Reduce org owners/admins

[BigLep]

Summary

This aligns with the "reduce org owners" step listed in ipfs/ipfs#511.

This is the first step of wider 2024Q1 permissions cleanup.

Why do you need this?

Github org safety. See ipfs/ipfs#511 for more info.

Timeline

• 2024-02-08: public PR
• 2024-02-08: notify affected parties: Reduce org owners/admins #68 (comment)
• 2024-02-13: merge this change assuming no major pushback

Reviewer's Checklist

• It is clear where the request is coming from (if unsure, ask)
• All the automated checks passed
• The YAML changes reflect the summary of the request
• The Terraform plan posted as a comment reflects the summary of the request

[github-actions]

Before merge, verify that all the following plans are correct. They will be applied as-is after the merge.

Terraform plans

ipld

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy

Terraform will perform the following actions:

  # github_membership.this["daviddias"] will be updated in-place
  ~ resource "github_membership" "this" {
        id       = "ipld:daviddias"
      ~ role     = "admin" -> "member"
        # (2 unchanged attributes hidden)
    }

  # github_membership.this["dignifiedquire"] will be updated in-place
  ~ resource "github_membership" "this" {
        id       = "ipld:dignifiedquire"
      ~ role     = "admin" -> "member"
        # (2 unchanged attributes hidden)
    }

  # github_membership.this["jbenet"] will be updated in-place
  ~ resource "github_membership" "this" {
        id       = "ipld:jbenet"
      ~ role     = "admin" -> "member"
        # (2 unchanged attributes hidden)
    }

  # github_membership.this["marten-seemann"] will be updated in-place
  ~ resource "github_membership" "this" {
        id       = "ipld:marten-seemann"
      ~ role     = "admin" -> "member"
        # (2 unchanged attributes hidden)
    }

  # github_membership.this["stebalien"] will be updated in-place
  ~ resource "github_membership" "this" {
        id       = "ipld:Stebalien"
      ~ role     = "admin" -> "member"
        # (2 unchanged attributes hidden)
    }

  # github_membership.this["warpfork"] will be updated in-place
  ~ resource "github_membership" "this" {
        id       = "ipld:warpfork"
      ~ role     = "admin" -> "member"
        # (2 unchanged attributes hidden)
    }

  # github_membership.this["whyrusleeping"] will be updated in-place
  ~ resource "github_membership" "this" {
        id       = "ipld:whyrusleeping"
      ~ role     = "admin" -> "member"
        # (2 unchanged attributes hidden)
    }

  # github_team_membership.this["github-mgmt stewards:aschmahmann"] will be updated in-place
  ~ resource "github_team_membership" "this" {
        id       = "6630960:aschmahmann"
      ~ role     = "maintainer" -> "member"
        # (3 unchanged attributes hidden)
    }

  # github_team_membership.this["github-mgmt stewards:biglep"] will be destroyed
  # (because key ["github-mgmt stewards:biglep"] is not in for_each map)
  - resource "github_team_membership" "this" {
      - etag     = "W/\"764742d8e7008816d1b8092c753792fa70d7f12f5cd0513faf2981ef06ecc98b\"" -> null
      - id       = "6630960:BigLep" -> null
      - role     = "member" -> null
      - team_id  = "6630960" -> null
      - username = "BigLep" -> null
    }

  # github_team_membership.this["github-mgmt stewards:lidel"] will be destroyed
  # (because key ["github-mgmt stewards:lidel"] is not in for_each map)
  - resource "github_team_membership" "this" {
      - etag     = "W/\"1bc5a0d415ec215267e260562246ef0776aa2d593f8580242c6ede0602349288\"" -> null
      - id       = "6630960:lidel" -> null
      - role     = "member" -> null
      - team_id  = "6630960" -> null
      - username = "lidel" -> null
    }

  # github_team_membership.this["github-mgmt stewards:rvagg"] will be updated in-place
  ~ resource "github_team_membership" "this" {
        id       = "6630960:rvagg"
      ~ role     = "maintainer" -> "member"
        # (3 unchanged attributes hidden)
    }

  # github_team_membership.this["github-mgmt stewards:vmx"] will be created
  + resource "github_team_membership" "this" {
      + etag     = (known after apply)
      + id       = (known after apply)
      + role     = "member"
      + team_id  = "6630960"
      + username = "vmx"
    }

Plan: 1 to add, 9 to change, 2 to destroy.

[rvagg]

seems reasonable as a minimal step in the process, although I want @Stebalien to be aware of this and have the possibility of objecting because he's only remaining semi-active participant being shuffled here. Some background discussion in #65 about steps to reduce permissions surface area.

[BigLep]

@daviddias
@dignifiedquire
@jbenet
@lidel
@marten-seemann
@Stebalien
@warpfork
@whyrusleeping

I'm @mentioning you to inform you that your ipld github "org ownership" permissions are being removed as part of a wider effort to cleanup Github permission across IPFS, libp2p, libp2p. You are still a member of the ipld github org and retain your existing direct github repo permissions or team permissions.

The current plan is to merge this change on Tuesday, 2024-02-13.

That said, this isn't a one-way door. If we get this wrong or you see the notification after the fact, a new PR can be created fix permissions.

Thanks and let me know if you have any questions or concerns.