#!/usr/bin/python -t # # Create an /etc/gitolog/conf/getolog.conf file with acls for dist-git # # Takes no arguments! # import grp import sys import requests {% if env == 'staging' %} VCS_URL = 'https://admin.stg.fedoraproject.org/pkgdb/api/vcs?format=json' GRP_URL = 'https://admin.stg.fedoraproject.org/pkgdb/api/groups?format=json' {% else %} VCS_URL = 'https://admin.fedoraproject.org/pkgdb/api/vcs?format=json' GRP_URL = 'https://admin.fedoraproject.org/pkgdb/api/groups?format=json' {% endif %} if __name__ == '__main__': # Get the users in various groups TRUSTED = grp.getgrnam('cvsadmin')[3] ARM = grp.getgrnam('fedora-arm')[3] SPARC = grp.getgrnam('fedora-sparc')[3] IA64 = grp.getgrnam('fedora-ia64')[3] S390 = grp.getgrnam('fedora-s390')[3] PPC = grp.getgrnam('fedora-ppc')[3] PROVEN = grp.getgrnam('provenpackager')[3] # Set the active branches to create ACLs for # Give them the git branch eqiv until pkgdb follows suite ACTIVE = { 'OLPC-2': 'olpc2', 'OLPC-3': 'olpc3', 'EL-4': 'el4', 'EL-5': 'el5', 'el5': 'el5', 'el6': 'el6', 'EL-6': 'el6', 'epel7': 'epel7', 'F-11': 'f11', 'F-12': 'f12', 'F-13': 'f13', 'f14': 'f14', 'f15': 'f15', 'f16': 'f16', 'f17': 'f17', 'f18': 'f18', 'f19': 'f19', 'f20': 'f20', 'f21': 'f21', 'f22': 'f22', 'f23': 'f23', 'devel': 'master', 'master': 'master'} # Create a "regex"ish list 0f the reserved branches RESERVED = [ 'f[0-9][0-9]', 'epel[0-9]', 'epel[0-9][0-9]', 'el[0-9]', 'olpc[0-9]'] # Read the ACL information from the packageDB data = requests.get(VCS_URL).json() # print out our user groups print '@admins = %s' % ' '.join(TRUSTED) print '@provenpackager = %s' % ' '.join(PROVEN) print '@fedora-arm = %s' % ' '.join(ARM) print '@fedora-s390 = %s' % ' '.join(S390) print '@fedora-ppc = %s' % ' '.join(PPC) # Get a list of all the groups groups = requests.get(GRP_URL).json() for group in groups['groups']: print '@%s = %s' % (group, ' '.join(grp.getgrnam(group)[3])) # Give a little space before moving onto the permissions print '' # print our default permissions print 'repo @all' print ' - VREF/update-block-push-origin = @all' print ' RWC = @admins @fedora-arm @fedora-s390 @fedora-ppc' print ' R = @all' #print ' RW private- = @all' # dont' enable the above until we prevent building for real from private- # Get a list of all the packages for key in data: if key == 'title': continue acls = data[key] pkglist = data[key].keys() pkglist.sort() if key != 'packageAcls': key = '%s/' % key else: key = '' for pkg in pkglist: branchAcls = {} # Check whether we need to set separate per branch acls buffer = [] # Buffer the output per package masters = [] # Folks that have commit to master writers = [] # Anybody that has write access # Examine each branch in the package branches = acls[pkg].keys() branches.sort() for branch in branches: if not branch in ACTIVE.keys(): continue if 'packager' in acls[pkg][branch]['commit']['groups']: # If the packager group is defined, everyone has access buffer.append(' RWC %s = @all' % (ACTIVE[branch])) branchAcls.setdefault('@all', []).append( (pkg, ACTIVE[branch]) ) if branch == 'master': masters.append('@all') if '@all' not in writers: writers.append('@all') else: # Extract the owners committers = [] owners = acls[pkg][branch]['commit']['people'] owners.sort() for owner in owners: committers.append(owner) for group in acls[pkg][branch]['commit']['groups']: committers.append('@%s' % group) if branch == 'master': masters.extend(committers) # add all the committers to the top writers list for committer in committers: if not committer in writers: writers.append(committer) # Print the committers to the acl for this package-branch committers = ' '.join(committers) buffer.append( ' RWC %s = %s' % (ACTIVE[branch], committers)) branchAcls.setdefault(committers, []).append( (pkg, ACTIVE[branch]) ) print '' print 'repo %s%s' % (key, pkg) print '\n'.join(buffer) for reserved in RESERVED: print ' - %s = @all' % reserved print ' RWC refs/tags/ = %s' % ' '.join(writers) if masters: print ' RWC = %s' % ' '.join(masters) sys.exit(0)