Introduce `ignoreAccountId` setting Allow the Gerrit admin to specify a list of accounts that should not be automatically disabled. This prevents locking important Gerrit system accounts like the main administrator. Bug: Issue 338071091 Change-Id: I92dad4a4302c1ac762e74510c59c93f3aab92059

diff --git a/admin/track-and-disable-inactive-users-1.1.groovy b/admin/track-and-disable-inactive-users-1.2.groovy
similarity index 84%
rename from admin/track-and-disable-inactive-users-1.1.groovy
rename to admin/track-and-disable-inactive-users-1.2.groovy
index 2131aa4..68ebb43 100644
--- a/admin/track-and-disable-inactive-users-1.1.groovy
+++ b/admin/track-and-disable-inactive-users-1.2.groovy

@@ -23,12 +23,14 @@
 import com.google.gerrit.server.*
 import com.google.gerrit.server.account.*
 import com.google.gerrit.server.cache.*
+import com.google.gerrit.server.config.*
 import com.google.gerrit.server.project.*
 import com.google.inject.*
 import com.google.inject.name.*
 
 import java.time.*
 import java.util.function.*
+import java.util.stream.Collectors
 
 import static java.util.concurrent.TimeUnit.*
 
@@ -84,6 +86,30 @@
     return false
   }
 }
+class AutoDisableInactiveUsersConfig {
+  final Set<Account.Id> ignoreAccountIds
+
+  private final PluginConfig config
+
+  @Inject
+  AutoDisableInactiveUsersConfig(
+      PluginConfigFactory configFactory,
+      @PluginName String pluginName
+  ) {
+    config = configFactory.getFromGerritConfig(pluginName)
+
+    ignoreAccountIds = ignoreAccountIdsFromConfig("ignoreAccountId")
+  }
+
+  private Set<Account.Id> ignoreAccountIdsFromConfig(String name) {
+    def strings = config.getStringList(name) as Set
+    strings.stream()
+        .map(Account.Id.&tryParse)
+        .filter { it.isPresent() }
+        .map { it.get() }
+        .collect(Collectors.toSet())
+  }
+}
 
 class AutoDisableInactiveUsersEvictionListener implements CacheRemovalListener<Integer, Long> {
   static final FluentLogger logger = FluentLogger.forEnclosingClass()
@@ -92,15 +118,18 @@
   private final String fullCacheName
   private final Cache<Integer, Long> trackActiveUsersCache
   private final Provider<AccountsUpdate> accountsUpdate
+  private final AutoDisableInactiveUsersConfig autoDisableConfig
 
   @Inject
   AutoDisableInactiveUsersEvictionListener(
       @PluginName String pluginName,
       @ServerInitiated Provider<AccountsUpdate> accountsUpdate,
-      @Named(TrackActiveUsersCache.NAME) Cache<Integer, Long> trackActiveUsersCache
+      @Named(TrackActiveUsersCache.NAME) Cache<Integer, Long> trackActiveUsersCache,
+      AutoDisableInactiveUsersConfig autoDisableConfig
   ) {
     this.pluginName = pluginName
     this.accountsUpdate = accountsUpdate
+    this.autoDisableConfig = autoDisableConfig
     this.trackActiveUsersCache = trackActiveUsersCache
     fullCacheName = "${pluginName}.${TrackActiveUsersCache.NAME}"
   }
@@ -121,8 +150,11 @@
   }
 
   private void disableAccount(Account.Id accountId) {
-    logger.atInfo().log("Automatically disabling user id: %d", accountId.get())
+    if (autoDisableConfig.ignoreAccountIds.contains(accountId)) {
+      return
+    }
 
+    logger.atInfo().log("Automatically disabling user id: %d", accountId.get())
     accountsUpdate.get().update(
         """Automatically disabling after inactivity
 

diff --git a/admin/track-and-disable-inactive-users.md b/admin/track-and-disable-inactive-users.md
index 6a91de5..c569d0b 100644
--- a/admin/track-and-disable-inactive-users.md
+++ b/admin/track-and-disable-inactive-users.md

@@ -20,6 +20,16 @@
 Configuration parameters
 ---------------------
 
+=======
+```plugin.@PLUGIN@.ignoreAccountId```
+:  Specify an account Id that should not be auto disabled.
+   May be specified more than once to specify multiple account Ids, for example:
+
+   ```
+   ignoreAccountId = 1000001
+   ignoreAccountId = 1000002
+   ```
+
 ```cache."@PLUGIN@.users_cache".maxAge```
 :  Maximum allowed inactivity time for user.
    Value should use common time unit suffixes to express their setting: