zlopez / pagure-dist-git

Forked from pagure-dist-git 3 years ago
Clone
README.rst
pagure-dist-git
===============

.. split here

This project implements a dynamic Git auth backend for Pagure for Dist-Git,
which has a slightly different access model than regular Pagure Git systems.

Configuration
=============

This plugin reuses the Pagure configuration, and adds several keys to it.

- ``ACL_DEBUG``: Whether to print some output with information decisions are 
  based on.
- ``ACL_PROTECTED_NAMESPACES``: List of namespaces where the extra strong 
  protections are in place.
- ``BLACKLIST_RES``: List of regular expressions with refs that can never be 
  pushed.
- ``ACL_BLOCK_UNSPECIFIED``: Whether to deny pushes to branches that aren't 
  either RCM, SIG or supported branches.
- ``UNSPECIFIED_BLACKLIST_RES``: List of regular expressions with refs that 
  can't be used if unspecified.
- ``RCM_BRANCHES``: List of regular expressions with refs that people in the
  RCM group can push.
- ``RCM_GROUP``: The group containing RCM members
- ``SUPPORTED_SIGS``: List of groups that grant access to sig_prefix-$signame-*
  refs.
- ``SIG_PREFIXES``: List of prefixes for SIG refs.

To enable this plugin, you need to either point the PAGURE_PLUGIN environment
variable at the pagure_distgit_config file or use the --plugin parameter of
the runserver.py script.

Example configurations
======================

Fedora
------

:: 

   ACL_DEBUG = False
   ACL_BLOCK_UNSPECIFIED = False
   ACL_PROTECTED_NAMESPACES = ['rpms', 'modules', 'container']
   RCM_GROUP = 'relenggroup'
   RCM_BRANCHES = ['refs/heads/f[0-9]+']
   # Pushing to c* stuff is never allowed
   BLACKLIST_RES = ['refs/heads/c[0-9]+.*']
   # Pushing to (f|epel|el|olpc)(num+) that is not previously approved
   # (supported branches) is not allowed.
   UNSPECIFIED_BLACKLIST_RES = ['refs/heads/f[0-9]+',
                                'refs/heads/epel[0-9]+',
                                'refs/heads/el[0-9]+',
                                'refs/heads/olpc[0-9]+']

CentOS
------

::

   SIG_PREFIXES = ['refs/heads/c7', 'refs/heads/c7-plus', 'refs/heads/c7-alt', ]
   SUPPORTED_SIGS = ['sig-atomic', 'sig-cloud', 'sig-core', 'sig-storage', ]
   
   # Branches to which *nobody* will be able to push (basically Fedora)
   BLACKLIST_RES = ['refs/heads/el[0-9]+.*', 'refs/heads/olpc[0-9]+.*', ]
   
   ### Specific ACO group that will have access to all protected branches with RWC rights
   RCM_GROUP = 'centos-rcm'
   RCM_BRANCHES = ['refs/heads/c[0-9]+.*', 'refs/tags/.*', ]

Tests
=====

The tests here require the *test suite* of pagure itself to work.  You have to
modify your PYTHONPATH to find them. Run with::

    $ PYTHONPATH=.:/path/to/pagure/checkout nosetests dist_git_auth_tests.py
or
    $ PYTHONPATH=.:/path/to/pagure/checkout nosetests bugzilla-override-tests.py

You can use our requirements-testing.txt to install testing dependencies with pip:
    $ pip install -r /path/to/pagure/checkout/requirements.txt
    $ pip install -r /path/to/pagure/checkout/requirements-testing.txt
    $ pip install -r requirements-testing.txt