewer lists. These
-// may be nil, in which case we fall back on the default whitelists. For editors
+// may be nil, in which case we fall back on the default settings. For editors
// we default to denying access to everyone, and for viewers we default to
// allowing access to everyone.
func SimpleInitWithAllow(port string, local bool, admin, edit, view allowed.Allow) {
@@ -158,14 +159,14 @@
// InitWithAllow initializes the login system with the given redirect URL. Sets
// the admin, editor, and viewer lists as provided. These may be nil, in which
-// case we fall back on the default whitelists. For editors we default to
-// denying access to everyone, and for viewers we default to allowing access
-// to everyone.
+// case we fall back on the default settings. For editors we default to denying
+// access to everyone, and for viewers we default to allowing access to
+// everyone.
func InitWithAllow(redirectURL string, admin, edit, view allowed.Allow) {
adminAllow = admin
editAllow = edit
viewAllow = view
- if err := Init(redirectURL, DEFAULT_DOMAIN_WHITELIST, ""); err != nil {
+ if err := Init(redirectURL, DEFAULT_ALLOWED_DOMAINS, ""); err != nil {
sklog.Fatalf("Failed to initialize the login system: %s", err)
}
RestrictAdmin = RestrictWithMessage(adminAllow, "User is not an admin")
@@ -180,9 +181,9 @@
// "client_secret.json" file in the current directory to extract the client id
// and client secret from. If both of those fail then it returns an error.
//
-// The authWhiteList is the space separated list of domains and email addresses
+// The authAllowList is the space separated list of domains and email addresses
// that are allowed to log in.
-func Init(redirectURL string, authWhiteList string, clientSecretFile string) error {
+func Init(redirectURL string, authAllowList string, clientSecretFile string) error {
cookieSalt, clientID, clientSecret := tryLoadingFromKnownLocations()
if clientID == "" {
if clientSecretFile == "" {
@@ -201,20 +202,20 @@
clientID = config.ClientID
clientSecret = config.ClientSecret
}
- initLogin(clientID, clientSecret, redirectURL, cookieSalt, DEFAULT_SCOPE, authWhiteList)
+ initLogin(clientID, clientSecret, redirectURL, cookieSalt, DEFAULT_SCOPE, authAllowList)
return nil
}
// initLogin sets the params. It should only be called directly for testing purposes.
// Clients should use Init().
-func initLogin(clientID, clientSecret, redirectURL, cookieSalt string, scopes []string, authWhiteList string) {
+func initLogin(clientID, clientSecret, redirectURL, cookieSalt string, scopes []string, authAllowList string) {
secureCookie = securecookie.New([]byte(cookieSalt), nil)
oauthConfig.ClientID = clientID
oauthConfig.ClientSecret = clientSecret
oauthConfig.RedirectURL = redirectURL
oauthConfig.Scopes = scopes
- setActiveWhitelists(authWhiteList)
+ setActiveAllowLists(authAllowList)
}
// LoginURL returns a URL that the user is to be directed to for login.
@@ -267,12 +268,12 @@
// Only retrieve an online access token, i.e. no refresh token. And when we
// go through the approval flow again don't stop if they've already approved
- // once, unless they have a valid token but aren't in the whitelist,
- // in which case we want to use ApprovalForce so they get the chance
- // to pick a different account to log in with.
+ // once, unless they have a valid token but aren't in the allow list, in
+ // which case we want to use ApprovalForce so they get the chance to pick a
+ // different account to log in with.
opts := []oauth2.AuthCodeOption{oauth2.AccessTypeOnline}
s, err := getSession(r)
- if err == nil && !inWhitelist(s.Email) {
+ if err == nil && !isAuthorized(s.Email) {
opts = append(opts, oauth2.ApprovalForce)
} else {
opts = append(opts, oauth2.SetAuthURLParam("approval_prompt", "auto"))
@@ -321,9 +322,9 @@
} else if e, err := ViaBearerToken(r); err == nil {
email = e
}
- if inWhitelist(email) {
+ if isAuthorized(email) {
// TODO(stephana): Uncomment the following line when Debugf is different from Infof.
- // sklog.Debugf("User %s is on the whitelist", email)
+ // sklog.Debugf("User %s is on the allowlist", email)
return email
}
@@ -357,18 +358,18 @@
}
// IsAdmin determines whether the user is logged in with an account on the admin
-// whitelist. If true, user is allowed to perform admin tasks.
+// allow list. If true, user is allowed to perform admin tasks.
func IsAdmin(r *http.Request) bool {
email := LoggedInAs(r)
if adminAllow != nil {
return adminAllow.Member(email)
}
- return activeAdminEmailWhiteList[email]
+ return activeAdminEmailAllowList[email]
}
// IsEditor determines whether the user is logged in with an account on the
-// editor whitelist. If true, user is allowed to perform edits. Defaults to
-// false if no editor whitelist is provided.
