Preping the jeepyb
diff --git a/README.rst b/README.rst
index 2144c77..19e0df9 100644
--- a/README.rst
+++ b/README.rst
@@ -87,10 +87,99 @@
jvMXms60iD/A5OpG33LWHNNzQBP486SxG75LB+Xs5sp5j2/b7VF5LJLhpGiJv9Mk
ydbuy8iuuvali2uF133kAlLqnrWfVTYQQI1OfW5glOv1L6kv94dU
-----END RSA PRIVATE KEY-----
+ email: "Project Creator <infra@lists.domain.com>"
project:
test_salt_project:
enabled: true
+Gerrit client enforcing project, full project example
+
+.. code-block:: yaml
+
+ gerrit:
+ client:
+ enabled: True
+ project:
+ test_salt_project:
+ enabled: true
+ access:
+ "refs/heads/*":
+ actions:
+ - name: abandon
+ group: openstack-salt-core
+ - name: create
+ group: openstack-salt-release
+ labels:
+ - name: Code-Review
+ group: openstack-salt-core
+ score: -2..+2
+ - name: Workflow
+ group: openstack-salt-core
+ score: -1..+1
+ "refs/tags/*":
+ actions:
+ - name: pushSignedTag
+ group: openstack-salt-release
+ require_change_id: true
+ require_agreement: true
+ merge_content: true
+
+Sample project access
+
+.. code-block:: yaml
+
+ [access "refs/*"]
+ read = group Administrators
+ read = group Anonymous Users
+ [access "refs/for/refs/*"]
+ push = group Registered Users
+ pushMerge = group Registered Users
+ [access "refs/heads/*"]
+ create = group Administrators
+ create = group Project Owners
+ forgeAuthor = group Registered Users
+ forgeCommitter = group Administrators
+ forgeCommitter = group Project Owners
+ push = group Administrators
+ push = group Project Owners
+ label-Code-Review = -2..+2 group Administrators
+ label-Code-Review = -2..+2 group Project Owners
+ label-Code-Review = -1..+1 group Registered Users
+ label-Verified = -1..+1 group Non-Interactive Users
+ submit = group Administrators
+ submit = group Project Owners
+ editTopicName = +force group Administrators
+ editTopicName = +force group Project Owners
+ [access "refs/meta/config"]
+ exclusiveGroupPermissions = read
+ read = group Administrators
+ read = group Project Owners
+ push = group Administrators
+ push = group Project Owners
+ label-Code-Review = -2..+2 group Administrators
+ label-Code-Review = -2..+2 group Project Owners
+ submit = group Administrators
+ submit = group Project Owners
+ [access "refs/tags/*"]
+ pushTag = group Administrators
+ pushTag = group Project Owners
+ pushSignedTag = group Administrators
+ pushSignedTag = group Project Owners
+ [label "Code-Review"]
+ function = MaxWithBlock
+ copyMinScore = true
+ value = -2 This shall not be merged
+ value = -1 I would prefer this is not merged as is
+ value = 0 No score
+ value = +1 Looks good to me, but someone else must approve
+ value = +2 Looks good to me, approved
+ [label "Verified"]
+ function = MaxWithBlock
+ copyMinScore = true
+ value = -1 Fails
+ value = 0 No score
+ value = +1 Verified
+
Read more
=========
diff --git a/gerrit/client/init.sls b/gerrit/client/init.sls
new file mode 100644
index 0000000..697240b
--- /dev/null
+++ b/gerrit/client/init.sls
@@ -0,0 +1,3 @@
+include:
+- gerrit.client.service
+- gerrit.client.project
diff --git a/gerrit/client/project.sls b/gerrit/client/project.sls
new file mode 100644
index 0000000..a744b91
--- /dev/null
+++ b/gerrit/client/project.sls
