160 lines
6 KiB
Python
160 lines
6 KiB
Python
#!/usr/bin/python -t
|
|
#
|
|
# Create an /etc/gitolog/conf/getolog.conf file with acls for dist-git
|
|
#
|
|
# Takes no arguments!
|
|
#
|
|
|
|
import copy
|
|
import grp
|
|
import sys
|
|
|
|
import requests
|
|
{% if env == 'staging' %}
|
|
VCS_URL = 'https://admin.stg.fedoraproject.org/pkgdb/api/vcs?format=json'
|
|
GRP_URL = 'https://admin.stg.fedoraproject.org/pkgdb/api/groups?format=json'
|
|
{% else %}
|
|
VCS_URL = 'https://admin.fedoraproject.org/pkgdb/api/vcs?format=json'
|
|
GRP_URL = 'https://admin.fedoraproject.org/pkgdb/api/groups?format=json'
|
|
{% endif %}
|
|
|
|
|
|
if __name__ == '__main__':
|
|
# Get the users in various groups
|
|
TRUSTED = grp.getgrnam('cvsadmin')[3]
|
|
ARM = grp.getgrnam('fedora-arm')[3]
|
|
SPARC = grp.getgrnam('fedora-sparc')[3]
|
|
IA64 = grp.getgrnam('fedora-ia64')[3]
|
|
S390 = grp.getgrnam('fedora-s390')[3]
|
|
PPC = grp.getgrnam('fedora-ppc')[3]
|
|
PROVEN = grp.getgrnam('provenpackager')[3]
|
|
|
|
# Set the active branches to create ACLs for
|
|
# Give them the git branch eqiv until pkgdb follows suite
|
|
ACTIVE = {
|
|
'OLPC-2': 'olpc2', 'OLPC-3': 'olpc3', 'EL-4': 'el4',
|
|
'EL-5': 'el5', 'el5': 'el5', 'el6': 'el6', 'EL-6': 'el6',
|
|
'epel7': 'epel7',
|
|
'F-11': 'f11', 'F-12': 'f12', 'F-13': 'f13', 'f14': 'f14', 'f15':
|
|
'f15', 'f16': 'f16', 'f17': 'f17', 'f18': 'f18', 'f19': 'f19',
|
|
'f20': 'f20', 'f21': 'f21', 'f22': 'f22', 'f23': 'f23', 'f24': 'f24',
|
|
'f25': 'f25', 'f26': 'f26',
|
|
'devel': 'master', 'master': 'master'}
|
|
|
|
# Create a "regex"ish list 0f the reserved branches
|
|
RESERVED = [
|
|
'f[0-9][0-9]', 'epel[0-9]', 'epel[0-9][0-9]', 'el[0-9]',
|
|
'olpc[0-9]']
|
|
|
|
# Read the ACL information from the packageDB
|
|
data = requests.get(VCS_URL).json()
|
|
|
|
# print out our user groups
|
|
print '@admins = %s' % ' '.join(TRUSTED)
|
|
print '@provenpackager = %s' % ' '.join(PROVEN)
|
|
print '@fedora-arm = %s' % ' '.join(ARM)
|
|
print '@fedora-s390 = %s' % ' '.join(S390)
|
|
print '@fedora-ppc = %s' % ' '.join(PPC)
|
|
|
|
# Get a list of all the groups
|
|
groups = requests.get(GRP_URL).json()
|
|
for group in groups['groups']:
|
|
print '@%s = %s' % (group, ' '.join(grp.getgrnam(group)[3]))
|
|
|
|
# Give a little space before moving onto the permissions
|
|
print ''
|
|
# print our default permissions
|
|
print 'repo @all'
|
|
print ' - VREF/update-block-push-origin = @all'
|
|
print ' RWC = @admins @fedora-arm @fedora-s390 @fedora-ppc'
|
|
print ' R = @all'
|
|
#print ' RW private- = @all'
|
|
# dont' enable the above until we prevent building for real from private-
|
|
|
|
# XXX - Insert artificial namespaces into the set of namespaces returned
|
|
# by pkgdb. We want to create a mirror of rpms/PKG in test-rpms/PKG
|
|
# This hack occurs in two places. Here, and in the branch-creation script.
|
|
# https://github.com/fedora-infra/pkgdb2/issues/329#issuecomment-207050233
|
|
# And then, this got renamed from rpms-checks to test-rpms
|
|
# https://pagure.io/fedora-infrastructure/issue/5570
|
|
if 'rpms' in data:
|
|
data['test-rpms'] = copy.copy(data['rpms'])
|
|
# Also, modules are a thing
|
|
# https://pagure.io/fedora-infrastructure/issue/5571
|
|
if 'modules' in data:
|
|
data['test-modules'] = copy.copy(data['modules'])
|
|
if 'docker' in data:
|
|
data['test-docker'] = copy.copy(data['docker'])
|
|
|
|
# Get a list of all the packages
|
|
for key in data:
|
|
if key == 'title':
|
|
continue
|
|
|
|
acls = data[key]
|
|
pkglist = data[key].keys()
|
|
pkglist.sort()
|
|
|
|
if key != 'packageAcls':
|
|
key = '%s/' % key
|
|
else:
|
|
key = ''
|
|
|
|
for pkg in pkglist:
|
|
|
|
branchAcls = {} # Check whether we need to set separate per branch acls
|
|
buffer = [] # Buffer the output per package
|
|
masters = [] # Folks that have commit to master
|
|
writers = [] # Anybody that has write access
|
|
|
|
# Examine each branch in the package
|
|
branches = acls[pkg].keys()
|
|
branches.sort()
|
|
for branch in branches:
|
|
if not branch in ACTIVE.keys():
|
|
continue
|
|
if 'packager' in acls[pkg][branch]['commit']['groups']:
|
|
# If the packager group is defined, everyone has access
|
|
buffer.append(' RWC %s = @all' % (ACTIVE[branch]))
|
|
branchAcls.setdefault('@all', []).append(
|
|
(pkg, ACTIVE[branch])
|
|
)
|
|
if branch == 'master':
|
|
masters.append('@all')
|
|
if '@all' not in writers:
|
|
writers.append('@all')
|
|
else:
|
|
# Extract the owners
|
|
committers = []
|
|
owners = acls[pkg][branch]['commit']['people']
|
|
owners.sort()
|
|
for owner in owners:
|
|
committers.append(owner)
|
|
for group in acls[pkg][branch]['commit']['groups']:
|
|
committers.append('@%s' % group)
|
|
if branch == 'master':
|
|
masters.extend(committers)
|
|
|
|
# add all the committers to the top writers list
|
|
for committer in committers:
|
|
if not committer in writers:
|
|
writers.append(committer)
|
|
|
|
# Print the committers to the acl for this package-branch
|
|
committers = ' '.join(committers)
|
|
buffer.append(
|
|
' RWC %s = %s' % (ACTIVE[branch], committers))
|
|
branchAcls.setdefault(committers, []).append(
|
|
(pkg, ACTIVE[branch])
|
|
)
|
|
|
|
print ''
|
|
print 'repo %s%s' % (key, pkg)
|
|
print '\n'.join(buffer)
|
|
for reserved in RESERVED:
|
|
print ' - %s = @all' % reserved
|
|
print ' RWC refs/tags/ = %s' % ' '.join(writers)
|
|
if masters:
|
|
print ' RWC = %s' % ' '.join(masters)
|
|
|
|
sys.exit(0)
|