Gerrit very much wants its ACLs to indent option lines (but not
section headings) by a single hard tab.
The recent migration to schema 185 with Gerrit 3.7 has updated
copyConditions flags and re-written most of the ACL files to look like
this (c.f. I1f11c07e3786bd1a68b43d908d939fde42ddb99c).
This updates the normalize tool to format like this, and modifies all
our ACL's to the new format.
This is intended to be a no-op with no functional change. For future
upgrades, this will reduce the diffs of any updates Gerrit might make.
Change-Id: I3a0c0da1eb32f8afb31ffa0c24ea45aaca8da8cc
Similar to Ic43f561174ebf30474b1b54be2bed02695cebedc and
I83160aeec0a450f8678ecb583fb7570ac0e71f4a, this converts the existing
Review-Priority rules to submit-requirements following the gerrit
migration rules from [1].
These are all using "AnyWithBlock" which means that only the lowest
possible vote blocks submission. Thus we replace this with a
submit-requirement of "-label:Review-Priority=MIN". The function is
changed to NoBlock as done by the migration tool.
As with the prior change; the submit-requirement with the same name as
the label will avoid us having migrations run on these ACL's and
keep our gerrit in-sync with project-config.
Also as with the prior change, this should have no affect for users.
[1] https://gerrit-review.googlesource.com/c/gerrit/+/339542
Change-Id: Id5157b9f59082485b6aff92c4f3527fb4c8084aa
The copy conditions here have been replaced by the "copyCondition"
query tag. This updates the deprecated values to a new query which
does the same thing -- i.e. this should be a noop.
Mostly these are setup to have votes on labels that should be copied
on a no code change/trivial rebase, and if they're -2/+2 (i.e. max
votes are sticky). To be exact the group of
copyallScoresIfNoCodeChange = true
copyAllScoresOnTrivialRebase = true
copyMaxScore = true
copyMinScore = true
becomes
changekind:NO_CODE_CHANGE or changekind:TRIVIAL_REBASE \
or is:MAX or is:MIN
Note all but ocatvia.conf, octavia-dashboard, octavia-lib, and
python-octaviaclient are copying -2/+2 votes; I feel like this is
probably a bug but I have modified these 4 projects to maintain the
same behaviour of not copying the votes.
A small number of projects copy any vote; glance.config,
kayobe.config, kolla.config, nova-specs.config, nova.config,
os-vif.config, placement.config, python-novaclient.config -- they are
replaced with is:ANY.
The old conditions have been deprecated since gerrit 3.5 [1].
Although the old conditions have not been removed yet, this will help
as we think about also changing these to submission requirements for
Gerrit 3.7.
[1] https://gerrit.googlesource.com/gerrit/+/c429ff33d944272b1f4da9f84f904f6403919ea3
Change-Id: Id13fdf588d07c1fec73978e7a69f1d9097989696
WIP state in Gerrit is tricky and has side effects a lot of new
contributors might not expect it to completely remove their patch
from the dashboards. In those cases; it's nice for a core to be
able to toggle the wip state.
Change-Id: I88e5e0df93b20ebf0db7e10462af051526541780
This patch series move openstack/* projects from All-Projects ACL to
meta-config ACL, which is created especially for the Release Managers
group.
Change-Id: I336cee87cff8c3f407d29f8a30fbd5505cc713d7
Some repos have ACLs with groups that contain the stable-maint-core
group, while others do not include the group at all. All governed repos
should include this team, even if they don't assert
stable:follows-policy so stable branch issues can be resolved as needed.
To make it consistent and clear, this adds stable-maint-core directly to
the ACLs for all repos under governance.
Change-Id: Ifdc429e2c9609475584f0473828d41d3f1067c72
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
This allows anyone in the group "designate-release-manager"
to set the priority of patches, and block non freeze patches
during RC.
This allows for more precise dashboard than relying
on stars from PTLs, and allows the team to distingush
between a procedural -2 and a release freeze -2.
Change-Id: Id7b4c6b219899fa7ed86554257264af7efe20408
This reverts commit fa5ac08128.
There is no longer need for a specific stable/queens ACL, as
post-release we can default to the general stable/* rule instead.
Change-Id: I34bc206eca5a04cc924e8e33b2791bd9214ce13b
As part of the usual release process, add specific ACL for
the stable/queens branch, so that we can transfer control from
release managers to stable branch managers around release time.
This change will be reverted post-release once the specific ACL
is no longer needed.
For more details, see:
http://git.openstack.org/cgit/openstack/releases/tree/PROCESS.rst#n86
Change-Id: I222390e96759f5dc83a41cdc606d5e964f2b011d
This removes stable/pike-specific ACLs that were used to handle
ACL transition between releae and stable team around Pike
release.
Change-Id: I2a6f17d0224c16408c7326bfcb5a6e6b4f35c4b1
For cycle-with-milestones deliverables, define a specific
ACL for stable/pike pointing to the $project-release-branch
group. Pre-release, that group will include Release Managers
and $project-release (to give control to release teams).
Post-release that group will contain $project-stable-maint,
to give control to stable teams).
Change-Id: I9fa69e035d3ba50f8171b510bc9da753d48486bb
Following the end-of-cycle process describe in
openstack/releases/PROCESS.rst, set the gerrit ACLs for the stable
branches so the appropriate team members can approve patches during the
release candidate phase. The stable/ocata branches will be created in
a few weeks.
