Repo Checks: Users should not have direct repo access

[kdmccormick]

Background: All repo access should go through teams, as it makes it saner for us to establish and manage an access stucture for the org. Most repo access goes through teams today, although some repos give direct access to people.

Tasks

Beta Give feedback

1. Write a repo checks that flags & removes all users who are directly added to any given repo.
2. Dry-run the check. Looks at the list of direct-user-repo access. Are some of those access grants appropriate?
3. Where it's appropriate: Move the users into teams (creating teams as necessary) which grant the same access.
4. Run the check again, this time with --no-dry-run, which should remove all remaining users with direct repo access.

[kdmccormick]

Note: this could be based on the EnsureNoMaintainOrAdmin check, which Feanil recently added:

repo-tools/edx_repo_tools/repo_checks/repo_checks.py

Line 160 in 9434bea

class EnsureNoAdminOrMaintainTeams(Check):

[farhan]

@kdmccormick Thanks for creating the well-groomed story. I have the following question

"Should admin users be candidates to be removed as well?"

cc: @feanil

[kdmccormick]

@farhan Yep, no user should be directy on a repo with any level of access.

[feanil]

I've run this check on the org and made all the necessary updates.