From c3a7acd301f4cbba325ed3b06b1de0236da64098 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Thu, 29 Mar 2018 22:51:25 -0700 Subject: [PATCH 1/3] Update relvalconsumer package installs Signed-off-by: Adam Williamson --- roles/relvalconsumer/tasks/main.yml | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/roles/relvalconsumer/tasks/main.yml b/roles/relvalconsumer/tasks/main.yml index 84b9023a71..47dca43022 100644 --- a/roles/relvalconsumer/tasks/main.yml +++ b/roles/relvalconsumer/tasks/main.yml @@ -14,27 +14,29 @@ ## EVER BE TRUE ON ONE SYSTEM IN THE WORLD** ## default - False -# note: we need updates-testing until fedfind 3.8.0 / wikitcms 2.2.0 -# goes stable -- name: Install required packages (testing) - dnf: name={{ item }} state=present enablerepo="updates-testing" - with_items: - - python2-fedfind - - python2-wikitcms - tags: - - packages +# note: kept around for when we need packages from u-t +#- name: Install required packages (testing) +# dnf: name={{ item }} state=present enablerepo="updates-testing" +# with_items: +# - python2-fedfind +# - python2-wikitcms +# tags: +# - packages - name: Install required packages dnf: name={{ item }} state=present with_items: + - python2-fedfind + - python2-wikitcms - python2-fedmsg-consumers - python2-mwclient - python-setuptools + - relval tags: - packages - name: Install required packages (wiki oidc auth) - dnf: name={{ item }} state=present enablerepo="updates-testing" + dnf: name={{ item }} state=present enablerepo="updates" with_items: - python2-openidc-client when: "wikitcms_token is defined" From 93abefa309736db9896f6d566005c1051148cc83 Mon Sep 17 00:00:00 2001 From: Clement Verna Date: Fri, 30 Mar 2018 10:56:40 +0200 Subject: [PATCH 2/3] Add oidc scopes for pagure.io Signed-off-by: Clement Verna --- roles/ipsilon/files/oidc_scopes/pagure.py | 86 +++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 roles/ipsilon/files/oidc_scopes/pagure.py diff --git a/roles/ipsilon/files/oidc_scopes/pagure.py b/roles/ipsilon/files/oidc_scopes/pagure.py new file mode 100644 index 0000000000..6fd70e202d --- /dev/null +++ b/roles/ipsilon/files/oidc_scopes/pagure.py @@ -0,0 +1,86 @@ +from __future__ import absolute_import + +from ipsilon.providers.openidc.plugins.common import OpenidCExtensionBase + + +class OpenidCExtension(OpenidCExtensionBase): + name = 'pagure' + display_name = 'Pagure.io' + scopes = { + 'https://pagure.io/oidc/pull_request_merge': { + 'display_name': 'Permission to merge a pull-request', + 'claims': [], + }, + 'https://pagure.io/oidc/pull_request_close': { + 'display_name': 'Permission to close a pull-request', + 'claims': [], + }, + 'https://pagure.io/oidc/pull_request_comment': { + 'display_name': 'Permission to comment a pull-request', + 'claims': [], + }, + 'https://pagure.io/oidc/pull_request_flag': { + 'display_name': 'Permission to flag a pull-request with a CI status', + 'claims': [], + }, + 'https://pagure.io/oidc/pull_request_subscribe': { + 'display_name': 'Permission to subscribe a user to a pull-request', + 'claims': [], + }, + 'https://pagure.io/oidc/pull_request_create': { + 'display_name': 'Permission to create a pull-request', + 'claims': [], + }, + 'https://pagure.io/oidc/issue_create': { + 'display_name': 'Permission to create an issue', + 'claims': [], + }, + 'https://pagure.io/oidc/issue_update': { + 'display_name': 'Permission to update an issue', + 'claims': [], + }, + 'https://pagure.io/oidc/issue_change_status': { + 'display_name': 'Permission to change the status of an issue', + 'claims': [], + }, + 'https://pagure.io/oidc/issue_update_milestone': { + 'display_name': 'Permission to update the milestone of an issue', + 'claims': [], + }, + 'https://pagure.io/oidc/issue_comment': { + 'display_name': 'Permission to comment on an issue', + 'claims': [], + }, + 'https://pagure.io/oidc/issue_assign': { + 'display_name': 'Permission to assign an issue to a user', + 'claims': [], + }, + 'https://pagure.io/oidc/issue_subscribe': { + 'display_name': 'Permission to subscribe a user to an issue', + 'claims': [], + }, + 'https://pagure.io/oidc/issue_update_custom_fields': { + 'display_name': 'Permission to update an issue custom fields', + 'claims': [], + }, + 'https://pagure.io/oidc/create_project': { + 'display_name': 'Permission to create a project', + 'claims': [], + }, + 'https://pagure.io/oidc/modify_project': { + 'display_name': 'Permission to modify a project', + 'claims': [], + }, + 'https://pagure.io/oidc/fork_project': { + 'display_name': 'Permission to fork a project', + 'claims': [], + }, + 'https://pagure.io/oidc/generate_acls_project': { + 'display_name': 'Permission to generate the gitolite ACLs of a project', + 'claims': [], + }, + 'https://pagure.io/oidc/commit_flag': { + 'display_name': 'Permission to flag a commit