@@ -0,0 +1,54 @@
+{% from "gerrit/map.jinja" import client with context %}
+{%- if client.enabled %}
+
+/srv/jeepyb/projects.ini:
+ file.managed:
+ - source: salt://gerrit/files/projects.ini
+ - template: jinja
+
+jeepyb_projects_ini_env:
+ environ.setenv:
+ - name: PROJECTS_INI
+ - value: /srv/jeepyb/projects.ini
+ - update_minion: True
+ - require:
+ - file: /srv/jeepyb/projects.ini
+
+/srv/jeepyb/projects.yaml:
+ file.managed:
+ - source: salt://gerrit/files/projects.yaml
+ - template: jinja
+
+jeepyb_projects_yaml_env:
+ environ.setenv:
+ - name: PROJECTS_YAML
+ - value: /srv/jeepyb/projects.yaml
+ - update_minion: True
+ - require:
+ - file: /srv/jeepyb/projects.yaml
+
+jeepyb_setup_projects:
+ environ.setenv:
+ - name: PROJECTS_YAML
+ - value: /srv/jeepyb/projects.yaml
+ - update_minion: True
+ - require:
+ - environ: jeepyb_projects_ini_env
+ - environ: jeepyb_projects_yaml_env
+
+{%- for project_name, project in client.project.iteritems() %}
+
+{{ client.dir.acls }}/{{ project_name }}.config:
+ file.managed:
+ - source: salt://gerrit/files/project.config
+ - template: jinja
+ - defaults:
+ project_name: {{ project_name }}
+
+gerrit_client_project_{{ project_name }}:
+ gerrit.project_present:
+ - name: {{ project_name }}
+
+{%- endfor %}
+
+{%- endif %}
diff --git a/gerrit/client.sls b/gerrit/client/service.sls
similarity index 61%
rename from gerrit/client.sls
rename to gerrit/client/service.sls
index be7d39b..5412018 100644
--- a/gerrit/client.sls
+++ b/gerrit/client/service.sls
@@ -5,21 +5,22 @@
pkg.installed:
- names: {{ client.pkgs }}
+gerrit_client_dirs:
+ file.directory:
+ - names:
+ - {{ client.dir.acls }}
+ - {{ client.dir.cache }}
+ - {{ client.dir.git }}
+ - makedirs: true
+
/etc/salt/minion.d/_gerrit.conf:
file.managed:
- source: salt://gerrit/files/_gerrit.conf
- template: jinja
-/var/cache/salt/minion/gerrit_rsa:
+{{ client.config.key }}:
file.managed:
+ - mode: 400
- contents_pillar: gerrit:client:server:key
-{%- for project_name, project in client.project.iteritems() %}
-
-gerrit_client_project_{{ project_name }}:
- gerrit.project_present:
- - name: {{ project_name }}
-
-{%- endfor %}
-
{%- endif %}
diff --git a/gerrit/files/_gerrit.conf b/gerrit/files/_gerrit.conf
index 76abb70..87f2f41 100644
--- a/gerrit/files/_gerrit.conf
+++ b/gerrit/files/_gerrit.conf
@@ -3,5 +3,5 @@
host: {{ client.server.host }}
{%- if client.server.user is defined %}
user: {{ client.server.user }}
- keyfile: /var/cache/salt/minion/gerrit_rsa
+ keyfile: {{ client.config.key }}
{%- endif %}
\ No newline at end of file
diff --git a/gerrit/files/github-projects.secure.config b/gerrit/files/github-projects.secure.config
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/gerrit/files/github-projects.secure.config
diff --git a/gerrit/files/project.config b/gerrit/files/project.config
index bfefb22..798b162 100644
--- a/gerrit/files/project.config
+++ b/gerrit/files/project.config
@@ -1,63 +1,37 @@
+{%- from "gerrit/map.jinja" import client with context %}
+{%- set project = salt['pillar.get']('gerrit:client:project:'+project_name) %}
+
+{%- if project.description is defined %}
+
[project]
- description = Access inherited by all other projects.