Change-Id: I80e1b68c881bfd27b6ad06aa6b5f2a216bd81a63
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
This reverts commit dee868e4bb,
but also the stable/newton ACL introduced for networking-hyperv
in 01de6ee4f9.
Change-Id: Icb576a4b51fd68fac1e63e18feaa9cab77f04d4d
Set up a temporary ACL rule for handling the upcoming
stable/newton release branches, for milestone-driven projects
which will go through a release candidate phase.
The $project-release-branch groups will have 'Release Managers'
as its initial member and admin. We'll add PTLs and release
liaisons to the groups pre-release, then add the stable maintenance
team at release time. Then the temporary ACLs will be removed.
This process lets us handle the transition from release branch to
stable branch gracefully and without too much sync points between
infra and release teams.
Change-Id: I16ab679ee7b1f9018299659ecdc03b089600f701
Set up (temporary) pre-release ACLs for the soon-to-be-created
stable/mitaka branches (only for managed projects following the
milestones-driven release model).
This will be reverted post-release as we let stable maintenance
teams take over control over stabel branches.
Change-Id: Ia284ecddc497fbee86dc17f9f0b9f7c07293626f
Whenever a project-specific ACL declares exclusiveGroupPermissions
on some permission, it can block other valid uses of that permission
which would otherwise be inherited from the All-Projects pseudoACL.
Make sure that Project Bootstrappers retains access to abandon,
-2..+2 on label-Code-Review and -1..+1 on label-Workflow. Also make
sure Change Owners can still abandon and add -1..0 on
label-Workflow, and that Registered Users can always -1..+1 on
label-Code-Review.
This change corrects existing ACLs to meet the above criteria, and
also introduces a normalization rule to prevent regression.
Change-Id: I2eecb7028bcab7d5d82ad4155a775a9b2daa441f
All these changes are needed since they are in a group with exclusiveGroupPermissions.
This reverts commit 26ceb615a8.
Change-Id: Ie9cc164a45c5ae020d3b032ff7b4020e3c9a44b9
Since the upgrade to 2.11 this is redundant and casuses a problem in
some repos as this masks the (correct) internal group.
See discussion in: https://review.openstack.org/#/c/278521/
Change-Id: Ifc83b3ec1dead300c3983ca2b6bfdec6b1d99780
revert change I88fc2d2cdd708faa0a0d2fc8b00d77b53deb49d4 and give
karma back to those who need to maintain the stable branches
Note: Trove and Ceilometer needs to be done in subsequent reviews
as they are not released yet.
Change-Id: Ia55f5e6b6e67cf412ce6f653a70d068ec2acaf1b
Set up temporary pre-release stable/liberty ACLs since the
branch is currently a release branch until final release.
Change-Id: I88fc2d2cdd708faa0a0d2fc8b00d77b53deb49d4
Set up standard release and stable branch ACLs for barbican,
designate manila and zaqar, which are release:managed.
Change-Id: I8a1ba8435e74f33f4005c61cd27252fcf0f06a42
Remove the stable/kilo temporarily release management ACL sections
but don't restore the old proposed/* sections since they're no
longer needed either. At least in spirit....
This reverts commit 639ec1d17e.
This reverts commit fb04574fc0.
This reverts commit 774f236cf4.
Change-Id: Ifb5e8ec6175ad0623db9e3c02883255c98149dab
...only Project Bootstrappers.
Correct the ACL normalization script oversight which led to this
unfortunate mistake, and clean up the resulting mess.
Change-Id: I391ead734d0cd28277581d54f254718c3e36d4b0
The proposed/kilo branches of integrated release projects will not
be used this cycle. Instead we're going straight into stable/kilo
but keeping the access controls we had over the old proposed
branches for now. This change can be reverted once Kilo is released,
to return control to teh stable branch maintainers thereafter.
Change-Id: Iaced68397d700d19a3f715de458bd83cbf78cf39
As discussed in Paris and subsequently discussed on the mailing-list,
switch stable branch maintenance to project-specific teams under the
guidance and leadership of the stable-maint-core team.
All $PROJECT-stable-maint teams in Gerrit should be owned by
stable-maint-core which will vet the addition of members to make sure
they are aware of the Stable Branch policy.
Remarks:
- Sahara was already using their own team, proposed change will align
them to use a specific team instead.
- Designate is still incubated and therefore stable-maint-core doesn't
own their stable branches yet. Proposed change fixes ACL to reflect
that.
- All projects still inherit openstack-stable-maint from the
all-projects ACL, but this will be removed once the transition is
over.
Reference:
http://lists.openstack.org/pipermail/openstack-dev/2014-November/050390.html
Change-Id: Id127d24e4428be8b450de277dc55df20349aab13
This is the result of running:
find gerrit/acls/ -type f -name "*.config" \
-exec ./tools/normalize_acl.py {} 1 2 3 4 5 6 \;
Change-Id: Icc447d5c413008138c88daba6fe8e1bd72bfe65e
This repo was created from filter branching the openstack-infra/
config repo. This process brought a lot of cruft with it in the
form of directories that we no longer need. This patch removes
that cruft so we begin with a tidier repo.
Change-Id: Ibffad1b11c0c5f84eedfb0365369f60c4961a0f3
Jeremy Stanley