openstack/project-config
Code Issues Proposed changes

Check that Gerrit ACL files are normalized

Browse Source 
Enhance Gerrit ACL check to check that the files are properly
normalized.

Co-Authored-By: Armando Migliaccio <armamig@gmail.com>

Change-Id: I9cdee60e77dab9c6943626d5fa1eda0402840277
This commit is contained in:
Andreas Jaeger
2014-12-10 20:37:09 +01:00
committed by armando-migliaccio
parent e6573ea752
commit d8416301e8
2 changed files with 22 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tools/check_valid_gerrit_config.sh
View File

@@ -16,9 +16,10 @@ function check_team_acl {
for config in $configs_list; do for config in $configs_list; do
echo "Checking $config file..." echo "Checking $config file..."
if ! grep -q '\>-core\|\>-admins' $config; $OLDPWD/tools/normalize_acl.py $config all > $TMPDIR/normalized
if ! diff -u $config $TMPDIR/normalized;
then then
echo "$config does not have a core/admins team defined!" >>config_failures echo "Project $config is not normalized!" >>config_failures
fi fi
done done
} }
@@ -30,6 +31,8 @@ done
if [ -f config_failures ]; then if [ -f config_failures ]; then
echo -e; cat config_failures echo -e; cat config_failures
num_errors=$(wc -l config_failures)
echo -e "There are $num_errors projects not normalized."
exit 1 exit 1
fi fi

17
tools/normalize_acl.py
View File

@@ -3,6 +3,7 @@
# Usage: normalize_acl.py acl.config [transformation [transformation [...]]] # Usage: normalize_acl.py acl.config [transformation [transformation [...]]]
# #
# Transformations: # Transformations:
# all Apply all transformations.
# 0 - dry run (default, print to stdout rather than modifying file in place) # 0 - dry run (default, print to stdout rather than modifying file in place)
# 1 - strip/condense whitespace and sort (implied by any other transformation) # 1 - strip/condense whitespace and sort (implied by any other transformation)
# 2 - get rid of unneeded create on refs/tags # 2 - get rid of unneeded create on refs/tags
@@ -10,6 +11,8 @@
# 4 - strip default *.owner = group Administrators permissions # 4 - strip default *.owner = group Administrators permissions
# 5 - sort the exclusiveGroupPermissions group lists # 5 - sort the exclusiveGroupPermissions group lists
# 6 - replace openstack-ci-admins and openstack-ci-core with infra-core # 6 - replace openstack-ci-admins and openstack-ci-core with infra-core
# 7 - add at least one core team, if no team is defined with special suffixes
# like core, admins, milestone or Users
import re import re
import sys import sys
@@ -18,6 +21,8 @@ aclfile = sys.argv[1]
try: try:
transformations = sys.argv[2:] transformations = sys.argv[2:]
if transformations and transformations[0] == 'all':
transformations = [str(x) for x in range(0, 8)]
except KeyError: except KeyError:
transformations = [] transformations = []
@@ -105,6 +110,18 @@ if '6' in transformations:
newsection.append(option) newsection.append(option)
acl[section] = newsection acl[section] = newsection
if '7' in transformations:
special_teams = ("core", "milestone", "Users", "admins")
for section in acl.keys():
newsection = []
for option in acl[section]:
if ("refs/heads" in section and "group" in option
and "-2..+2" in option
and not any(x in option for x in special_teams)):
option = "%s%s" % (option, "-core")
newsection.append(option)
acl[section] = newsection
for section in sorted(acl.keys()): for section in sorted(acl.keys()):
if acl[section]: if acl[section]:
out += '\n[%s]\n' % section out += '\n[%s]\n' % section