From 18b88b0ea18cae3db25652f5fa1a148a560c6a29 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Fri, 12 Jun 2015 20:43:52 +0000 Subject: [PATCH] Switch over to use only the dynamically generated fedmsg policy. --- roles/fedmsg/base/templates/policy.py.j2 | 205 ----------------------- 1 file changed, 205 deletions(-) diff --git a/roles/fedmsg/base/templates/policy.py.j2 b/roles/fedmsg/base/templates/policy.py.j2 index 718afbfd54..795dec0ffc 100644 --- a/roles/fedmsg/base/templates/policy.py.j2 +++ b/roles/fedmsg/base/templates/policy.py.j2 @@ -1,21 +1,3 @@ -{% if env == 'staging' %} -suffix = "stg.phx2.fedoraproject.org" -bodhi_hosts = [ - "bodhi01.stg.phx2.fedoraproject.org", -] -topic_prefix = "org.fedoraproject.stg." -{% else %} -suffix = "phx2.fedoraproject.org" -# TODO -- think about using the ansible group for this. -bodhi_hosts = [ - "bodhi01.phx2.fedoraproject.org", - "bodhi02.phx2.fedoraproject.org", -] -topic_prefix = "org.fedoraproject.prod." -{% endif %} - -vpn_suffix = "vpn.fedoraproject.org" - config = dict( routing_policy={ # The gist here is that only messages signed by the @@ -32,192 +14,7 @@ config = dict( # therefore, any message bearing that topic and *any* certificate signed # by our CA may pass validation. # - topic_prefix + "bodhi.update.request.stable": [ - "bodhi-%s" % bodhi_hosts[i-1] - for i in range(1, len(bodhi_hosts) + 1) - ], - topic_prefix + "bodhi.update.request.testing": [ - "bodhi-%s" % bodhi_hosts[i-1] - for i in range(1, len(bodhi_hosts) + 1) - ], - topic_prefix + "bodhi.update.request.unpush": [ - "bodhi-%s" % bodhi_hosts[i-1] - for i in range(1, len(bodhi_hosts) + 1) - ], - topic_prefix + "bodhi.update.comment": [ - "bodhi-%s" % bodhi_hosts[i-1] - for i in range(1, len(bodhi_hosts) + 1) - ], - topic_prefix + "bodhi.buildroot_override.tag": [ - "bodhi-%s" % bodhi_hosts[i-1] - for i in range(1, len(bodhi_hosts) + 1) - ], - topic_prefix + "bodhi.buildroot_override.untag": [ - "bodhi-%s" % bodhi_hosts[i-1] - for i in range(1, len(bodhi_hosts) + 1) - ], - topic_prefix + "bodhi.mashtask.mashing": [ - "bodhi-releng04.%s" % suffix, - "bodhi-relepel01.%s" % suffix, - ], - topic_prefix + "bodhi.mashtask.complete": [ - "bodhi-releng04.%s" % suffix, - "bodhi-relepel01.%s" % suffix, - ], - - # This comes from our hook in configs/system/fedora-updates-push - topic_prefix + "bodhi.updates.fedora.sync": [ - "ftpsync-releng04.%s" % suffix, - ], - # Similarly, this is frome configs/system/fedora-epel-push - topic_prefix + "bodhi.updates.epel.sync": [ - "ftpsync-relepel01.%s" % suffix, - ], - - # Compose (rel-eng) messages (use the bodhi certs) - topic_prefix + "compose.rawhide.start": [ - "bodhi-releng03.%s" % suffix, - ], - topic_prefix + "compose.rawhide.complete": [ - "bodhi-releng03.%s" % suffix, - ], - topic_prefix + "compose.rawhide.mash.start": [ - "bodhi-releng03.%s" % suffix, - ], - topic_prefix + "compose.rawhide.mash.complete": [ - "bodhi-releng03.%s" % suffix, - ], - topic_prefix + "compose.rawhide.rsync.start": [ - "bodhi-releng03.%s" % suffix, - ], - topic_prefix + "compose.rawhide.rsync.complete": [ - "bodhi-releng03.%s" % suffix, - ], - topic_prefix + "compose.branched.start": [ - "bodhi-releng03.%s" % suffix, - ], - topic_prefix + "compose.branched.complete": [ - "bodhi-releng03.%s" % suffix, - ], - topic_prefix + "compose.branched.pungify.start": [ - "bodhi-releng03.%s" % suffix, - ], - topic_prefix + "compose.branched.pungify.complete": [ - "bodhi-releng03.%s" % suffix, - ], - topic_prefix + "compose.branched.mash.start": [ - "bodhi-releng03.