+// editor allow list. If true, user is allowed to perform edits. Defaults to
+// false if no editor allow list is provided.
func IsEditor(r *http.Request) bool {
email := LoggedInAs(r)
if editAllow != nil {
@@ -378,7 +379,7 @@
}
// IsViewer determines whether the user is allowed to view this server. Defaults
-// to true if no viewer whitelist is provided.
+// to true if no viewer allow list is provided.
func IsViewer(r *http.Request) bool {
email := LoggedInAs(r)
if viewAllow != nil {
@@ -541,8 +542,8 @@
return
}
- if !inWhitelist(email) {
- http.Error(w, "Accounts from your domain are not allowed or your email address is not white listed.", 500)
+ if !isAuthorized(email) {
+ http.Error(w, "Accounts from your domain are not allowed or your email address is not on the allow list.", 500)
return
}
s := Session{
@@ -555,9 +556,9 @@
http.Redirect(w, r, redirect, 302)
}
-// inWhitelist returns true if the given email address matches either the
-// domain or the user whitelist.
-func inWhitelist(email string) bool {
+// isAuthorized returns true if the given email address matches either the
+// domain or the user allow list.
+func isAuthorized(email string) bool {
parts := strings.Split(email, "@")
if len(parts) != 2 {
return false
@@ -565,7 +566,7 @@
if viewAllow != nil {
return viewAllow.Member(email)
}
- if len(activeUserDomainWhiteList) > 0 && !activeUserDomainWhiteList[parts[1]] && !activeUserEmailWhiteList[email] {
+ if len(activeUserDomainAllowList) > 0 && !activeUserDomainAllowList[parts[1]] && !activeUserEmailAllowList[email] {
return false
}
return true
@@ -738,13 +739,13 @@
return RestrictViewer(h).(http.HandlerFunc)
}
-// splitAuthWhiteList splits the given whitelist into a set of domains and a set of
-// individual emails
-func splitAuthWhiteList(whiteList string) (map[string]bool, map[string]bool) {
+// splitAuthAllowList splits the given allow list into a set of domains and a
+// set of individual emails
+func splitAuthAllowList(allowList string) (map[string]bool, map[string]bool) {
domains := map[string]bool{}
emails := map[string]bool{}
- for _, entry := range strings.Fields(whiteList) {
+ for _, entry := range strings.Fields(allowList) {
trimmed := strings.ToLower(strings.TrimSpace(entry))
if strings.Contains(trimmed, "@") {
emails[trimmed] = true
@@ -756,15 +757,15 @@
return domains, emails
}
-// setActiveWhitelists initializes activeDomainWhiteList and
-// activeEmailWhiteList from authWhiteList.
-func setActiveWhitelists(authWhiteList string) {
+// setActiveAllowLists initializes activeUserDomainAllowList and
+// activeUserEmailAllowList from authAllowList.
+func setActiveAllowLists(authAllowList string) {
if adminAllow != nil || editAllow != nil || viewAllow != nil {
return
}
- activeUserDomainWhiteList, activeUserEmailWhiteList = splitAuthWhiteList(authWhiteList)
- adminWhiteList := metadata.ProjectGetWithDefault(metadata.ADMIN_WHITE_LIST, DEFAULT_ADMIN_WHITELIST)
- _, activeAdminEmailWhiteList = splitAuthWhiteList(adminWhiteList)
+ activeUserDomainAllowList, activeUserEmailAllowList = splitAuthAllowList(authAllowList)
+ adminAllowList := metadata.ProjectGetWithDefault(metadata.ADMIN_ALLOW_LIST, DEFAULT_ADMIN_LIST)
+ _, activeAdminEmailAllowList = splitAuthAllowList(adminAllowList)
}
// loginInfo is the JSON file format that client info is stored in as a kubernetes secret.
diff --git a/go/login/login_test.go b/go/login/login_test.go
index 6e2f6c9..3ef72c0 100644
--- a/go/login/login_test.go
+++ b/go/login/login_test.go
@@ -13,7 +13,7 @@
var once sync.Once
func loginInit() {
- initLogin("id", "secret", "http://localhost", "salt", DEFAULT_SCOPE, DEFAULT_DOMAIN_WHITELIST)
+ initLogin("id", "secret", "http://localhost", "salt", DEFAULT_SCOPE, DEFAULT_ALLOWED_DOMAINS)
}
func TestLoginURL(t *testing.T) {
@@ -43,7 +43,7 @@
func TestLoggedInAs(t *testing.T) {
unittest.SmallTest(t)
once.Do(loginInit)
- setActiveWhitelists(DEFAULT_DOMAIN_WHITELIST)
+ setActiveAllowLists(DEFAULT_ALLOWED_DOMAINS)
r, err := http.NewRequest("GET", "http://www.skia.org/", nil)
if err != nil {
@@ -67,13 +67,13 @@
url := LoginURL(w, r)
assert.Contains(t, url, "approval_prompt=auto", "Not forced into prompt.")
