From f4532f1a80bff235f98cb0c553d190bc13863bb7 Mon Sep 17 00:00:00 2001
From: Matt McEuen <matt.mceuen@att.com>
Date: Tue, 21 May 2019 12:16:24 -0500
Subject: [PATCH] Add granular ACLs for Airship Projects

This adds more granular ACLs for the Airship Pegleg and Spyglass
projects.  As discussed at the Denver PTG, Airship project-specific core
teams will be requested as-needed, while the existing Airship-wide core
team will maintain grandfathered core review responsibilities.

Change-Id: I47f4188f8cf85b371a686a8ce964e154775730dc
---
 .../{openstack => airship}/airship.config     |  0
 gerrit/acls/airship/pegleg.config             | 16 ++++++++++
 gerrit/acls/airship/spyglass.config           | 16 ++++++++++
 gerrit/projects.yaml                          | 32 +++++++++----------
 4 files changed, 47 insertions(+), 17 deletions(-)
 rename gerrit/acls/{openstack => airship}/airship.config (100%)
 create mode 100644 gerrit/acls/airship/pegleg.config
 create mode 100644 gerrit/acls/airship/spyglass.config

diff --git a/gerrit/acls/openstack/airship.config b/gerrit/acls/airship/airship.config
similarity index 100%
rename from gerrit/acls/openstack/airship.config
rename to gerrit/acls/airship/airship.config
diff --git a/gerrit/acls/airship/pegleg.config b/gerrit/acls/airship/pegleg.config
new file mode 100644
index 0000000000..e77e4dab86
--- /dev/null
+++ b/gerrit/acls/airship/pegleg.config
@@ -0,0 +1,16 @@
+[access "refs/heads/*"]
+abandon = group pegleg-core
+create = group airship-release
+label-Code-Review = -2..+2 group pegleg-core
+label-Verified = -1..+1 group airship-ci
+label-Workflow = -1..+1 group pegleg-core
+
+[access "refs/tags/*"]
+pushSignedTag = group airship-release
+
+[receive]
+requireChangeId = true
+requireContributorAgreement = true
+
+[submit]
+mergeContent = true
diff --git a/gerrit/acls/airship/spyglass.config b/gerrit/acls/airship/spyglass.config
new file mode 100644
index 0000000000..a36453a102
--- /dev/null
+++ b/gerrit/acls/airship/spyglass.config
@@ -0,0 +1,16 @@
+[access "refs/heads/*"]
+abandon = group spyglass-core
+create = group airship-release
+label-Code-Review = -2..+2 group spyglass-core
+label-Verified = -1..+1 group airship-ci
+label-Workflow = -1..+1 group spyglass-core
+
+[access "refs/tags/*"]
+pushSignedTag = group airship-release
+
+[receive]
+requireChangeId = true
+requireContributorAgreement = true
+
+[submit]
+mergeContent = true
diff --git a/gerrit/projects.yaml b/gerrit/projects.yaml
index a90b324f61..491d675c99 100644
--- a/gerrit/projects.yaml
+++ b/gerrit/projects.yaml
@@ -1,103 +1,101 @@
 - project: airship/armada
   description: An orchestrator for managing a collection of Kubernetes Helm charts.
   use-storyboard: true
-  acl-config: /home/gerrit2/acls/openstack/airship.config
+  acl-config: /home/gerrit2/acls/airship/airship.config
   groups:
     - airship
 - project: airship/berth
   description: A minimalist VM runner for Kubernetes using Helm.
   use-storyboard: true
-  acl-config: /home/gerrit2/acls/openstack/airship.config
+  acl-config: /home/gerrit2/acls/airship/airship.config
   groups:
     - airship
 - project: airship/deckhand
   description: A configuration management service with support for secrets.
   use-storyboard: true
-  acl-config: /home/gerrit2/acls/openstack/airship.config
+  acl-config: /home/gerrit2/acls/airship/airship.config
   groups:
     - airship
 - project: airship/divingbell
   description: A lightweight solution for configuration of baremetal nodes.
   use-storyboard: true
-  acl-config: /home/gerrit2/acls/openstack/airship.config
+  acl-config: /home/gerrit2/acls/airship/airship.config
   groups:
     - airship
 - project: airship/drydock
   description: A declarative host provisioning system.
   use-storyboard: true
-  acl-config: /home/gerrit2/acls/openstack/airship.config
+  acl-config: /home/gerrit2/acls/airship/airship.config
   groups:
     - airship
 - project: airship/governance
   description: Airship governance documentation
   use-storyboard: true
-  acl-config: /home/gerrit2/acls/openstack/airship.config
+  acl-config: /home/gerrit2/acls/airship/airship.config
   groups:
     - airship
 - project: airship/in-a-bottle
   description: Integrated deployment configuration and documentation.
   use-storyboard: true
-  acl-config: /home/gerrit2/acls/openstack/airship.config
+  acl-config: /home/gerrit2/acls/airship/airship.config
   groups:
     - airship
 - project: airship/maas
   description: Kubernetes deployment artifacts for Canonical's MaaS.
   use-storyboard: true
-  acl-config: /home/gerrit2/acls/openstack/airship.config
+  acl-config: /home/gerrit2/acls/airship/airship.config
   groups:
     - airship
 - project: airship/pegleg
   description: A configuration organization tool.
   use-storyboard: true
-  acl-config: /home/gerrit2/acls/openstack/airship.config
   groups:
     - airship
 - project: airship/promenade
   description: A declarative framework for resilient Kubernetes deployment.
   use-storyboard: true
-  acl-config: /home/gerrit2/acls/openstack/airship.config
+  acl-config: /home/gerrit2/acls/airship/airship.config
   groups:
     - airship
 - project: airship/shipyard
   description: A cluster lifecycle orchestrator for Airship.
   use-storyboard: true
-  acl-config: /home/gerrit2/acls/openstack/airship.config
+  acl-config: /home/gerrit2/acls/airship/airship.config
   groups:
     - airship
 - project: airship/specs
   description: Specs for the Airship projects
   use-storyboard: true
-  acl-config: /home/gerrit2/acls/openstack/airship.config
+  acl-config: /home/gerrit2/acls/airship/airship.config
   groups:
     - airship
 - project: airship/spyglass
   description: Configuration extraction tool for Airship
   use-storyboard: true
-  acl-config: /home/gerrit2/acls/openstack/airship.config
   groups:
     - airship
 - project: airship/spyglass-plugin-xls
   description: Excel data extraction plugin for Spyglass
   use-storyboard: true
-  acl-config: /home/gerrit2/acls/openstack/airship.config
+  acl-config: /home/gerrit2/acls/airship/spyglass.config
   groups:
     - airship
 - project: airship/tempest-plugin
   description: Tempest plugin for validation of Airship components.
   use-storyboard: true
-  acl-config: /home/gerrit2/acls/openstack/airship.config
+  acl-config: /home/gerrit2/acls/airship/airship.config
   groups:
     - airship
 - project: airship/treasuremap
   description: Reference Airship manifests, CICD, and reference architecture.
   use-storyboard: true
-  acl-config: /home/gerrit2/acls/openstack/airship.config
+  acl-config: /home/gerrit2/acls/airship/airship.config
   groups:
     - airship
 - project: airship/utils
   description: Collection of common tools for the Airship projects
   use-storyboard: true
-  acl-config: /home/gerrit2/acls/openstack/airship.config
+  acl-config: /home/gerrit2/acls/airship/airship.config
   groups:
     - airship
 - project: inaugust/inaugust.com