Disable trusted users for now

The current darwwin builder is reset very, very frequently (mostly due to its
storage constraints necessitating it), so there's much less of a reason to limit
the people who can utilize it. (Enabling it for everybody will also guarantee
more frequent resets, as well.)

However, it is kept as an option so that it can be re-enabled some time in the
future, if anything were to happen.

README.md

@@ -122,7 +122,11 @@ combinations:
     @ofborg build list of attrs looks good to me!
     ```
 
-## Trusted Users
+## Trusted Users (Currently Disabled)
+
+> **NOTE:** The Trusted Users functionality is currently disabled, as the
+> current darwin builder is reset very frequently. This means that _all_ users
+> will have their PRs build on the darwin machine.
 
 Trusted users have their builds and tests executed on _all_ available platforms,
 including those without good sandboxing. Because this exposes the host to a

config.public.json

@@ -12,6 +12,7 @@
             "grahamc/ofborg",
             "grahamc/nixpkgs"
         ],
+        "disable_trusted_users": true,
         "trusted_users": [
             "1000101",
             "7c6f434c",

ofborg/src/acl.rs

@@ -1,16 +1,15 @@
 use crate::systems::System;
 
 pub struct ACL {
-    trusted_users: Vec<String>,
+    trusted_users: Option<Vec<String>>,
     repos: Vec<String>,
 }
 
 impl ACL {
-    pub fn new(repos: Vec<String>, mut trusted_users: Vec<String>) -> ACL {
+    pub fn new(repos: Vec<String>, mut trusted_users: Option<Vec<String>>) -> ACL {
-        trusted_users
+        if let Some(ref mut users) = trusted_users {
-            .iter_mut()
+            users.iter_mut().map(|x| *x = x.to_lowercase()).last();
-            .map(|x| *x = x.to_lowercase())
+        }
-            .last();
 
         ACL {
             trusted_users,
@@ -47,10 +46,16 @@ impl ACL {
     }
 
     pub fn can_build_unrestricted(&self, user: &str, repo: &str) -> bool {
+        if let Some(ref users) = self.trusted_users {
             if repo.to_lowercase() == "nixos/nixpkgs" {
-            self.trusted_users.contains(&user.to_lowercase())
+                users.contains(&user.to_lowercase())
             } else {
                 user == "grahamc"
             }
+        } else {
+            // If trusted_users is disabled (and thus None), everybody can build
+            // unrestricted
+            true
+        }
     }
 }

ofborg/src/config.rs

@@ -67,6 +67,7 @@ pub struct LogStorage {
 pub struct RunnerConfig {
     pub identity: String,
     pub repos: Option<Vec<String>>,
+    pub disable_trusted_users: bool,
     pub trusted_users: Option<Vec<String>>,
 
     /// If true, will create its own queue attached to the build job
@@ -89,16 +90,24 @@ impl Config {
     }
 
     pub fn acl(&self) -> acl::ACL {
-        acl::ACL::new(
+        let repos = self
-            self.runner
+            .runner
             .repos
             .clone()
-                .expect("fetching config's runner.repos"),
+            .expect("fetching config's runner.repos");
+
+        let trusted_users = if self.runner.disable_trusted_users {
+            None
+        } else {
+            Some(
                 self.runner
                     .trusted_users
                     .clone()
                     .expect("fetching config's runner.trusted_users"),
             )
+        };
+
+        acl::ACL::new(repos, trusted_users)
     }
 
     pub fn github(&self) -> Github {

ofborg/src/tasks/evaluationfilter.rs

@@ -110,8 +110,10 @@ mod tests {
         let job: ghevent::PullRequestEvent =
             serde_json::from_str(&data.to_string()).expect("Should properly deserialize");
 
-        let mut worker =
+        let mut worker = EvaluationFilterWorker::new(acl::ACL::new(
-            EvaluationFilterWorker::new(acl::ACL::new(vec!["nixos/nixpkgs".to_owned()], vec![]));
+            vec!["nixos/nixpkgs".to_owned()],
+            Some(vec![]),
+        ));
 
         assert_eq!(
             worker.consumer(&job),