We also have fedora-messaging spewing out on pushes, so lets set that
back to warning, and we also need to change the default pagure logging
root to WARN.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Right now when someone does a https push they get about 100 lines of
INFO and DEBUG from pagure. Everything from acls to messaging to pika to
everything. There's no need for all this debug/info spew.
Lets disable it and go back to just WARNINGS
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Drop resultsdb vars and playbooks.
resultsdb is now in openshift and on a different url.
Adjust bodhi, pagure dist git for the new url.
Drop taskotron roles.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Currently it's not possible to create token with pull_request_close ACL
for user (see https://pagure.io/pagure-dist-git/issue/144).
This commit will allow users to add pull_request_close ACL to their
token. The user is still validated if it has the permission, so adding
this ACL to user token doesn't allow user to use API to close any PR
currently opened in dist-git.
Thanks @pingou for helping me with this.
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
This was removed in prod in d0a8837 but left around in stg for
testing purposes. However, it is suspected that this was causing
users to not be able to push to forks in distgit, so removing.
https://pagure.io/fedora-infrastructure/issue/10045
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
Basically, we are now installing a small wrapper in /usr/local/bin
which just echoes to stdout what should be in the authorized_keys
file for that user.
That content is generated by retrieving the ssh key from sssd via
the command sss_ssh_authorizedkeys as well as the usual ssh way to
restrict the action an user/key can do: command="...".
In this case, we're setting a couple of environment variable that
are needed later on for things to work properly as well as only
allow the user to call the aclchecker.py script provided by pagure.
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
Basically, we are now installing a small wrapper in /usr/local/bin
which just echoes to stdout what should be in the authorized_keys
file for that user.
That content is generated by retrieving the ssh key from sssd via
the command sss_ssh_authorizedkeys as well as the usual ssh way to
restrict the action an user/key can do: command="...".
In this case, we're setting a couple of environment variable that
are needed later on for things to work properly as well as only
allow the user to call the aclchecker.py script provided by pagure.
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
This ACL turns out to be too confusing to users as it currently
does not work with our OIDC set-up with fedpkg.
Once we'll have figured out how to make both work together or
keep one and remove the other, we can revisit.
Keeping this in staging so we have a place where we can experiment
with this.
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
This permits users to create API tokens that have the ability to
commit to repositories through HTTPS. This is especially useful for
non-packagers that are trying to contribute through pull requests,
because they lack the normal packager SSH permissions.
Signed-off-by: Neal Gompa <ngompa13@gmail.com>
See https://pagure.io/fedora-infrastructure/issue/9557
Basically we don't need to block commits here anymore,
maintainers are confident they can prevent anything going out that
causes problems for the firefox name. Additionally, xulrunner was
retired a long time ago.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