- delete(activeUserDomainWhiteList, "chromium.org")
- assert.Equal(t, LoggedInAs(r), "", "Not in the domain whitelist.")
+ delete(activeUserDomainAllowList, "chromium.org")
+ assert.Equal(t, LoggedInAs(r), "", "Not in the domain allow list.")
url = LoginURL(w, r)
assert.Contains(t, url, "prompt=consent", "Force into prompt.")
- activeUserEmailWhiteList["fred@chromium.org"] = true
- assert.Equal(t, LoggedInAs(r), "fred@chromium.org", "Found in the email whitelist.")
+ activeUserEmailAllowList["fred@chromium.org"] = true
+ assert.Equal(t, LoggedInAs(r), "fred@chromium.org", "Found in the email allow list.")
}
func TestDomainFromHost(t *testing.T) {
@@ -86,7 +86,7 @@
assert.Equal(t, "skia.org", domainFromHost("example.com:443"))
}
-func TestSplitAuthWhiteList(t *testing.T) {
+func TestSplitAuthAllowList(t *testing.T) {
unittest.SmallTest(t)
type testCase struct {
@@ -127,20 +127,20 @@
}
for _, tc := range tests {
- d, e := splitAuthWhiteList(tc.Input)
+ d, e := splitAuthAllowList(tc.Input)
assert.Equal(t, tc.ExpectedDomains, d)
assert.Equal(t, tc.ExpectedEmails, e)
}
}
-func TestInWhitelist(t *testing.T) {
+func TestIsAuthorized(t *testing.T) {
unittest.SmallTest(t)
once.Do(loginInit)
- setActiveWhitelists("google.com chromium.org skia.org service-account@proj.iam.gserviceaccount.com")
+ setActiveAllowLists("google.com chromium.org skia.org service-account@proj.iam.gserviceaccount.com")
- assert.True(t, inWhitelist("fred@chromium.org"))
- assert.True(t, inWhitelist("service-account@proj.iam.gserviceaccount.com"))
+ assert.True(t, isAuthorized("fred@chromium.org"))
+ assert.True(t, isAuthorized("service-account@proj.iam.gserviceaccount.com"))
- assert.False(t, inWhitelist("fred@example.com"))
- assert.False(t, inWhitelist("evil@proj.iam.gserviceaccount.com"))
+ assert.False(t, isAuthorized("fred@example.com"))
+ assert.False(t, isAuthorized("evil@proj.iam.gserviceaccount.com"))
}
diff --git a/go/metadata/metadata.go b/go/metadata/metadata.go
index fc3d91f..eb1d8f3 100644
--- a/go/metadata/metadata.go
+++ b/go/metadata/metadata.go
@@ -29,13 +29,10 @@
GMAIL_CLIENT_ID = "gmail_clientid"
GMAIL_CLIENT_SECRET = "gmail_clientsecret"
- // AUTH_WHITE_LIST is the comma or whitespace separated list of domains
- // and email address that are allowed to log into an app.
- AUTH_WHITE_LIST = "auth_white_list"
-
- // ADMIN_WHITE_LIST is the comma or whitespace separated list of domains
+ // ADMIN_ALLOW_LIST is the comma or whitespace separated list of domains
// and email address that are allowed to perform admin tasks.
- ADMIN_WHITE_LIST = "admin_white_list"
+ // TODO: Is this still needed?
+ ADMIN_ALLOW_LIST = "admin_white_list"
// METADATA_PATH_PREFIX_TMPL is the template for the first part of the
// metadata URL. The placeholder is for the level ("instance" or
diff --git a/go/notifier/notifier.go b/go/notifier/notifier.go
index 42464c1..d4138e3 100644
--- a/go/notifier/notifier.go
+++ b/go/notifier/notifier.go
@@ -17,7 +17,7 @@
)
const (
- EMAIL_FROM_ADDRESS = "noreply@skia.org"
+ emailFromAddress = "noreply@skia.org"
)
// Notifier is an interface used for sending notifications from an AutoRoller.
@@ -33,8 +33,8 @@
// Configuration for filtering out messages. Exactly one of these should
// be specified.
- Filter string `json:"filter,omitempty"`
- MsgTypeWhitelist []string `json:"msgTypeWhitelist,omitempty"`
+ Filter string `json:"filter,omitempty"`
+ IncludeMsgTypes []string `json:"includeMsgTypes,omitempty"`
// Exactly one of these should be specified.
