From ccaa519dd305c7ff22383bd685a03cb5d9f81a13 Mon Sep 17 00:00:00 2001
From: Stephen Smoogen <smooge@redhat.com>
Date: Tue, 14 Jan 2020 15:47:55 +0000
Subject: [PATCH] [pkgs]: remove mentions of repospanner so that playbooks will
 set up things without it

---
 roles/basessh/templates/sshd_config           |  5 ---
 roles/batcave/tasks/main.yml                  |  1 -
 roles/distgit/pagure/tasks/main.yml           | 27 ++-----------
 .../pagure/templates/pagure_shared.cfg        | 34 -----------------
 roles/distgit/tasks/main.yml                  | 38 -------------------
 roles/pagure/frontend/tasks/main.yml          | 31 ---------------
 roles/pagure/frontend/templates/pagure.cfg    | 36 ------------------
 .../templates/repobridge_ansible.json         | 10 -----
 8 files changed, 3 insertions(+), 179 deletions(-)
 delete mode 100644 roles/pagure/frontend/templates/repobridge_ansible.json

diff --git a/roles/basessh/templates/sshd_config b/roles/basessh/templates/sshd_config
index 7ec4a855e1..840121a2b3 100644
--- a/roles/basessh/templates/sshd_config
+++ b/roles/basessh/templates/sshd_config
@@ -43,11 +43,6 @@ AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
 AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
 AcceptEnv XMODIFIERS
 
-{% if sshd_keyhelper %}
-# For repospanner/git
-AuthorizedKeysCommandUser git
-AuthorizedKeysCommand /usr/libexec/pagure/keyhelper.py "%u" "%h" "%t" "%f"
-{% endif %}
 {% if sshd_sftp %}
 Subsystem sftp internal-sftp
 {% endif %}
diff --git a/roles/batcave/tasks/main.yml b/roles/batcave/tasks/main.yml
index 5d965c9882..57fc37e4f1 100644
--- a/roles/batcave/tasks/main.yml
+++ b/roles/batcave/tasks/main.yml
@@ -50,7 +50,6 @@
   - ansible-lint              # needed to check ansible playbooks for issues.
   - atomic-openshift-clients  # For convenient client access to os.fp.o
   - easy-rsa                  # For easy copying into ansible-private for certs.
-  - repoSpanner               # To gen repospanner certs for now.
   - dnf                       # To get dnf reposync
   - dnf-plugins-core          # To get dnf reposync
   tags:
diff --git a/roles/distgit/pagure/tasks/main.yml b/roles/distgit/pagure/tasks/main.yml
index 5ebf356cd9..b11ab6f6df 100644
--- a/roles/distgit/pagure/tasks/main.yml
+++ b/roles/distgit/pagure/tasks/main.yml
@@ -110,17 +110,6 @@
   notify:
   - restart apache
 
-- name: Allow repoSpanner access to Pagure config
-  acl: path=/etc/pagure/pagure.cfg
-       etype=user
-       entity=repoSpanner
-       permissions=r
-      state=present
-  tags:
-  - config
-  - pagure
-  when: env == "staging"
-
 - name: pagure configuration for the hooks
   template: src={{ item.file }}
             dest={{ item.location }}/{{ item.file }}
@@ -250,16 +239,6 @@
   - web
   - pagure
 
-- name: set sebooleans so pagure can talk to repospanner
-  seboolean: name=httpd_can_network_connect
-                    state=true
-                    persistent=true
-  tags:
-  - selinux
-  - web
-  - pagure
-  when: env == "staging"
-
 # HOTFIX: adjust bugzilla overrides
 - name: HOTFIX - adjust bugzilla overrides
   copy: src=fas2.py dest=/usr/lib/python2.7/site-packages/fedora/client/fas2.py
@@ -387,17 +366,17 @@
     - src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/pagure{{ env_suffix }}.crt"
       dest: src.fp.o.crt
       owner: pagure
-      group: "{{ (env == 'production')|ternary('pagure', 'repoSpanner') }}"
+      group: "{{ (env == 'production')|ternary('pagure') }}"
       mode: "444"
     - src: "{{private}}/files/rabbitmq/{{env}}/pki/private/pagure{{ env_suffix }}.key"
       dest: src.fp.o.key
       owner: pagure
-      group: "{{ (env == 'production')|ternary('pagure', 'repoSpanner') }}"
+      group: "{{ (env == 'production')|ternary('pagure') }}"
       mode: "440"
     - src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"
       dest: src.fp.o.ca
       owner: pagure
-      group: "{{ (env == 'production')|ternary('pagure', 'repoSpanner') }}"
+      group: "{{ (env == 'production')|ternary('pagure') }}"
       mode: "444"
   tags:
   - pagure
diff --git a/roles/distgit/pagure/templates/pagure_shared.cfg b/roles/distgit/pagure/templates/pagure_shared.cfg
index 8b156dd3b4..8eb67409b8 100644
--- a/roles/distgit/pagure/templates/pagure_shared.cfg
+++ b/roles/distgit/pagure/templates/pagure_shared.cfg
@@ -86,16 +86,6 @@ PDC_URL = 'https://pdc{{ env_suffix }}.fedoraproject.org/rest_api/v1/'
 
