pagure-dist-git

Created by pingou a year ago
Extension of pagure for its usage on dist-git
Members 3
pagure-dist-git
===============

.. split here

This project implements a dynamic Git auth backend for Pagure for Fedora and CentOS
dist-git setups, which have slightly different access models than standard on Pagure.

Configuration
=============

This plugin reuses the Pagure configuration, and adds several keys to it.

ACL_DEBUG: Whether to print some output with information decisions are based on.
ACL_PROTECTED_NAMESPACES: List of namespaces where the extra strong protections are in place.
BLACKLIST_RES: List of regular expressions with refs that can never be pushed.
ACL_BLOCK_UNSPECIFIED: Whether to deny pushes to branches that aren't either RCM, SIG or supported branches.
UNSPECIFIED_BLACKLIST_RES: List of regular expressions with refs that can't be used if unspecified.
RCM_BRANCHES: List of regular expressions with refs that people in the RCM group can push.
RCM_GROUP: The group containing RCM members
SUPPORTED_SIGS: List of groups that grant access to sig_prefix-$signame-* refs.
SIG_PREFIXES: List of prefixes for SIG refs.


Example configurations
======================

Fedora
------

````
ACL_DEBUG = False
ACL_BLOCK_UNSPECIFIED = False
ACL_PROTECTED_NAMESPACES = ['rpms', 'modules', 'container']
RCM_GROUP = 'relenggroup'
RCM_BRANCHES = ['refs/heads/f[0-9]+']
# Pushing to c* stuff is never allowed
BLACKLIST_RES = ['refs/heads/c[0-9]+.*']
# Pushing to (f|epel|el|olpc)(num+) that is not previously approved
# (supported branches) is not allowed.
UNSPECIFIED_BLACKLIST_RES = ['refs/heads/f[0-9]+',
                             'refs/heads/epel[0-9]+',
                             'refs/heads/el[0-9]+',
                             'refs/heads/olpc[0-9]+']
````

CentOS
------

````
SIG_PREFIXES = ['refs/heads/c7', 'refs/heads/c7-plus', 'refs/heads/c7-alt', ]
SUPPORTED_SIGS = ['sig-atomic', 'sig-cloud', 'sig-core', 'sig-storage', ]

# Branches to which *nobody* will be able to push (basically Fedora)
BLACKLIST_RES = ['refs/heads/el[0-9]+.*', 'refs/heads/olpc[0-9]+.*', ]

### Specific ACO group that will have access to all protected branches with RWC rights
RCM_GROUP = 'centos-rcm'
RCM_BRANCHES = ['refs/heads/c[0-9]+.*', 'refs/tags/.*', ]
````


Tests
=====

The tests here require the *test suite* of pagure itself to work.  You have to
modify your PYTHONPATH to find them. Run with::

    $ PYTHONPATH=.:/path/to/pagure/checkout nosetests dist_git_auth_tests.py