Email *EmailNotifierConfig `json:"email,omitempty"`
@@ -50,11 +50,11 @@
// Validate the Config.
func (c *Config) Validate() error {
- if c.Filter == "" && c.MsgTypeWhitelist == nil {
- return errors.New("Either Filter or MsgTypeWhitelist is required.")
+ if c.Filter == "" && c.IncludeMsgTypes == nil {
+ return errors.New("Either Filter or IncludeMsgTypes is required.")
}
- if c.Filter != "" && c.MsgTypeWhitelist != nil {
- return errors.New("Only one of Filter or MsgTypeWhitelist may be provided.")
+ if c.Filter != "" && c.IncludeMsgTypes != nil {
+ return errors.New("Only one of Filter or IncludeMsgTypes may be provided.")
}
if c.Filter != "" {
if _, err := ParseFilter(c.Filter); err != nil {
@@ -104,15 +104,15 @@
if err != nil {
return nil, FILTER_SILENT, nil, "", err
}
- return n, filter, c.MsgTypeWhitelist, c.Subject, nil
+ return n, filter, c.IncludeMsgTypes, c.Subject, nil
}
// Create a copy of this Config.
func (c *Config) Copy() *Config {
configCopy := &Config{
- Filter: c.Filter,
- MsgTypeWhitelist: util.CopyStringSlice(c.MsgTypeWhitelist),
- Subject: c.Subject,
+ Filter: c.Filter,
+ IncludeMsgTypes: util.CopyStringSlice(c.IncludeMsgTypes),
+ Subject: c.Subject,
}
if c.Email != nil {
configCopy.Email = &EmailNotifierConfig{
@@ -179,7 +179,7 @@
// Sends the same ViewAction markup with each message.
func EmailNotifier(emails []string, emailer *email.GMail, markup string) (Notifier, error) {
return &emailNotifier{
- from: EMAIL_FROM_ADDRESS,
+ from: emailFromAddress,
gmail: emailer,
markup: markup,
to: emails,
diff --git a/go/notifier/notifier_test.go b/go/notifier/notifier_test.go
index 22bebe8..f31c703 100644
--- a/go/notifier/notifier_test.go
+++ b/go/notifier/notifier_test.go
@@ -12,7 +12,7 @@
unittest.SmallTest(t)
c := Config{}
- require.EqualError(t, c.Validate(), "Either Filter or MsgTypeWhitelist is required.")
+ require.EqualError(t, c.Validate(), "Either Filter or IncludeMsgTypes is required.")
c = Config{
Filter: "bogus",
@@ -20,10 +20,10 @@
require.EqualError(t, c.Validate(), "Unknown filter \"bogus\"")
c = Config{
- Filter: "debug",
- MsgTypeWhitelist: []string{"whitelisted-type"},
+ Filter: "debug",
+ IncludeMsgTypes: []string{"included-type"},
}
- require.EqualError(t, c.Validate(), "Only one of Filter or MsgTypeWhitelist may be provided.")
+ require.EqualError(t, c.Validate(), "Only one of Filter or IncludeMsgTypes may be provided.")
c = Config{
Filter: "debug",
@@ -76,19 +76,19 @@
require.EqualError(t, c.Validate(), "Exactly one notification config must be supplied, but got 2")
c = Config{
- MsgTypeWhitelist: []string{"filebug"},
- Monorail: &MonorailNotifierConfig{},
+ IncludeMsgTypes: []string{"filebug"},
+ Monorail: &MonorailNotifierConfig{},
}
require.EqualError(t, c.Validate(), "Project is required.")
c = Config{
- MsgTypeWhitelist: []string{"filebug"},
- Monorail: &MonorailNotifierConfig{},
+ IncludeMsgTypes: []string{"filebug"},
+ Monorail: &MonorailNotifierConfig{},
}
require.EqualError(t, c.Validate(), "Project is required.")
c = Config{
- MsgTypeWhitelist: []string{"filebug"},
+ IncludeMsgTypes: []string{"filebug"},
Monorail: &MonorailNotifierConfig{
Project: "my-project",
},
@@ -100,9 +100,9 @@
unittest.SmallTest(t)
c := &Config{
- Filter: "info",
- MsgTypeWhitelist: []string{"a", "b"},
- Subject: "blah blah",
+ Filter: "info",
+ IncludeMsgTypes: []string{"a", "b"},
+ Subject: "blah blah",
Chat: &ChatNotifierConfig{
RoomID: "my-room",
},
diff --git a/go/notifier/router.go b/go/notifier/router.go
index 47f6b30..07b800b 100644
--- a/go/notifier/router.go
+++ b/go/notifier/router.go
@@ -21,7 +21,7 @@
// Severity of the message. May cause the message not to be sent,
// depending on filter settings.
