Merge branch 'master' of /git/ansible

2018-03-31 00:00:04 +00:00 · 2018-03-31 00:00:04 +00:00 · da4e8d4725
commit da4e8d4725
parent 525d0f434d 35f70da7f6
3 changed files with 175 additions and 87 deletions
--- a/playbooks/include/proxies-redirects.yml
+++ b/playbooks/include/proxies-redirects.yml
@ -268,83 +268,83 @@
 # back to the main release.
 # This should be disabled when there is a prerelease

-  - role: httpd/redirectmatch
-    name: prerelease-to-final-gfo-ws
-    website: getfedora.org
-    regex: /(.*)workstation/prerelease.*$
-    target: https://stg.getfedora.org/$1/workstation
-    when: env == 'staging'
-
-  - role: httpd/redirectmatch
-    name: prerelease-to-final-gfo-srv
-    website: getfedora.org
-    regex: /(.*)server/prerelease.*$
-    target: https://stg.getfedora.org/$1/server
-    when: env == 'staging'
-
-  - role: httpd/redirectmatch
-    name: prerelease-to-final-gfo-atomic
-    website: getfedora.org
-    regex: /(.*)atomic/prerelease.*$
-    target: https://stg.getfedora.org/$1/atomic
-    when: env == 'staging'
-
-  - role: httpd/redirectmatch
-    name: prerelease-to-final-labs-1
-    website: labs.fedoraproject.org
-    regex: /(.*)prerelease.*$
-    target: https://labs.stg.fedoraproject.org/$1
-    when: env == 'staging'
-
-  - role: httpd/redirectmatch
-    name: prerelease-to-final-spins-1
-    website: spins.fedoraproject.org
-    regex: /(.*)prerelease.*$
-    target: https://spins.stg.fedoraproject.org/$1
-    when: env == 'staging'
-
-  - role: httpd/redirectmatch
-    name: prerelease-to-final-arm-1
-    website: arm.fedoraproject.org
-    regex: /(.*)prerelease.*$
-    target: https://arm.stg.fedoraproject.org/$1
-    when: env == 'staging'
-
-  - role: httpd/redirectmatch
-    name: prerelease-to-final-labs-2
-    website: labs.fedoraproject.org
-    regex: /prerelease.*$
-    target: https://labs.stg.fedoraproject.org/$1
-    when: env == 'staging'
-
-  - role: httpd/redirectmatch
-    name: prerelease-to-final-spins-2
-    website: spins.fedoraproject.org
-    regex: /prerelease.*$
-    target: https://spins.stg.fedoraproject.org/$1
-    when: env == 'staging'
-
-  - role: httpd/redirectmatch
-    name: prerelease-to-final-arm-2
-    website: arm.fedoraproject.org
-    regex: /prerelease.*$
-    target: https://arm.stg.fedoraproject.org/$1
-    when: env == 'staging'
-
-  - role: httpd/redirectmatch
-    name: cloud-to-atomic
-    website: getfedora.org
-    regex: /cloud/.*$
-    target: https://alt.stg.fedoraproject.org/cloud/$1
-    when: env == 'staging'
-
-  - role: httpd/redirectmatch
-    name: cloud-to-atomic-download
-    website: getfedora.org
-    regex: /(.*)/cloud/download.*$
-    target: https://alt.stg.fedoraproject.org/$1/cloud
-    when: env == 'staging'
-
+#  - role: httpd/redirectmatch
+#    name: prerelease-to-final-gfo-ws
+#    website: getfedora.org
+#    regex: /(.*)workstation/prerelease.*$
+#    target: https://stg.getfedora.org/$1/workstation
+#    when: env == 'staging'
+#
+#  - role: httpd/redirectmatch
+#    name: prerelease-to-final-gfo-srv
+#    website: getfedora.org
+#    regex: /(.*)server/prerelease.*$
+#    target: https://stg.getfedora.org/$1/server
+#    when: env == 'staging'
+#
+#  - role: httpd/redirectmatch
+#    name: prerelease-to-final-gfo-atomic
+#    website: getfedora.org
+#    regex: /(.*)atomic/prerelease.*$
+#    target: https://stg.getfedora.org/$1/atomic
+#    when: env == 'staging'
+#
+#  - role: httpd/redirectmatch
+#    name: prerelease-to-final-labs-1
+#    website: labs.fedoraproject.org
+#    regex: /(.*)prerelease.*$
+#    target: https://labs.stg.fedoraproject.org/$1
+#    when: env == 'staging'
+#
+#  - role: httpd/redirectmatch
+#    name: prerelease-to-final-spins-1
+#    website: spins.fedoraproject.org
+#    regex: /(.*)prerelease.*$
+#    target: https://spins.stg.fedoraproject.org/$1
+#    when: env == 'staging'
+#
+#  - role: httpd/redirectmatch
+#    name: prerelease-to-final-arm-1
+#    website: arm.fedoraproject.org
+#    regex: /(.*)prerelease.*$
+#    target: https://arm.stg.fedoraproject.org/$1
+#    when: env == 'staging'
+#
+#  - role: httpd/redirectmatch
+#    name: prerelease-to-final-labs-2
+#    website: labs.fedoraproject.org
+#    regex: /prerelease.*$
+#    target: https://labs.stg.fedoraproject.org/$1
+#    when: env == 'staging'
+#
+#  - role: httpd/redirectmatch
+#    name: prerelease-to-final-spins-2
+#    website: spins.fedoraproject.org
+#    regex: /prerelease.*$
+#    target: https://spins.stg.fedoraproject.org/$1
+#    when: env == 'staging'
+#
+#  - role: httpd/redirectmatch
+#    name: prerelease-to-final-arm-2
+#    website: arm.fedoraproject.org
+#    regex: /prerelease.*$
+#    target: https://arm.stg.fedoraproject.org/$1
+#    when: env == 'staging'
+#
+#  - role: httpd/redirectmatch
+#    name: cloud-to-atomic
+#    website: getfedora.org
+#    regex: /cloud/.*$
+#    target: https://alt.stg.fedoraproject.org/cloud/$1
+#    when: env == 'staging'
+#
+#  - role: httpd/redirectmatch
+#    name: cloud-to-atomic-download
+#    website: getfedora.org
+#    regex: /(.*)/cloud/download.*$
+#    target: https://alt.stg.fedoraproject.org/$1/cloud
+#    when: env == 'staging'
+#
 # end staging

