Created by pingou 2 years ago
Extension of pagure for its usage on dist-git
Members 3
Pierre-Yves Chibon committed 15 days ago

.. split here

This project implements a dynamic Git auth backend for Pagure for Dist-Git,
which has a slightly different access model than regular Pagure Git systems.


This plugin reuses the Pagure configuration, and adds several keys to it.

ACL_DEBUG: Whether to print some output with information decisions are based on.
ACL_PROTECTED_NAMESPACES: List of namespaces where the extra strong protections are in place.
BLACKLIST_RES: List of regular expressions with refs that can never be pushed.
ACL_BLOCK_UNSPECIFIED: Whether to deny pushes to branches that aren't either RCM, SIG or supported branches.
UNSPECIFIED_BLACKLIST_RES: List of regular expressions with refs that can't be used if unspecified.
RCM_BRANCHES: List of regular expressions with refs that people in the RCM group can push.
RCM_GROUP: The group containing RCM members
SUPPORTED_SIGS: List of groups that grant access to sig_prefix-$signame-* refs.
SIG_PREFIXES: List of prefixes for SIG refs.

Example configurations


ACL_PROTECTED_NAMESPACES = ['rpms', 'modules', 'container']
RCM_GROUP = 'relenggroup'
RCM_BRANCHES = ['refs/heads/f[0-9]+']
# Pushing to c* stuff is never allowed
BLACKLIST_RES = ['refs/heads/c[0-9]+.*']
# Pushing to (f|epel|el|olpc)(num+) that is not previously approved
# (supported branches) is not allowed.
UNSPECIFIED_BLACKLIST_RES = ['refs/heads/f[0-9]+',


SIG_PREFIXES = ['refs/heads/c7', 'refs/heads/c7-plus', 'refs/heads/c7-alt', ]
SUPPORTED_SIGS = ['sig-atomic', 'sig-cloud', 'sig-core', 'sig-storage', ]

# Branches to which *nobody* will be able to push (basically Fedora)
BLACKLIST_RES = ['refs/heads/el[0-9]+.*', 'refs/heads/olpc[0-9]+.*', ]

### Specific ACO group that will have access to all protected branches with RWC rights
RCM_GROUP = 'centos-rcm'
RCM_BRANCHES = ['refs/heads/c[0-9]+.*', 'refs/tags/.*', ]


The tests here require the *test suite* of pagure itself to work.  You have to
modify your PYTHONPATH to find them. Run with::

    $ PYTHONPATH=.:/path/to/pagure/checkout nosetests