Check that Gerrit ACL files are normalized
Enhance Gerrit ACL check to check that the files are properly normalized. Co-Authored-By: Armando Migliaccio <armamig@gmail.com> Change-Id: I9cdee60e77dab9c6943626d5fa1eda0402840277
This commit is contained in:
		 Andreas Jaeger
					Andreas Jaeger
				
			
				
					committed by
					
						 armando-migliaccio
						armando-migliaccio
					
				
			
			
				
	
			
			
			 armando-migliaccio
						armando-migliaccio
					
				
			
						parent
						
							e6573ea752
						
					
				
				
					commit
					d8416301e8
				
			| @@ -16,9 +16,10 @@ function check_team_acl { | |||||||
|     for config in $configs_list; do |     for config in $configs_list; do | ||||||
|         echo "Checking $config file..." |         echo "Checking $config file..." | ||||||
|  |  | ||||||
|         if ! grep -q '\>-core\|\>-admins' $config; |         $OLDPWD/tools/normalize_acl.py $config all > $TMPDIR/normalized | ||||||
|  |         if ! diff -u $config $TMPDIR/normalized; | ||||||
|         then |         then | ||||||
|             echo "$config does not have a core/admins team defined!" >>config_failures |             echo "Project $config is not normalized!" >>config_failures | ||||||
|         fi |         fi | ||||||
|     done |     done | ||||||
| } | } | ||||||
| @@ -30,6 +31,8 @@ done | |||||||
|  |  | ||||||
| if [ -f config_failures ]; then | if [ -f config_failures ]; then | ||||||
|     echo -e; cat config_failures |     echo -e; cat config_failures | ||||||
|  |     num_errors=$(wc -l config_failures) | ||||||
|  |     echo -e "There are $num_errors projects not normalized." | ||||||
|     exit 1 |     exit 1 | ||||||
| fi | fi | ||||||
|  |  | ||||||
|   | |||||||
| @@ -3,6 +3,7 @@ | |||||||
| # Usage: normalize_acl.py acl.config [transformation [transformation [...]]] | # Usage: normalize_acl.py acl.config [transformation [transformation [...]]] | ||||||
| # | # | ||||||
| # Transformations: | # Transformations: | ||||||
|  | # all Apply all transformations. | ||||||
| # 0 - dry run (default, print to stdout rather than modifying file in place) | # 0 - dry run (default, print to stdout rather than modifying file in place) | ||||||
| # 1 - strip/condense whitespace and sort (implied by any other transformation) | # 1 - strip/condense whitespace and sort (implied by any other transformation) | ||||||
| # 2 - get rid of unneeded create on refs/tags | # 2 - get rid of unneeded create on refs/tags | ||||||
| @@ -10,6 +11,8 @@ | |||||||
| # 4 - strip default *.owner = group Administrators permissions | # 4 - strip default *.owner = group Administrators permissions | ||||||
| # 5 - sort the exclusiveGroupPermissions group lists | # 5 - sort the exclusiveGroupPermissions group lists | ||||||
| # 6 - replace openstack-ci-admins and openstack-ci-core with infra-core | # 6 - replace openstack-ci-admins and openstack-ci-core with infra-core | ||||||
|  | # 7 - add at least one core team, if no team is defined with special suffixes | ||||||
|  | #     like core, admins, milestone or Users | ||||||
|  |  | ||||||
| import re | import re | ||||||
| import sys | import sys | ||||||
| @@ -18,6 +21,8 @@ aclfile = sys.argv[1] | |||||||
|  |  | ||||||
| try: | try: | ||||||
|     transformations = sys.argv[2:] |     transformations = sys.argv[2:] | ||||||
|  |     if transformations and transformations[0] == 'all': | ||||||
|  |         transformations = [str(x) for x in range(0, 8)] | ||||||
| except KeyError: | except KeyError: | ||||||
|     transformations = [] |     transformations = [] | ||||||
|  |  | ||||||
| @@ -105,6 +110,18 @@ if '6' in transformations: | |||||||
|             newsection.append(option) |             newsection.append(option) | ||||||
|         acl[section] = newsection |         acl[section] = newsection | ||||||
|  |  | ||||||
|  | if '7' in transformations: | ||||||
|  |     special_teams = ("core", "milestone", "Users", "admins") | ||||||
|  |     for section in acl.keys(): | ||||||
|  |         newsection = [] | ||||||
|  |         for option in acl[section]: | ||||||
|  |             if ("refs/heads" in section and "group" in option | ||||||
|  |                     and "-2..+2" in option | ||||||
|  |                     and not any(x in option for x in special_teams)): | ||||||
|  |                 option = "%s%s" % (option, "-core") | ||||||
|  |             newsection.append(option) | ||||||
|  |         acl[section] = newsection | ||||||
|  |  | ||||||
| for section in sorted(acl.keys()): | for section in sorted(acl.keys()): | ||||||
|     if acl[section]: |     if acl[section]: | ||||||
|         out += '\n[%s]\n' % section |         out += '\n[%s]\n' % section | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user