Add checks for gerrit ACLs

Check the following common problems with gerrit ACL lines:
* Wrong path
* Non-existence of a referenced file
* Redundant setting of acl-config with default value

Remove redundant entries that the script found.
Add acl-config for freezer-specs since no ACL existed.
Add acl-config for vinz-webclient since no ACL existed,
this was in original change I1706332f911ad9c8887d1e40613b06cbeb5e1143.

Change-Id: I6b9fc6d2ff1cd5a1f871975608947d6fe763b500
This commit is contained in:
Andreas Jaeger 2016-04-11 16:25:25 +02:00
parent c0ee0db357
commit 6ef07db860
3 changed files with 32 additions and 9 deletions

View File

@ -709,6 +709,7 @@
- project: openstack-infra/vinz-webclient
use-storyboard: true
description: Standalone UI replacment for Gerrit
acl-config: /home/gerrit2/acls/openstack-infra/vinz.config
- project: openstack-infra/yaml2ical
use-storyboard: true
description: Generate iCal files from a YAML description of meetings
@ -777,7 +778,6 @@
acl-config: /home/gerrit2/acls/openstack/app-catalog.config
- project: openstack/astara
description: Astara L3+ Network Virtualization - orchestration service
acl-config: /home/gerrit2/acls/openstack/astara.config
groups:
- astara
- project: openstack/astara-appliance
@ -835,7 +835,6 @@
description: Billing service for OpenStack
- project: openstack/blazar
description: Reservation Service for OpenStack
acl-config: /home/gerrit2/acls/openstack/blazar.config
- project: openstack/blazar-nova
description: Specific Nova part of the Blazar Reservation Service for OpenStack
acl-config: /home/gerrit2/acls/openstack/blazar.config
@ -1305,7 +1304,6 @@
description: Image building tools for OpenStack
- project: openstack/distil
description: Rating Service for OpenStack
acl-config: /home/gerrit2/acls/openstack/distil.config
- project: openstack/django-openstack-auth-kerberos
description: Kerberos support for django-openstack-auth
acl-config: /home/gerrit2/acls/openstack/django_openstack_auth.config
@ -1371,6 +1369,7 @@
description: OpenStack Freezer Specifications.
groups:
- freezer
acl-config: /home/gerrit2/acls/openstack/freezer.config
- project: openstack/freezer-web-ui
description: Horizon Web interface for Freezer backup, restore and disaster recovery
platform
@ -2212,7 +2211,6 @@
description: Simple library for parsing OpenStack microversion headers.
- project: openstack/mistral
description: Workflow Service for OpenStack.
acl-config: /home/gerrit2/acls/openstack/mistral.config
- project: openstack/mistral-dashboard
description: Mistral Horizon plugin.
groups:
@ -2987,7 +2985,6 @@
acl-config: /home/gerrit2/acls/openstack/puppet-modules.config
- project: openstack/puppet-ceph
description: Ceph Puppet Module
acl-config: /home/gerrit2/acls/openstack/puppet-ceph.config
- project: openstack/puppet-cinder
description: OpenStack Cinder Puppet Module
acl-config: /home/gerrit2/acls/openstack/puppet-modules.config
@ -3376,12 +3373,10 @@
description: Sahara aims to provide users with simple means to provision a Hadoop
cluster by specifying several parameters like Hadoop version, cluster topology,
nodes hardware details and a few more.
acl-config: /home/gerrit2/acls/openstack/sahara.config
options:
- translate
- project: openstack/sahara-ci-config
description: Sahara-ci 3rd party testing configs (jjb, zuul, etc.)
acl-config: /home/gerrit2/acls/openstack/sahara-ci-config.config
- project: openstack/sahara-dashboard
groups:
- sahara
@ -3514,7 +3509,6 @@
- project: openstack/solum
description: 'An OpenStack project designed to make cloud services easier to consume
and integrate into your application development process. See: https://wiki.openstack.org/wiki/Solum'
acl-config: /home/gerrit2/acls/openstack/solum.config
- project: openstack/solum-dashboard
description: 'Horizon plugin for Solum. See: https://wiki.openstack.org/wiki/Solum'
acl-config: /home/gerrit2/acls/openstack/solum.config

View File

@ -17,6 +17,7 @@
import argparse
import contextlib
import git
import os
import re
import shutil
import sys
@ -72,6 +73,10 @@ def main():
'infile',
help='Path to gerrit/projects.yaml',
)
parser.add_argument(
'acldir',
help='Path to gerrit/acl',
)
args = parser.parse_args()
projects = yaml.load(open(args.infile, 'r'))
@ -150,6 +155,30 @@ def main():
found_errors += 1
print("Error: Unknown option '%s' in project %s" %
(option, name))
# Check redundant acl-config
acl_config = p.get('acl-config')
if acl_config:
if acl_config.endswith(name + '.config'):
found_errors += 1
print("Error: Project %s has redundant acl_config line, "
"remove it." % name)
if not acl_config.startswith('/home/gerrit2/acls/'):
found_errors += 1
print("Error: Project %s has wrong acl_config line, "
"fix the path." % name)
acl_file = os.path.join(args.acldir,
acl_config[len('/home/gerrit2/acls/'):])
if not os.path.isfile(acl_file):
found_errors += 1
print("Error: Project %s has non existing acl_config line" %
name)
else:
# Check that default file exists
acl_file = os.path.join(args.acldir, name + ".config")
if not os.path.isfile(acl_file):
found_errors += 1
print("Error: Project %s has no default acl-config file" %
name)
if found_errors:
print("Found %d error(s) in %s" % (found_errors, args.infile))

View File

@ -19,7 +19,7 @@ commands =
deps = PyYAML
GitPython
commands =
{toxinidir}/tools/check_valid_gerrit_projects.py gerrit/projects.yaml
{toxinidir}/tools/check_valid_gerrit_projects.py gerrit/projects.yaml gerrit/acls
{toxinidir}/tools/check_projects_yaml_alphabetized.sh gerrit/projects.yaml
[testenv:venv]