 SSH_KEYS_USERNAME_LOOKUP = True
 SSH_KEYS_OPTIONS = 'restrict,command="/usr/libexec/pagure/aclchecker.py %(username)s"'
-SSH_COMMAND_REPOSPANNER = ([
-    "/usr/libexec/repobridge",
-    "--extra", "username", "%(username)s",
-    "--extra", "repotype", "%(repotype)s",
-    "--extra", "project_name", "%(project_name)s",
-    "--extra", "project_user", "%(project_user)s",
-    "--extra", "project_namespace", "%(project_namespace)s",
-    "%(cmd)s",
-    "'pagure/%(repotype)s/%(reponame)s'",
-], {"REPOBRIDGE_CONFIG": "/etc/repobridge/rpms.json"})
 SSH_COMMAND_NON_REPOSPANNER = ([
     "/usr/libexec/git-core/%(cmd)s",
     "%(repopath)s",
@@ -111,28 +101,4 @@ EXTERNAL_COMMITTER = {
 {% if env == "staging" %}
 ACL_DEBUG = True
 
-# repoSpanner setup
-
-# For now, repoSpanner is enabled on a per-repo basis
-REPOSPANNER_NEW_REPO = None
-REPOSPANNER_NEW_REPO_ADMIN_OVERRIDE = True
-REPOSPANNER_NEW_FORK = True
-REPOSPANNER_ADMIN_MIGRATION = True
-REPOSPANNER_REGIONS = {
-    'rpms': {'url': 'https://fedora01.rpms.stg.fedoraproject.org:{{ repoSpanner_rpms_http }}',
-             'repo_prefix': 'pagure/',
-{% if env == "staging" %}
-	     'hook': '06cd5acb2d774491e02bc0dd4dc1555ab5664a6a',
-{% else %}
-	     'hook': '0000000000000000000000000000000000000000',
-{% endif %}
-	     'ca': '/etc/pagure/ca.crt',
-	     'admin_cert': {'cert': '/etc/pagure/fedora_rpms_admin.crt',
-	                    'key': '/etc/pagure/fedora_rpms_admin.key'},
-	     'push_cert': {'cert': '/etc/pagure/fedora_rpms_push.crt',
-	                   'key': '/etc/pagure/fedora_rpms_push.key'}
-            }
-}
-REPOSPANNER_PSEUDO_FOLDER = '/srv/git/repositories/pseudo'
-
 {% endif %}
diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml
index 0f57fd4857..ec6420ae0d 100644
--- a/roles/distgit/tasks/main.yml
+++ b/roles/distgit/tasks/main.yml
@@ -188,44 +188,6 @@
   - distgit
   - mass-branching
 
-# -- repoSpanner certs ---....etc...
-- name: Install the certificates for repoSpanner access
-  copy: src="{{private}}/files/repoSpanner/{{env}}/ca/{{item}}"
-        dest="/etc/pagure/{{item}}"
-        owner=pagure group=pagure mode=0600
-  with_items:
-  - ca.crt
-  - fedora_rpms_admin.crt
-  - fedora_rpms_admin.key
-  - fedora_rpms_push.crt
-  - fedora_rpms_push.key
-  when: env == "staging"
-  tags:
-  - config
-  - distgit
-
-- name: Deploy configuration
-  template: src=repospanner-admin.yml
-            dest=/etc/pagure/repospanner-admin.yml
-  when: env == "staging"
-  tags:
-  - config
-  - distgit
-
-- name: dumps the state of the repos in JSON
-  cron:
-    name: "dumps the state of the repos in JSON"
-    job: "repospanner --config /etc/pagure/repospanner-admin.yml admin repo list --json |  python -m json.tool > /srv/cache/extras/repoinfo.json"
-    hour: "*/2"
-    minute: "5"
-    state: present
-    user: "root"
-    cron_file: "repospanner_repoinfo_dump"
-  when: env == "staging"
-  tags:
-  - config
-  - distgit
-
 # -- Gitolite --------------------------------------------
 # This is the permission management for package maintainers, using Gitolite.
 - name: create the /var/log/gitolite directory
diff --git a/roles/pagure/frontend/tasks/main.yml b/roles/pagure/frontend/tasks/main.yml
index 0e3c44b67f..c928140bfa 100644
--- a/roles/pagure/frontend/tasks/main.yml
+++ b/roles/pagure/frontend/tasks/main.yml
@@ -17,7 +17,6 @@
   - libsemanage-python
   - mod_ssl
   - stunnel
-  - repoSpanner-bridge
   # Use haveged to ensure the server keeps some entropy
   - haveged
   tags:
@@ -216,7 +215,6 @@
   with_items:
   - { file: pagure.cfg, location: /etc/pagure }
   - { file: alembic.ini, location: /etc/pagure }
-  - { file: repobridge_ansible.json, location: /etc/pagure }
   tags:
   - config
   - web
@@ -224,27 +222,6 @@
   notify:
   - restart apache
 
