commit 59484c0258bcc9391a2ab826b776eccd9323f795
author Ivan Berezovskiy <iberezovskiy@mirantis.com> Tue Jul 09 14:20:26 2019 +0400
committer Ivan Berezovskiy <iberezovskiy@mirantis.com> Tue Jul 09 14:20:26 2019 +0400
tree 474a87d8b2d8128796d88a2ddd63c4ec447b1cce
parent 87ba867c08225748c326fbc156bde18571721834

Secured source for gerrit project

PROD-31387

Change-Id: I1890e3a7a51619f0b5c403e48c16cbe7ab41a645

README.rst

diff --git a/README.rst b/README.rst
index 23454d9..ce59ae2 100644
--- a/README.rst
+++ b/README.rst
@@ -200,6 +200,46 @@
             merge_content: true
             action: "fast forward only"
 
+Gerrit client, project with secured source example
+
+.. code-block:: yaml
+
+    gerrit:
+      client:
+        enabled: True
+        project:
+          test_library:
+            enabled: true
+            description: library
+            upstream_secured: true
+            protocol: https
+            username: foo
+            password: bar
+            address: github.com/repo/library
+            access:
+              "refs/heads/*":
+                actions:
+                - name: abandon
+                  group: core-team
+                - name: create
+                  group: release-team
+                labels:
+                - name: Code-Review
+                  group: core-team
+                  score: -2..+2
+                - name: Workflow
+                  group: core-team
+                  score: -1..+1
+              "refs/tags/*":
+                actions:
+                - name: pushSignedTag
+                  group: release-team
+                  force: true
+            inherit_access: All-Projects
+            require_change_id: true
+            require_agreement: false
+            merge_content: true
+
 .. code-block:: yaml
 
     gerrit:

gerrit/files/projects.yaml

diff --git a/gerrit/files/projects.yaml b/gerrit/files/projects.yaml
index fcb1998..d11c8a6 100644
--- a/gerrit/files/projects.yaml
+++ b/gerrit/files/projects.yaml
@@ -5,7 +5,11 @@
   {%- if project.description is defined %}
   description: {{ project.description }}
   {%- endif %}
-  {%- if project.upstream is defined %}
+  {%- if project.get('upstream_secured', False) %}
+    {%- set upstream = project.get('protocol', 'http') + '://' +
+        project.username + ':' + project.password + '@' + project.address %}
+  upstream: {{ upstream }}
+  {%- elif project.upstream is defined %}
   upstream: {{ project.upstream }}
   {%- endif %}
   {%- if project.homepage is defined %}

tests/pillar/client.sls

diff --git a/tests/pillar/client.sls b/tests/pillar/client.sls
index 444ef78..c149363 100644
--- a/tests/pillar/client.sls
+++ b/tests/pillar/client.sls
@@ -28,6 +28,37 @@
         require_agreement: true
         merge_content: true
         action: "fast forward only"
+      test_library:
+        enabled: true
+        description: library
+        upstream_secured: true
+        protocol: https
+        username: foo
+        password: bar
+        address: github.com/repo/library
+        access:
+          "refs/heads/*":
+            actions:
+            - name: abandon
+              group: core-team
+            - name: create
+              group: release-team
+            labels:
+            - name: Code-Review
+              group: core-team
+              score: -2..+2
+            - name: Workflow
+              group: core-team
+              score: -1..+1
+          "refs/tags/*":
+            actions:
+            - name: pushSignedTag
+              group: release-team
+              force: true
+        inherit_access: All-Projects
+        require_change_id: true
+        require_agreement: false
+        merge_content: true
     server:
       user: "jdoe"
       password: "passw0rd"