  - role: httpd/redirectmatch
--- a/roles/ipsilon/files/oidc_scopes/pagure.py
+++ b/roles/ipsilon/files/oidc_scopes/pagure.py
@ -0,0 +1,86 @@
+from __future__ import absolute_import
+
+from ipsilon.providers.openidc.plugins.common import OpenidCExtensionBase
+
+
+class OpenidCExtension(OpenidCExtensionBase):
+    name = 'pagure'
+    display_name = 'Pagure.io'
+    scopes = {
+        'https://pagure.io/oidc/pull_request_merge': {
+            'display_name': 'Permission to merge a pull-request',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/pull_request_close': {
+            'display_name': 'Permission to close a pull-request',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/pull_request_comment': {
+            'display_name': 'Permission to comment a pull-request',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/pull_request_flag': {
+            'display_name': 'Permission to flag a pull-request with a CI status',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/pull_request_subscribe': {
+            'display_name': 'Permission to subscribe a user to a pull-request',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/pull_request_create': {
+            'display_name': 'Permission to create a pull-request',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/issue_create': {
+            'display_name': 'Permission to create an issue',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/issue_update': {
+            'display_name': 'Permission to update an issue',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/issue_change_status': {
+            'display_name': 'Permission to change the status of an issue',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/issue_update_milestone': {
+            'display_name': 'Permission to update the milestone of an issue',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/issue_comment': {
+            'display_name': 'Permission to comment on an issue',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/issue_assign': {
+            'display_name': 'Permission to assign an issue to a user',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/issue_subscribe': {
+            'display_name': 'Permission to subscribe a user to an issue',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/issue_update_custom_fields': {
+            'display_name': 'Permission to update an issue custom fields',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/create_project': {
+            'display_name': 'Permission to create a project',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/modify_project': {
+            'display_name': 'Permission to modify a project',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/fork_project': {
+            'display_name': 'Permission to fork a project',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/generate_acls_project': {
+            'display_name': 'Permission to generate the gitolite ACLs of a project',
+            'claims': [],
+        },
+        'https://pagure.io/oidc/commit_flag': {
+            'display_name': 'Permission to flag a commit with a CI results',
+            'claims': [],
+        },
+    }
--- a/roles/relvalconsumer/tasks/main.yml
+++ b/roles/relvalconsumer/tasks/main.yml
@ -14,27 +14,29 @@
 ##              EVER BE TRUE ON ONE SYSTEM IN THE WORLD**
 ##       default - False

-# note: we need updates-testing until fedfind 3.8.0 / wikitcms 2.2.0
-# goes stable
- name: Install required packages (testing)
-  dnf: name={{ item }} state=present enablerepo="updates-testing"
-  with_items:
-  - python2-fedfind
-  - python2-wikitcms
-  tags:
-  - packages
+# note: kept around for when we need packages from u-t
+#- name: Install required packages (testing)
+#  dnf: name={{ item }} state=present enablerepo="updates-testing"
+#  with_items:
+#  - python2-fedfind
+#  - python2-wikitcms
+#  tags:
+#  - packages

 - name: Install required packages
  dnf: name={{ item }} state=present
  with_items:
+  - python2-fedfind
+  - python2-wikitcms
  - python2-fedmsg-consumers
  - python2-mwclient
  - python-setuptools
+  - relval
  tags:
  - packages

 - name: Install required packages (wiki oidc auth)
-  dnf: name={{ item }} state=present enablerepo="updates-testing"
+  dnf: name={{ item }} state=present enablerepo="updates"
  with_items:
  - python2-openidc-client
  when: "wikitcms_token is defined"