Severity Severity
- // Type of message. This is used with the optional MsgTypeWhitelist to
+ // Type of message. This is used with the optional IncludeMsgTypes to
// send only specific types of messages.
Type string
}
@@ -43,7 +43,7 @@
// filteredThreadedNotifier groups a Notifier with a Filter and an optional
// static subject line for all messages to this Notifier.
type filteredThreadedNotifier struct {
- msgTypeWhitelist []string
+ includeMsgTypes []string
notifier Notifier
filter Filter
singleThreadSubject string
@@ -67,8 +67,8 @@
for _, n := range r.notifiers {
n := n
group.Go(func() error {
- if n.msgTypeWhitelist != nil {
- if !util.In(msg.Type, n.msgTypeWhitelist) {
+ if n.includeMsgTypes != nil {
+ if !util.In(msg.Type, n.includeMsgTypes) {
return nil
}
} else if !n.filter.ShouldSend(msg.Severity) {
@@ -97,9 +97,9 @@
// Add a new Notifier, which filters according to the given Filter. If
// singleThreadSubject is provided, that will be used as the subject for all
// Messages, ignoring their Subject field.
-func (r *Router) Add(n Notifier, f Filter, msgTypeWhitelist []string, singleThreadSubject string) {
+func (r *Router) Add(n Notifier, f Filter, includeMsgTypes []string, singleThreadSubject string) {
r.notifiers = append(r.notifiers, &filteredThreadedNotifier{
- msgTypeWhitelist: msgTypeWhitelist,
+ includeMsgTypes: includeMsgTypes,
notifier: n,
filter: f,
singleThreadSubject: singleThreadSubject,
diff --git a/go/notifier/router_test.go b/go/notifier/router_test.go
index a3e66fd..7a9e183 100644
--- a/go/notifier/router_test.go
+++ b/go/notifier/router_test.go
@@ -36,7 +36,7 @@
n2 := &testNotifier{}
m.Add(n2, FILTER_WARNING, nil, "")
n3 := &testNotifier{}
- m.Add(n3, Filter(0), []string{"whitelisted type"}, "")
+ m.Add(n3, Filter(0), []string{"included type"}, "")
require.NoError(t, m.Send(ctx, &Message{
Subject: "Hi!",
@@ -58,7 +58,7 @@
Subject: "My subject",
Body: "Second Message",
Severity: SEVERITY_ERROR,
- Type: "whitelisted type",
+ Type: "included type",
}))
require.Equal(t, 1, len(n4.sent))
diff --git a/hashtag/Makefile b/hashtag/Makefile
index 4cdaada..678a2b7 100644
--- a/hashtag/Makefile
+++ b/hashtag/Makefile
@@ -16,8 +16,8 @@
npx webpack --mode=development --watch
run: build
- # To run locally download the whitelisted service account and point to it
- # via the GOOGLE_APPLICATION_CREDENTIALS environment variable.
+ # To run locally download the service account and point to it via the
+ # GOOGLE_APPLICATION_CREDENTIALS environment variable.
GOOGLE_APPLICATION_CREDENTIALS=${HOME}/.hashtag_creds hashtag --local --logtostderr
test:
diff --git a/hashtag/create-hashtag-sa.sh b/hashtag/create-hashtag-sa.sh
index 8e0bd3c..6d0cb68 100755
--- a/hashtag/create-hashtag-sa.sh
+++ b/hashtag/create-hashtag-sa.sh
@@ -29,5 +29,5 @@
kubectl create secret generic "${SA_NAME}" --from-file=key.json=${SA_NAME}.json
cd -
-# Should be added to Monorail whitelist:
+# Should be added to Monorail api_clients list:
# https://bugs.chromium.org/p/monorail/issues/detail?id=6529
\ No newline at end of file
diff --git a/leasing/go/leasing/main.go b/leasing/go/leasing/main.go
index 9a532aa..bfb6b71 100644
--- a/leasing/go/leasing/main.go
+++ b/leasing/go/leasing/main.go
@@ -70,7 +70,7 @@
projectName = flag.String("project_name", "google.com:skia-buildbots", "The Google Cloud project name.")
// OAUTH params
- authWhiteList = flag.String("auth_whitelist", "google.com", "White space separated list of domains and email addresses that are allowed to login.")