%s" % suffix, - ], - topic_prefix + "compose.branched.mash.complete": [ - "bodhi-releng03.%s" % suffix, - ], - topic_prefix + "compose.branched.rsync.start": [ - "bodhi-releng03.%s" % suffix, - ], - topic_prefix + "compose.branched.rsync.complete": [ - "bodhi-releng03.%s" % suffix, - ], - - - #FAS messages - topic_prefix + "fas.user.create": [ - "fas-fas0%i.%s" % (i, suffix) for i in range(1, 4) - ], - topic_prefix + "fas.user.update": [ - "fas-fas0%i.%s" % (i, suffix) for i in range(1, 4) - ], - topic_prefix + "fas.group.edit": [ - "fas-fas0%i.%s" % (i, suffix) for i in range(1, 4) - ], - topic_prefix + "fas.group.update": [ - "fas-fas0%i.%s" % (i, suffix) for i in range(1, 4) - ], - topic_prefix + "fas.group.create": [ - "fas-fas0%i.%s" % (i, suffix) for i in range(1, 4) - ], - topic_prefix + "fas.role.update": [ - "fas-fas0%i.%s" % (i, suffix) for i in range(1, 4) - ], - topic_prefix + "fas.group.member.remove": [ - "fas-fas0%i.%s" % (i, suffix) for i in range(1, 4) - ], - topic_prefix + "fas.group.member.sponsor": [ - "fas-fas0%i.%s" % (i, suffix) for i in range(1, 4) - ], - topic_prefix + "fas.group.member.apply": [ - "fas-fas0%i.%s" % (i, suffix) for i in range(1, 4) - ], - - # Git/SCM messages - topic_prefix + "git.receive": [ - "scm-pkgs01.%s" % suffix, - ], - topic_prefix + "git.lookaside.new": [ - "lookaside-pkgs01.%s" % suffix, - ], - - # Tagger messages - topic_prefix + "fedoratagger.tag.update": [ - "fedoratagger-tagger0%i.%s" % (i, suffix) for i in range(1, 3) - ], - topic_prefix + "fedoratagger.tag.create": [ - "fedoratagger-tagger0%i.%s" % (i, suffix) for i in range(1, 3) - ], - topic_prefix + "fedoratagger.user.rank.update": [ - "fedoratagger-tagger0%i.%s" % (i, suffix) for i in range(1, 3) - ], - - # Mediawiki messages - topic_prefix + "wiki.article.edit": [ - "mediawiki-wiki0%i.%s" % (i, suffix) for i in range(1, 3) - ], - topic_prefix + "wiki.upload.complete": [ - "mediawiki-wiki0%i.%s" % (i, suffix) for i in range(1, 3) - ], - - # Pkgdb messages - topic_prefix + "pkgdb.acl.update": [ - "pkgdb-pkgdb0%i.%s" % (i, suffix) for i in range(1, 3) - ], - topic_prefix + "pkgdb.acl.request.toggle": [ - "pkgdb-pkgdb0%i.%s" % (i, suffix) for i in range(1, 3) - ], - topic_prefix + "pkgdb.acl.user.remove": [ - "pkgdb-pkgdb0%i.%s" % (i, suffix) for i in range(1, 3) - ], - topic_prefix + "pkgdb.owner.update": [ - "pkgdb-pkgdb0%i.%s" % (i, suffix) for i in range(1, 3) - ], - topic_prefix + "pkgdb.package.new": [ - "pkgdb-pkgdb0%i.%s" % (i, suffix) for i in range(1, 3) - ], - topic_prefix + "pkgdb.package.update": [ - "pkgdb-pkgdb0%i.%s" % (i, suffix) for i in range(1, 3) - ], - topic_prefix + "pkgdb.package.retire": [ - "pkgdb-pkgdb0%i.%s" % (i, suffix) for i in range(1, 3) - ], - topic_prefix + "pkgdb.critpath.update": [ - "pkgdb-pkgdb0%i.%s" % (i, suffix) for i in range(1, 3) - ], - - # Planet/venus - topic_prefix + "planet.post.new": [ - "planet-people03.vpn.fedoraproject.org", - ], - - # Supybot/meetbot - topic_prefix + "meetbot.meeting.start": [ - "supybot-value01.%s" % suffix, - ], - - # When implemented, only @spot and @mattdm can use this one - topic_prefix + "announce.announcement": [ - "announce-lockbox01.phx2.fedoraproject.org", - ], - - {% if env == 'staging' %} # ** policy dynamically generated from inventory vars # See ansible/filter_plugins/fedmsg.py for this inversion filter. {% for topic, certs in groups | invert_fedmsg_policy(hostvars, env) %} @@ -227,7 +24,5 @@ config = dict( {% endfor %} ], {% endfor %} - {% endif %} }, ) -