Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Port genacls.pkgdb to the new pkgdb API while being backward compatible with the old one

Browse source
This commit is contained in:
Pierre-Yves Chibon 2015-12-11 12:16:58 +01:00
parent ff3b208137
commit 32f824900c
1 changed files with 100 additions and 81 deletions
Download patch file Download diff file Expand all files Collapse all files

181
roles/distgit/templates/genacls.pkgdb
View file

@ -9,6 +9,14 @@ import grp
import sys import sys
import requests import requests
{% if env == 'staging' %}
VCS_URL = 'https://admin.stg.fedoraproject.org/pkgdb/api/vcs?format=json'
GRP_URL = 'https://admin.stg.fedoraproject.org/pkgdb/api/groups?format=json'
{% else %}
VCS_URL = 'https://admin.fedoraproject.org/pkgdb/api/vcs?format=json'
GRP_URL = 'https://admin.fedoraproject.org/pkgdb/api/groups?format=json'
{% endif %}
if __name__ == '__main__': if __name__ == '__main__':
# Get the users in various groups # Get the users in various groups
@ -22,33 +30,22 @@ if __name__ == '__main__':
# Set the active branches to create ACLs for # Set the active branches to create ACLs for
# Give them the git branch eqiv until pkgdb follows suite # Give them the git branch eqiv until pkgdb follows suite
ACTIVE = {'OLPC-2': 'olpc2', 'OLPC-3': 'olpc3', 'EL-4': 'el4', ACTIVE = {
'EL-5': 'el5', 'el5': 'el5', 'el6': 'el6', 'EL-6': 'el6', 'OLPC-2': 'olpc2', 'OLPC-3': 'olpc3', 'EL-4': 'el4',
'epel7': 'epel7', 'EL-5': 'el5', 'el5': 'el5', 'el6': 'el6', 'EL-6': 'el6',
'F-11': 'f11', 'F-12': 'f12', 'F-13': 'f13', 'f14': 'f14', 'f15': 'epel7': 'epel7',
'f15', 'f16': 'f16', 'f17': 'f17', 'f18': 'f18', 'f19': 'f19', 'F-11': 'f11', 'F-12': 'f12', 'F-13': 'f13', 'f14': 'f14', 'f15':
'f20': 'f20', 'f21': 'f21', 'f22': 'f22', 'f23': 'f23', 'f15', 'f16': 'f16', 'f17': 'f17', 'f18': 'f18', 'f19': 'f19',
'devel': 'master', 'master': 'master'} 'f20': 'f20', 'f21': 'f21', 'f22': 'f22', 'f23': 'f23',
'devel': 'master', 'master': 'master'}
# Create a "regex"ish list 0f the reserved branches # Create a "regex"ish list 0f the reserved branches
RESERVED = ['f[0-9][0-9]', 'epel[0-9]', 'epel[0-9][0-9]', 'el[0-9]', 'olpc[0-9]'] RESERVED = [
'f[0-9][0-9]', 'epel[0-9]', 'epel[0-9][0-9]', 'el[0-9]',
'olpc[0-9]']
# Read the ACL information from the packageDB # Read the ACL information from the packageDB
{% if env == 'staging' %} data = requests.get(VCS_URL).json()
url = 'https://admin.stg.fedoraproject.org/pkgdb/api/vcs?format=json'
{% else %}
url = 'https://admin.fedoraproject.org/pkgdb/api/vcs?format=json'
{% endif %}
data = requests.get(url).json()
# Get a list of all the packages
acls = data['packageAcls']
pkglist = data['packageAcls'].keys()
pkglist.sort()
# sanity check
if len(pkglist) < 2500:
sys.exit(1)
# print out our user groups # print out our user groups
print '@admins = %s' % ' '.join(TRUSTED) print '@admins = %s' % ' '.join(TRUSTED)
@ -58,11 +55,7 @@ if __name__ == '__main__':
print '@fedora-ppc = %s' % ' '.join(PPC) print '@fedora-ppc = %s' % ' '.join(PPC)
# Get a list of all the groups # Get a list of all the groups
{% if env == 'staging' %} groups = requests.get(GRP_URL).json()
groups = requests.get('https://admin.stg.fedoraproject.org/pkgdb/api/groups?format=json').json()
{% else %}
groups = requests.get('https://admin.fedoraproject.org/pkgdb/api/groups?format=json').json()
{% endif %}
for group in groups['groups']: for group in groups['groups']:
print '@%s = %s' % (group, ' '.join(grp.getgrnam(group)[3])) print '@%s = %s' % (group, ' '.join(grp.getgrnam(group)[3]))
@ -76,61 +69,87 @@ if __name__ == '__main__':
#print ' RW private- = @all' #print ' RW private- = @all'
# dont' enable the above until we prevent building for real from private- # dont' enable the above until we prevent building for real from private-
for pkg in pkglist: # Get a list of all the packages