+ description = {{ project.desctription }}
+
+{%- endif %}
+
[receive]
- requireContributorAgreement = false
- requireSignedOffBy = false
- requireChangeId = true
+ requireChangeId = {{ project.get('require_change_id', True)|lower }}
+ requireContributorAgreement = {{ project.get('require_agreement', False)|lower }}
+ requireSignedOffBy = {{ project.get('require_signed_off_by', False)|lower }}
+
[submit]
- mergeContent = true
+ mergeContent = {{ project.get('merge_content', True)|lower }}
+
+{#
[capability]
administrateServer = group Administrators
priority = batch group Non-Interactive Users
streamEvents = group Non-Interactive Users
-[access "refs/*"]
- read = group Administrators
- read = group Anonymous Users
-[access "refs/for/refs/*"]
- push = group Registered Users
- pushMerge = group Registered Users
-[access "refs/heads/*"]
- create = group Administrators
- create = group Project Owners
- forgeAuthor = group Registered Users
- forgeCommitter = group Administrators
- forgeCommitter = group Project Owners
- push = group Administrators
- push = group Project Owners
- label-Code-Review = -2..+2 group Administrators
- label-Code-Review = -2..+2 group Project Owners
- label-Code-Review = -1..+1 group Registered Users
- label-Verified = -1..+1 group Non-Interactive Users
- submit = group Administrators
- submit = group Project Owners
- editTopicName = +force group Administrators
- editTopicName = +force group Project Owners
-[access "refs/meta/config"]
- exclusiveGroupPermissions = read
- read = group Administrators
- read = group Project Owners
- push = group Administrators
- push = group Project Owners
- label-Code-Review = -2..+2 group Administrators
- label-Code-Review = -2..+2 group Project Owners
- submit = group Administrators
- submit = group Project Owners
-[access "refs/tags/*"]
- pushTag = group Administrators
- pushTag = group Project Owners
- pushSignedTag = group Administrators
- pushSignedTag = group Project Owners
-[label "Code-Review"]
- function = MaxWithBlock
- copyMinScore = true
- value = -2 This shall not be merged
- value = -1 I would prefer this is not merged as is
- value = 0 No score
- value = +1 Looks good to me, but someone else must approve
- value = +2 Looks good to me, approved
-[label "Verified"]
- function = MaxWithBlock
- copyMinScore = true
- value = -1 Fails
- value = 0 No score
- value = +1 Verified
\ No newline at end of file
+#}
+
+{%- for access_name, access in project.access.items() %}
+
+[access "{{ access_name }}"]
+ {%- for action in access.get('actions', []) %}
+ {{ action.name }} = group {{ action.group }}
+ {%- endfor %}
+ {%- for label in access.get('labels', []) %}
+ label-{{ label.name }} = {{ label.score }} group {{ label.group }}
+ {%- endfor %}
+
+{%- endfor %}
+
diff --git a/gerrit/files/projects.ini b/gerrit/files/projects.ini
new file mode 100644
index 0000000..c9d4919
--- /dev/null
+++ b/gerrit/files/projects.ini
@@ -0,0 +1,17 @@
+{%- from "gerrit/map.jinja" import client with context %}
+[projects]
+homepage={{ client.homepage }}
+acl-dir={{ client.dir.acls }}
+local-git-dir={{ client.dir.git }}
+jeepyb-cache-dir={{ client.dir.cache }}
+gerrit-host={{ client.server.host }}
+gerrit-user={{ client.server.user }}
+gerrit-committer={{ client.server.email }}
+gerrit-key={{ client.config.key }}
+{%- if client.github is defined %}
+github-config=/etc/github/github-projects.secure.config
+{%- endif %}
+has-wiki=False
+has-issues=False
+has-pull-requests=False
+has-downloads=False
\ No newline at end of file
diff --git a/gerrit/files/projects.yaml b/gerrit/files/projects.yaml
new file mode 100644
index 0000000..d7a9d34
--- /dev/null
+++ b/gerrit/files/projects.yaml
@@ -0,0 +1,13 @@
+{%- from "gerrit/map.jinja" import client with context %}
+{%- for project_name, project in client.project.iteritems() %}
+- project: {{ project_name }}
+ {%- if project.description is defined %}
+ description: {{ project.description }}
+ {%- endif %}
+ {%- if project.groups is defined %}
+ groups:
+ {%- for group in project.groups %}
+ - {{ group }}
+ {%- endfor %}
+ {%- endif %}
+{%- endfor %}
diff --git a/gerrit/map.jinja b/gerrit/map.jinja
index 07ee440..315aa91 100644
--- a/gerrit/map.jinja
+++ b/gerrit/map.jinja
@@ -15,8 +15,17 @@
{%- load_yaml as client_defaults %}
Debian:
+ homepage: "http://domain.com/"
pkgs:
- python-gerritlib
+ - jeepyb
+ dir:
+ base: /usr/share/jeepyb
+ acls: /srv/jeepyb/acls
+ git: /srv/jeepyb/git
+ cache: /srv/jeepyb/cache
+ config:
+ key: /var/cache/salt/minion/gerrit_rsa
{%- endload %}
{%- set client = salt['grains.filter_by'](client_defaults, merge=salt['pillar.get']('gerrit:client')) %}