with a CI results', + 'claims': [], + }, + } From 35f70da7f6c6e4e4c5c152e37d88d8fd51fb9a91 Mon Sep 17 00:00:00 2001 From: Robert Mayr Date: Fri, 30 Mar 2018 21:08:56 +0000 Subject: [PATCH 3/3] do not redirect staging webpages anymore --- playbooks/include/proxies-redirects.yml | 154 ++++++++++++------------ 1 file changed, 77 insertions(+), 77 deletions(-) diff --git a/playbooks/include/proxies-redirects.yml b/playbooks/include/proxies-redirects.yml index 78f8ff610b..d4a94cabe7 100644 --- a/playbooks/include/proxies-redirects.yml +++ b/playbooks/include/proxies-redirects.yml @@ -268,83 +268,83 @@ # back to the main release. # This should be disabled when there is a prerelease - - role: httpd/redirectmatch - name: prerelease-to-final-gfo-ws - website: getfedora.org - regex: /(.*)workstation/prerelease.*$ - target: https://stg.getfedora.org/$1/workstation - when: env == 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-gfo-srv - website: getfedora.org - regex: /(.*)server/prerelease.*$ - target: https://stg.getfedora.org/$1/server - when: env == 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-gfo-atomic - website: getfedora.org - regex: /(.*)atomic/prerelease.*$ - target: https://stg.getfedora.org/$1/atomic - when: env == 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-labs-1 - website: labs.fedoraproject.org - regex: /(.*)prerelease.*$ - target: https://labs.stg.fedoraproject.org/$1 - when: env == 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-spins-1 - website: spins.fedoraproject.org - regex: /(.*)prerelease.*$ - target: https://spins.stg.fedoraproject.org/$1 - when: env == 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-arm-1 - website: arm.fedoraproject.org - regex: /(.*)prerelease.*$ - target: https://arm.stg.fedoraproject.org/$1 - when: env == 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-labs-2 - website: labs.fedoraproject.org - regex: /prerelease.*$ - target: https://labs.stg.fedoraproject.org/$1 - when: env == 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-spins-2 - website: spins.fedoraproject.org - regex: /prerelease.*$ - target: https://spins.stg.fedoraproject.org/$1 - when: env == 'staging' - - - role: httpd/redirectmatch - name: prerelease-to-final-arm-2 - website: arm.fedoraproject.org - regex: /prerelease.*$ - target: https://arm.stg.fedoraproject.org/$1 - when: env == 'staging' - - - role: httpd/redirectmatch - name: cloud-to-atomic - website: getfedora.org - regex: /cloud/.*$ - target: https://alt.stg.fedoraproject.org/cloud/$1 - when: env == 'staging' - - - role: httpd/redirectmatch - name: cloud-to-atomic-download - website: getfedora.org - regex: /(.*)/cloud/download.*$ - target: https://alt.stg.fedoraproject.org/$1/cloud - when: env == 'staging' - +# - role: httpd/redirectmatch +# name: prerelease-to-final-gfo-ws +# website: getfedora.org +# regex: /(.*)workstation/prerelease.*$ +# target: https://stg.getfedora.org/$1/workstation +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-gfo-srv +# website: getfedora.org +# regex: /(.*)server/prerelease.*$ +# target: https://stg.getfedora.org/$1/server +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-gfo-atomic +# website: getfedora.org +# regex: /(.*)atomic/prerelease.*$ +# target: https://stg.getfedora.org/$1/atomic +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-labs-1 +# website: labs.fedoraproject.org +# regex: /(.*)prerelease.*$ +# target: https://labs.stg.fedoraproject.org/$1 +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-spins-1 +# website: spins.fedoraproject.org +# regex: /(.*)prerelease.*$ +# target: https://spins.stg.fedoraproject.org/$1 +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-arm-1 +# website: arm.fedoraproject.org +# regex: /(.*)prerelease.*$ +# target: https://arm.stg.fedoraproject.org/$1 +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-labs-2 +# website: labs.fedoraproject.org +# regex: /prerelease.*$ +# target: https://labs.stg.fedoraproject.org/$1 +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-spins-2 +# website: spins.fedoraproject.org +# regex: /prerelease.*$ +# target: https://spins.stg.fedoraproject.org/$1 +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: prerelease-to-final-arm-2 +# website: arm.fedoraproject.org +# regex: /prerelease.*$ +# target: https://arm.stg.fedoraproject.org/$1 +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: cloud-to-atomic +# website: getfedora.org +# regex: /cloud/.*$ +# target: https://alt.stg.fedoraproject.org/cloud/$1 +# when: env == 'staging' +# +# - role: httpd/redirectmatch +# name: cloud-to-atomic-download +# website: getfedora.org +# regex: /(.*)/cloud/download.*$ +# target: https://alt.stg.fedoraproject.org/$1/cloud +# when: env == 'staging' +# # end staging - role: httpd/redirectmatch