fedora-infra / ansible

Clone
Source Code
GIT

#2960 anubis: allow Pagure attachment paths for Fedora Forge references
Opened 19 days ago by t0xic0der. Modified 2 days ago
fedora-infra/ t0xic0der/ansible list  into  main

Merge
file modified
+4 
@@ -8,6 +8,10 @@ 
 

    - name: bodhi and badges rss feeds
 

      path_regex: /rss/
 

      action: ALLOW
 

+   # allow Pagure attachment files (referenced from Fedora Forge)
 

+   - name: pagure attachment files
 

+     path_regex: ^/.+?/issue/raw/files/
 

+     action: ALLOW
 

    # these are solid defaults from
 

    # https://github.com/TecharoHQ/anubis/blob/main/data/botPolicies.yaml
 

    - import: (data)/botPolicies.yaml

Allow attachment file requests (/issue/raw/files/*) through Anubis for
Fedora Forge integration, while maintaining the usual bot protection.

In hindsight, #2959 might be a little too radical. I am uncertain of how
Anubis works but allowlisting the attachments should work, I think.

@kevin @ryanlerch Thanks in advance for taking a look at this! :D

Signed-off-by: Akashdeep Dhar akashdeep.dhar@gmail.com

So, yes, this will work, but...

You need to add it not here, but in roles/anbuis-el8/files/botPolicy.yaml

pagure.io/stg.pagure.io are el8 machines and cannot use a normal anubis package, so I had to make them use a container. ;(

Also, this seems to now have conflicts. Probibly due to my changing anubis stuff. ;(

Anyhow, move to under anubis-el8 and rebase and I think this should be ready to go.

Metadata
None
No Tags
Changes Summary 1
+4 -0
file changed
roles/anubis/templates/policies.yaml.j2
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.