-- name: Create the repoSpanner cert directory
-  file: path=/etc/pagure/repospanner state=directory mode=0750 owner=git group=git
-  tags:
-  - config
-  - pagure
-  - repospanner
-
-- name: Copy repoSpanner certs and keys
-  copy: src={{private}}/files/repoSpanner/{{env}}/ca/{{item}} dest=/etc/pagure/repospanner/{{item}}
-        owner=git group=git mode=0640
-  with_items:
-  - ca.crt
-  - ansible-push.crt
-  - ansible-push.key
-  - ansible-admin.crt
-  - ansible-admin.key
-  tags:
-  - config
-  - pagure
-  - repospanner
-  when: env == "production"
 
 - name: create the database scheme
   command: /usr/bin/python2 /usr/share/pagure/pagure_createdb.py
@@ -300,13 +277,6 @@
   notify:
   - restart apache
 
-- name: let repospanner read the pagure config
-  command: /usr/bin/setfacl -m user:repoSpanner:r /etc/pagure/pagure.cfg
-  tags:
-  - pagure
-  - mirror
-  when: env != 'pagure-staging'
-
 - name: let paguremirroring read the pagure config
   command: /usr/bin/setfacl -m user:paguremirroring:rx /etc/pagure/pagure.cfg
   tags:
@@ -423,7 +393,6 @@
 #  - pagure_api_key_expire_mail.timer
   - pagure_mirror_project_in
   - pagure_mirror_project_in.timer
-  - repoSpanner@config
   - fedmsg-relay
   - haveged
   ignore_errors: true
diff --git a/roles/pagure/frontend/templates/pagure.cfg b/roles/pagure/frontend/templates/pagure.cfg
index 1ff691be31..29386d7497 100644
--- a/roles/pagure/frontend/templates/pagure.cfg
+++ b/roles/pagure/frontend/templates/pagure.cfg
@@ -103,8 +103,6 @@ WEBHOOK = True
 ### Folder containing to the git repos
 GIT_FOLDER = '/srv/git/repositories'
 
-REPOSPANNER_PSEUDO_FOLDER = '/srv/git/pseudo'
-
 ### Folder containing the forks repos
 FORK_FOLDER = '/srv/git/repositories/forks'
 
@@ -333,40 +331,6 @@ MIRROR_SSHKEYS_FOLDER='/srv/mirror/ssh'
 SSH_KEYS_USERNAME_EXPECT = "git"
 SSH_KEYS_OPTIONS = 'restrict,command="/usr/libexec/pagure/aclchecker.py %(username)s"'
 
-SSH_COMMAND_REPOSPANNER = ([
-    "/usr/libexec/repobridge",
-    "--extra", "username", "%(username)s",
-    "--extra", "repotype", "%(repotype)s",
-    "--extra", "project_name", "%(project_name)s",
-    "--extra", "project_user", "%(project_user)s",
-    "--extra", "project_namespace", "%(project_namespace)s",
-    "%(cmd)s",
-    "'%(repotype)s/%(reponame)s'",
-], {"REPOBRIDGE_CONFIG": "/etc/pagure/repobridge_ansible.json"})
-SSH_COMMAND_NON_REPOSPANNER = ([
-    "/usr/bin/%(cmd)s",
-    "/srv/git/repositories/%(reponame)s",
-], {"GL_USER": "%(username)s"})
-
-
-# For now, repoSpanner is enabled on a per-repo basis.
-# currently, only for the ansible repo.
-REPOSPANNER_NEW_REPO = None
-REPOSPANNER_NEW_REPO_ADMIN_OVERRIDE = True
-REPOSPANNER_NEW_FORK = None
-REPOSPANNER_ADMIN_MIGRATION = True
-REPOSPANNER_REGIONS = {
-    "ansible": {"url": "https://pagure01.ansible.fedoraproject.org:{{ repoSpanner_ansible_http }}",
-                "repo_prefix": "pagure/",
-                "hook": "06cd5acb2d774491e02bc0dd4dc1555ab5664a6a",
-                "ca": "/etc/pagure/repospanner/ca.crt",
-                "admin_cert": {"cert": "/etc/pagure/repospanner/ansible-admin.crt",
-                               "key": "/etc/pagure/repospanner/ansible-admin.key"},
-                "push_cert": {"cert": "/etc/pagure/repospanner/ansible-push.crt",
-                              "key": "/etc/pagure/repospanner/ansible-push.key"},
-               },
-}
-
 GIT_AUTH_BACKEND = 'pagure'
 HTTP_REPO_ACCESS_GITOLITE = None
 
diff --git a/roles/pagure/frontend/templates/repobridge_ansible.json b/roles/pagure/frontend/templates/repobridge_ansible.json
deleted file mode 100644
index 194ed286be..0000000000
--- a/roles/pagure/frontend/templates/repobridge_ansible.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
-    "ca": "/etc/pagure/repospanner/ca.crt",
-    "baseurl": "https://pagure01.ansible.fedoraproject.org:{{ repoSpanner_ansible_http }}",
-    "certs": {
-        "_default_": {
-            "cert": "/etc/pagure/repospanner/ansible-push.crt",
-            "key" : "/etc/pagure/repospanner/ansible-push.key"
-        }
-    }
-}