Add ability to configure allowed download schemes and commands
- also add tests for this functionality
Related: PROD-31172
Change-Id: I431de47ab9969dbe6f0769466205ea37f783c117
(cherry picked from commit 87ba867c08225748c326fbc156bde18571721834)
diff --git a/gerrit/files/gerrit.config b/gerrit/files/gerrit.config
index 2c53ba4..6b6754d 100644
--- a/gerrit/files/gerrit.config
+++ b/gerrit/files/gerrit.config
@@ -249,6 +249,20 @@
[groups]
newGroupsVisibleToAll = {{ server.get('new_groups_visible_to_all', False) }}
+{%- if server.download is defined %}
+[download]
+ {%- if server.download.command is defined and server.download.command is iterable and server.download.command is not string %}
+ {%- for command in server.download.command %}
+ command = {{ command }}
+ {%- endfor %}
+ {%- endif %}
+ {%- if server.download.scheme is defined and server.download.scheme is iterable and server.download.scheme is not string %}
+ {%- for scheme in server.download.scheme %}
+ scheme = {{ scheme }}
+ {%- endfor %}
+ {%- endif %}
+{%- endif %}
+
[mimetype "image/*"]
safe = true
diff --git a/tests/pillar/server.sls b/tests/pillar/server.sls
index 07a76f5..0103f1b 100644
--- a/tests/pillar/server.sls
+++ b/tests/pillar/server.sls
@@ -48,13 +48,15 @@
password: ${_param:postgresql_gerrit_password}
pool_limit: 250
pool_max_idle: 16
- client:
- enabled: true
- server:
- user: "jdoe"
- password: "passw0rd"
- email: "jdoe@email.com"
- host: 0.0.0.0
- protocol: "http"
- http_port: 80
- ssh_port: 22
+ download:
+ command:
+ - checkout
+ - cherry_pick
+ - pull
+ - format_patch
+ scheme:
+ - http
+ - ssh
+ - anon_http
+ - anon_git
+ - repo_download