+ authAllowList = flag.String("auth_allowlist", "google.com", "White space separated list of domains and email addresses that are allowed to login.")
poolToDetails map[string]*PoolDetails
poolToDetailsMutex sync.Mutex
@@ -125,7 +125,7 @@
var allow allowed.Allow
if !*baseapp.Local {
- allow = allowed.NewAllowedFromList([]string{*authWhiteList})
+ allow = allowed.NewAllowedFromList([]string{*authAllowList})
} else {
allow = allowed.NewAllowedFromList([]string{"fred@example.org", "barney@example.org", "wilma@example.org"})
}
diff --git a/perf/go/frontend/frontend.go b/perf/go/frontend/frontend.go
index 6db4c42..30afe4e 100644
--- a/perf/go/frontend/frontend.go
+++ b/perf/go/frontend/frontend.go
@@ -282,7 +282,7 @@
redirectURL = login.DEFAULT_REDIRECT_URL
}
if f.flags.AuthBypassList == "" {
- f.flags.AuthBypassList = login.DEFAULT_DOMAIN_WHITELIST
+ f.flags.AuthBypassList = login.DEFAULT_ALLOWED_DOMAINS
}
if err := login.Init(redirectURL, f.flags.AuthBypassList, ""); err != nil {
sklog.Fatalf("Failed to initialize the login system: %s", err)
@@ -1475,16 +1475,17 @@
http.Redirect(w, r, "/t/", http.StatusMovedPermanently)
}
-var internalOnlyWhitelist = []string{
+var internalOnlyExceptions = []string{
"/oauth2callback/",
"/_/reg/count",
}
// internalOnlyHandler wraps the handler with a handler that only allows
-// authenticated access, with the exception of the /oauth2callback/ handler.
+// authenticated access, with the exception of the endpoints listed in
+// internalOnlyExceptions.
func internalOnlyHandler(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- if util.In(r.URL.Path, internalOnlyWhitelist) || login.LoggedInAs(r) != "" {
+ if util.In(r.URL.Path, internalOnlyExceptions) || login.LoggedInAs(r) != "" {
h.ServeHTTP(w, r)
} else {
http.Redirect(w, r, login.LoginURL(w, r), http.StatusTemporaryRedirect)
diff --git a/res/imp/query-chooser-demo.html b/res/imp/query-chooser-demo.html
index df68eda..ba3ccb3 100644
--- a/res/imp/query-chooser-demo.html
+++ b/res/imp/query-chooser-demo.html
@@ -22,7 +22,7 @@
<body>
<h1>Query Chooser</h1>
- <query-chooser-sk id=chooser whitelist='["config", "type", "test"]'></query-chooser-sk>
+ <query-chooser-sk id=chooser showparams='["config", "type", "test"]'></query-chooser-sk>
<script type="text/javascript" charset="utf-8">
var paramset = {
diff --git a/res/imp/query-chooser.html b/res/imp/query-chooser.html
index aa2c403..cf43acf 100644
--- a/res/imp/query-chooser.html
+++ b/res/imp/query-chooser.html
@@ -5,7 +5,7 @@
Attributes:
query - The underlying query-sk element.
- whitelist - A list of keys for params that should always be shown.
+ showparams - A list of keys for params that should always be shown.
Events:
See query-sk.
@@ -43,7 +43,7 @@
</style>
<template>
<div id="dialog">
- <query-sk id=query whitelist="{{whitelist}}"></query-sk>
+ <query-sk id=query showparams="{{showparams}}"></query-sk>
<div class=buttons>
<button id=close class=action>Close</button>
</div>
@@ -58,7 +58,7 @@
is: "query-chooser-sk",
properties: {
- whitelist: {
+ showparams: {
type: Array,
value: function() {
return [
diff --git a/res/imp/query.html b/res/imp/query.html
index c43eae0..fd234b7 100644
--- a/res/imp/query.html
+++ b/res/imp/query.html
@@ -17,9 +17,9 @@
Properties:
currentquery - The current URL query formatted selections.
- whitelist - A list of keys for params that should always be shown.
+ showparams - A list of keys for params that should always be shown.
- blacklist - A list of keys for params that should never be shown.
+ hideparams - A list of keys for params that should never be shown.
matches - A URL for reporting the number of items that match
the currentquery. If not the empty string then a request
@@ -154,7 +154,7 @@
value: false,
reflectToAttribute: true
},
- whitelist: {
+ showparams: {
type: Array,
value: function() {
return [
@@ -171,7 +171,7 @@
},
reflectToAttribute: true
},
- blacklist: {
+ hideparams: {
type: Array,
value: function() { return []; }
},
@@ -190,7 +190,7 @@
// values: ["565", "8888", "gpu"]
// }
//
- // Where _primary contains selections that are in the whitelist, and
+ // Where _primary contains selections that are in the showparams, and
// _secondary contains all the other selections.
