Anne Redulla (Gerrit)

unread,

Apr 20, 2026, 9:15:23 PM (10 days ago) Apr 20

to Vadim Shtayura, infra-...@luci-project-accounts.iam.gserviceaccount.com, chromium...@chromium.org

Attention needed from Vadim Shtayura

Anne Redulla voted Code-Review+1

Code-Review

+1

Open in Gerrit

Related details

Attention is currently required from:

Vadim Shtayura

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Vadim Shtayura (Gerrit)

unread,

Apr 21, 2026, 1:06:31 PM (9 days ago) Apr 21

to Anne Redulla, infra-...@luci-project-accounts.iam.gserviceaccount.com, chromium...@chromium.org

Vadim Shtayura voted Commit-Queue+2

Commit-Queue

+2

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

infra-scoped@luci-project-accounts.iam.gserviceaccount.com (Gerrit)

unread,

Apr 21, 2026, 1:18:25 PM (9 days ago) Apr 21

to Vadim Shtayura, Anne Redulla, chromium...@chromium.org

infra-...@luci-project-accounts.iam.gserviceaccount.com submitted the change

Change information

Commit message:

[auth] Minor noop adjustments to role expansion.

These adjustments formally change the output of ExpandRealsm,
but in a way that has no semantic impact (it just rearragnes
some entries and removed empty entries). This simplifies
confirming the bigger refactoring in next CLs doesn't change
expansion logic.

Don't add bindings to empty roles, they do nothing. Happens when
using "role/cq.committer" role, which is currently defined as
having no permissions.

Without this, we end up with bindings like

```
realms:  {
  name:  "..."
  bindings:  {
    principals:  "group:abc"
  }
  ...
 }
```

That do absolutely nothing. Just skip them. This will match the behavior
of follow up CLs which skip such bindings naturally due to set math.

R=aredulla
BUG=b/503350251

Change-Id: I7ea192ee730e97aded4b6e451cd9309a7001f603

Reviewed-on: https://chromium-review.googlesource.com/c/infra/luci/luci-go/+/7779844

Reviewed-by: Anne Redulla <ared...@google.com>

Commit-Queue: Vadim Shtayura <vad...@chromium.org>

Files:

M auth_service/internal/realmsinternals/expansion.go

Change size: S

Delta: 1 file changed, 7 insertions(+), 10 deletions(-)

Branch: refs/heads/main

Submit Requirements:

Code-Review: +1 by Anne Redulla

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

open

diffy

satisfied_requirement

Reply all

Reply to author

Forward

[auth] Minor noop adjustments to role expansion. [infra/luci/luci-go : main]

Anne Redulla (Gerrit)

Anne Redulla voted Code-Review+1

Related details

Vadim Shtayura (Gerrit)

Vadim Shtayura voted Commit-Queue+2

Related details

infra-scoped@luci-project-accounts.iam.gserviceaccount.com (Gerrit)

infra-...@luci-project-accounts.iam.gserviceaccount.com submitted the change

Change information