From 3ba5349bef708a16c61d48fd34fe0a57bec2c016 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Fri, 11 Aug 2017 17:41:27 +0200
Subject: [PATCH] Introduce koji policies for the -stg infra tags

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
---
 roles/koji_hub/templates/hub.conf.j2 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2
index fb512826f8..708f32d49a 100644
--- a/roles/koji_hub/templates/hub.conf.j2
+++ b/roles/koji_hub/templates/hub.conf.j2
@@ -114,6 +114,14 @@ tag =
     has_perm autosign && fromtag *-pending && package kernel shim grub2 fedora-release fedora-repos pesign :: allow
     has_perm secure-boot && package kernel shim grub2 fedora-release fedora-repos pesign :: allow
     package kernel shim grub2 fedora-release fedora-repos pesign :: deny
+# Allow people to tag stuff into infra-candidate if they're infra
+    tag *-infra-candidate && has_perm infra :: allow
+    tag *-infra-candidate :: deny
+# Allow people from infra to promote builds from -infra-stg to -infra tags
+    tag *-infra && fromtag *-infra-stg && has_perm infra :: allow
+# These two rules makes sure people can't build srpms in infra tags and tag them into distribution tags
+    tag *infra* && fromtag *infra* && has_perm infra :: allow
+    fromtag *infra* :: deny
     all :: allow
 
 channel =