this._primary = [];
this._secondary = [];
@@ -294,7 +294,7 @@
this.splice('_secondary', 0, this._secondary.length);
for (var i = 0; i < keylist.length; i++) {
var key = keylist[i];
- if ((this.blacklist.length > 0) && (this.blacklist.indexOf(key) != -1)) {
+ if ((this.hideparams.length > 0) && (this.hideparams.indexOf(key) != -1)) {
continue;
}
@@ -302,7 +302,7 @@
name: key,
values: paramset[key].sort()
};
- if (this.whitelist.length == 0 || this.whitelist.indexOf(key) != -1) {
+ if (this.showparams.length == 0 || this.showparams.indexOf(key) != -1) {
this.push('_primary', sel);
} else {
this.push('_secondary', sel);
diff --git a/res/imp/query_demo.html b/res/imp/query_demo.html
index 31186b7..983f88b 100644
--- a/res/imp/query_demo.html
+++ b/res/imp/query_demo.html
@@ -31,7 +31,7 @@
<body>
<h1>Query</h1>
- <query-sk whitelist='["config", "type", "test"]' matches="/matches" id=basic></query-sk>
+ <query-sk showparams='["config", "type", "test"]' matches="/matches" id=basic></query-sk>
<p>
<b>Query String:</b> <code id=q></code>
</p>
diff --git a/run_unittests.go b/run_unittests.go
index 8e477e5..c6baee9 100644
--- a/run_unittests.go
+++ b/run_unittests.go
@@ -385,10 +385,10 @@
var gotests []*test
// Search for Python tests and Go dirs to test in the repo.
- // These tests are blacklisted from running on our bots because they
+ // These tests are prevented from running on our bots because they
// depend on packages (django) which are not included with Python in
// CIPD.
- pythonTestBlacklist := map[string]bool{
+ pythonTestSkip := map[string]bool{
"csv_comparer_test.py": true,
"json_summary_combiner_test.py": true,
"make_test.py": runtime.GOOS == "windows",
@@ -416,7 +416,7 @@
gotests = append(gotests, goTestLarge(p))
}
}
- if strings.HasSuffix(basename, "_test.py") && !pythonTestBlacklist[basename] {
+ if strings.HasSuffix(basename, "_test.py") && !pythonTestSkip[basename] {
tests = append(tests, pythonTest(p))
}
return nil
diff --git a/scripts/check_swarming_bot_auth/check_swarming_bot_auth.go b/scripts/check_swarming_bot_auth/check_swarming_bot_auth.go
index 06e8c73..c732bfd 100644
--- a/scripts/check_swarming_bot_auth/check_swarming_bot_auth.go
+++ b/scripts/check_swarming_bot_auth/check_swarming_bot_auth.go
@@ -68,7 +68,7 @@
for _, b := range bots {
if b.AuthenticatedAs == "bot:whitelisted-ip" {
if len(ip) == 0 {
- log("The following bots are IP-whitelisted:")
+ log("The following bots are allowed via IP:")
}
log(" %s", b.BotId)
ip = append(ip, b)
@@ -81,7 +81,7 @@
}
}
log("")
- logResult(ip, "IP whitelist")
+ logResult(ip, "Allowed via IP")
logResult(bot, "as bot\t")
logResult(user, "as user\t")
logResult(other, "other\t")
diff --git a/scripts/make_dummy_staging_tasks/make_dummy_staging_tasks.go b/scripts/make_dummy_staging_tasks/make_dummy_staging_tasks.go
index 4f4971f..8057c99 100644
--- a/scripts/make_dummy_staging_tasks/make_dummy_staging_tasks.go
+++ b/scripts/make_dummy_staging_tasks/make_dummy_staging_tasks.go
@@ -60,7 +60,7 @@
nowTs := time.Unix(int64(*now), 0)
- dimWhitelist := map[string]bool{}
+ includeDimensions := map[string]bool{}
ctx := context.Background()
ts, err := auth.NewDefaultTokenSource(true, datastore.ScopeDatastore, swarming.AUTH_SCOPE)
@@ -143,7 +143,7 @@
if len(split) != 2 {
sklog.Fatalf("Invalid dimension: %s", dim)
}
- dimWhitelist[split[0]] = true
+ includeDimensions[split[0]] = true
}
taskSpec.EnvPrefixes = nil
@@ -192,7 +192,7 @@
subKeys := []string{}
for _, dim := range bot.Dimensions {
- if dimWhitelist[dim.Key] {
+ if includeDimensions[dim.Key] {
vals := make([]string, 0, len(dim.Value))
valsMap := make(map[string]bool, len(dim.Value))
for _, val := range dim.Value {
diff --git a/scripts/run_on_swarming_bots/run_on_swarming_bots.go b/scripts/run_on_swarming_bots/run_on_swarming_bots.go
index 2b5d12b..d9602cd 100644
--- a/scripts/run_on_swarming_bots/run_on_swarming_bots.go
+++ b/scripts/run_on_swarming_bots/run_on_swarming_bots.go
@@ -47,8 +47,8 @@
dev = flag.Bool("dev", false, "Run against dev swarming and isolate instances.")