branchAcls = {} # Check whether we need to set separate per branch acls for key in data:
buffer = [] # Buffer the output per package if key == 'title':
masters = [] # Folks that have commit to master continue
writers = [] # Anybody that has write access
# Examine each branch in the package acls = data[key]
branches = acls[pkg].keys() pkglist = data[key].keys()
branches.sort() pkglist.sort()
for branch in branches:
if not branch in ACTIVE.keys():
continue
if 'packager' in acls[pkg][branch]['commit']['groups']:
# If the packager group is defined, everyone has access
buffer.append(' RWC %s = @all' % (ACTIVE[branch]))
branchAcls.setdefault('@all', []).append((pkg,
ACTIVE[branch]))
if branch == 'master':
masters.append('@all')
if '@all' not in writers:
writers.append('@all')
else:
# Extract the owners
committers = []
owners = acls[pkg][branch]['commit']['people']
owners.sort()
for owner in owners:
committers.append(owner)
for group in acls[pkg][branch]['commit']['groups']:
committers.append('@%s' % group)
if branch == 'master':
masters.extend(committers)
# add all the committers to the top writers list if key != 'packageAcls':
for committer in committers: key = '%s/' % key
if not committer in writers: else:
writers.append(committer) key = ''
# Print the committers to the acl for this package-branch for pkg in pkglist:
committers = ' '.join(committers)
buffer.append(' RWC %s = %s' % branchAcls = {} # Check whether we need to set separate per branch acls
(ACTIVE[branch], committers)) buffer = [] # Buffer the output per package
branchAcls.setdefault(committers, []).append((pkg, masters = [] # Folks that have commit to master
ACTIVE[branch])) writers = [] # Anybody that has write access
# Examine each branch in the package
branches = acls[pkg].keys()
branches.sort()
for branch in branches:
if not branch in ACTIVE.keys():
continue
if 'packager' in acls[pkg][branch]['commit']['groups']:
# If the packager group is defined, everyone has access
buffer.append(' RWC %s = @all' % (ACTIVE[branch]))
branchAcls.setdefault('@all', []).append(
(pkg, ACTIVE[branch])
)
if branch == 'master':
masters.append('@all')
if '@all' not in writers:
writers.append('@all')
else:
# Extract the owners
committers = []
owners = acls[pkg][branch]['commit']['people']
owners.sort()
for owner in owners:
committers.append(owner)
for group in acls[pkg][branch]['commit']['groups']:
committers.append('@%s' % group)
if branch == 'master':
masters.extend(committers)
# add all the committers to the top writers list
for committer in committers:
if not committer in writers:
writers.append(committer)
# Print the committers to the acl for this package-branch
committers = ' '.join(committers)
buffer.append(
' RWC %s = %s' % (ACTIVE[branch], committers))
branchAcls.setdefault(committers, []).append(
(pkg, ACTIVE[branch])
)
print ''
print 'repo %s%s' % (key, pkg)
print '\n'.join(buffer)
for reserved in RESERVED:
print ' - %s = @all' % reserved
print ' RWC refs/tags/ = %s' % ' '.join(writers)
if masters:
print ' RWC = %s' % ' '.join(masters)
# Bring backward compatibility while we keep the symlinks in place
# from the old to the new locations.
if key == 'rpms/':
print ''
print 'repo %s' % (pkg)
print '\n'.join(buffer)
for reserved in RESERVED:
print ' - %s = @all' % reserved
print ' RWC refs/tags/ = %s' % ' '.join(writers)
if masters:
print ' RWC = %s' % ' '.join(masters)
print
print 'repo %s' % pkg
#if len(branchAcls.keys()) == 1:
# acl = branchAcls.keys()[0]
# print ' RW = %s' % acl
#else:
print '\n'.join(buffer)
for reserved in RESERVED:
print ' - %s = @all' % reserved
print ' RWC refs/tags/ = %s' % ' '.join(writers)
if masters:
print ' RWC = %s' % ' '.join(masters)
sys.exit(0) sys.exit(0)