2 years ago
Extension of pagure for its usage on dist-git
Pierre-Yves Chibon committed 15 days ago
.. split here
This project implements a dynamic Git auth backend for Pagure for Dist-Git,
which has a slightly different access model than regular Pagure Git systems.
This plugin reuses the Pagure configuration, and adds several keys to it.
ACL_DEBUG: Whether to print some output with information decisions are based on.
ACL_PROTECTED_NAMESPACES: List of namespaces where the extra strong protections are in place.
BLACKLIST_RES: List of regular expressions with refs that can never be pushed.
ACL_BLOCK_UNSPECIFIED: Whether to deny pushes to branches that aren't either RCM, SIG or supported branches.
UNSPECIFIED_BLACKLIST_RES: List of regular expressions with refs that can't be used if unspecified.
RCM_BRANCHES: List of regular expressions with refs that people in the RCM group can push.
RCM_GROUP: The group containing RCM members
SUPPORTED_SIGS: List of groups that grant access to sig_prefix-$signame-* refs.
SIG_PREFIXES: List of prefixes for SIG refs.
ACL_DEBUG = False
ACL_BLOCK_UNSPECIFIED = False
ACL_PROTECTED_NAMESPACES = ['rpms', 'modules', 'container']
RCM_GROUP = 'relenggroup'
RCM_BRANCHES = ['refs/heads/f[0-9]+']
# Pushing to c* stuff is never allowed
BLACKLIST_RES = ['refs/heads/c[0-9]+.*']
# Pushing to (f|epel|el|olpc)(num+) that is not previously approved
# (supported branches) is not allowed.
UNSPECIFIED_BLACKLIST_RES = ['refs/heads/f[0-9]+',
SIG_PREFIXES = ['refs/heads/c7', 'refs/heads/c7-plus', 'refs/heads/c7-alt', ]
SUPPORTED_SIGS = ['sig-atomic', 'sig-cloud', 'sig-core', 'sig-storage', ]
# Branches to which *nobody* will be able to push (basically Fedora)
BLACKLIST_RES = ['refs/heads/el[0-9]+.*', 'refs/heads/olpc[0-9]+.*', ]
### Specific ACO group that will have access to all protected branches with RWC rights
RCM_GROUP = 'centos-rcm'
RCM_BRANCHES = ['refs/heads/c[0-9]+.*', 'refs/tags/.*', ]
The tests here require the *test suite* of pagure itself to work. You have to
modify your PYTHONPATH to find them. Run with::
$ PYTHONPATH=.:/path/to/pagure/checkout nosetests dist_git_auth_tests.py