dimensions = common.NewMultiStringFlag("dimension", nil, "Colon-separated key/value pair, eg: \"os:Linux\" Dimensions of the bots on which to run. Can specify multiple times.")
dryRun = flag.Bool("dry_run", false, "List the bots, don't actually run any tasks")
- includeBots = common.NewMultiStringFlag("include_bot", nil, "If specified, treated as a white list of bots which will be affected, calculated AFTER the dimensions is computed. Can be simple strings or regexes")
- excludeBots = common.NewMultiStringFlag("exclude_bot", nil, "If specified, treated as a blacklist of bots which will not run the task, calculated AFTER the dimensions are computed and after --include_bot is applied. Can be simple strings or regexes.")
+ includeBots = common.NewMultiStringFlag("include_bot", nil, "Include these bots, regardless of whether they match the requested dimensions. Calculated AFTER the dimensions are computed. Can be simple strings or regexes.")
+ excludeBots = common.NewMultiStringFlag("exclude_bot", nil, "Exclude these bots, regardless of whether they match the requested dimensions. Calculated AFTER the dimensions are computed and after --include_bot is applied. Can be simple strings or regexes.")
internal = flag.Bool("internal", false, "Run against internal swarming and isolate instances.")
pool = flag.String("pool", swarming.DIMENSION_POOL_VALUE_SKIA, "Which Swarming pool to use.")
script = flag.String("script", "", "Path to a Python script to run.")
diff --git a/skolo/grep_token_logs.py b/skolo/grep_token_logs.py
index f9e0bbf..a159576 100644
--- a/skolo/grep_token_logs.py
+++ b/skolo/grep_token_logs.py
@@ -14,7 +14,7 @@
SYSLOG = '/var/log/syslog'
-WHITELIST_LINES = [
+INCLUDE_LINES = [
# (process-name, pattern)
('metadata-server', 'Updated token: '),
('metadata-server', 'Token requested by '),
@@ -23,8 +23,8 @@
def transform_line(line):
- """Trim the log line and return it iff it matches a whitelisted pattern."""
- for proc, pattern in WHITELIST_LINES:
+ """Trim the log line and return it iff it matches INCLUDE_LINES."""
+ for proc, pattern in INCLUDE_LINES:
if pattern in line:
# Log lines look like this:
# pylint: disable=line-too-long
diff --git a/task_scheduler/go/scheduling/busy_bots.go b/task_scheduler/go/scheduling/busy_bots.go
index a3238b3..e452e15 100644
--- a/task_scheduler/go/scheduling/busy_bots.go
+++ b/task_scheduler/go/scheduling/busy_bots.go
@@ -28,10 +28,10 @@
)
var (
- // dimensionWhitelist includes all dimensions used in
+ // includeDimensions includes all dimensions used in
// https://skia.googlesource.com/skia/+show/42974b73cd6f3515af69c553aac8dd15e3fc1927/infra/bots/gen_tasks.go
// (except for "image" which has a TODO to remove).
- dimensionWhitelist = []string{
+ includeDimensions = []string{
"cpu",
"device",
"device_os",
@@ -45,7 +45,7 @@
)
func init() {
- sort.Strings(dimensionWhitelist)
+ sort.Strings(includeDimensions)
}
// busyBots is a struct used for marking a bot as busy while it runs a Task.
@@ -64,13 +64,15 @@
}
}
-// Return a space-separated string of sorted dimensions and values, filtered by dimensionWhitelist.
-// Similar to flatten in task_scheduler.go. When there are multiple values for a dimension, the
-// longest is used. (The longest value is usually the most interesting.)
+// Return a space-separated string of sorted dimensions and values, filtered by
+// includeDimensions.
+// Similar to flatten in task_scheduler.go. When there are multiple values for a
+// dimension, the longest is used. (The longest value is usually the most
+// interesting.)
func dimensionsString(dims []*swarming_api.SwarmingRpcsStringListPair) string {
- vals := make(map[string]string, len(dimensionWhitelist))
+ vals := make(map[string]string, len(includeDimensions))
for _, dim := range dims {
- if util.In(dim.Key, dimensionWhitelist) {
+ if util.In(dim.Key, includeDimensions) {
for _, val := range dim.Value {
if len(val) > len(vals[dim.Key]) {
vals[dim.Key] = val
@@ -79,7 +81,7 @@
}
}
rv := make([]string, 0, 2*len(vals))
- for _, key := range dimensionWhitelist {
+ for _, key := range includeDimensions {
if vals[key] != "" {
rv = append(rv, key, vals[key])
}