CreateProject: Provide signed push option on project creation

Also add acceptance test that non-signed push to project that required signed push is rejected. Bug: Issue 7750 Change-Id: I28fa94ad08fb7f21e1af37c251e64421d2e443c2
2018-09-18 07:52:51 +02:00
parent d64425d001
commit 1c6ff2e724
7 changed files with 33 additions and 0 deletions
--- a/Documentation/rest-api-projects.txt
+++ b/Documentation/rest-api-projects.txt
@@ -3187,6 +3187,12 @@ Whether content merge should be enabled for the project (`TRUE`,
 |`require_change_id`                           |`INHERIT` if not set|
 Whether the usage of Change-Ids is required for the project (`TRUE`,
 `FALSE`, `INHERIT`).
+|`enable_signed_push`                           |`INHERIT` if not set|
+Whether signed push validation is enabled on the project  (`TRUE`,
+`FALSE`, `INHERIT`).
+|`require_signed_push`                          |`INHERIT` if not set|
+Whether signed push validation is required on the project  (`TRUE`,
+`FALSE`, `INHERIT`).
 |`max_object_size_limit`     |optional|
 Max allowed Git object size for this project.
 Common unit suffixes of 'k', 'm', or 'g' are supported.
--- a/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/AbstractDaemonTest.java
+++ b/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/AbstractDaemonTest.java
@@ -402,6 +402,8 @@ public abstract class AbstractDaemonTest {
      in.useContentMerge = ann.useContributorAgreements();
      in.useSignedOffBy = ann.useSignedOffBy();
      in.useContentMerge = ann.useContentMerge();
+      in.enableSignedPush = ann.enableSignedPush();
+      in.requireSignedPush = ann.requireSignedPush();
    } else {
      // Defaults should match TestProjectConfig, omitting nullable values.
      in.createEmptyCommit = true;
--- a/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/TestProjectInput.java
+++ b/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/TestProjectInput.java
@@ -45,6 +45,10 @@ public @interface TestProjectInput {

  InheritableBoolean requireChangeId() default InheritableBoolean.INHERIT;

+  InheritableBoolean enableSignedPush() default InheritableBoolean.INHERIT;
+
+  InheritableBoolean requireSignedPush() default InheritableBoolean.INHERIT;
+
  // Fields specific to acceptance test behavior.

  /** Username to use for initial clone, passed to {@link AccountCreator}. */
--- a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/git/AbstractPushForReview.java
+++ b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/git/AbstractPushForReview.java
@@ -196,6 +196,15 @@ public abstract class AbstractPushForReview extends AbstractDaemonTest {
    }
  }

+  @Test
+  @GerritConfig(name = "receive.enableSignedPush", value = "true")
+  @TestProjectInput(
+      enableSignedPush = InheritableBoolean.TRUE,
+      requireSignedPush = InheritableBoolean.TRUE)
+  public void nonSignedPushRejectedWhenSignPushRequired() throws Exception {
+    pushTo("refs/for/master").assertErrorStatus("push cert error");
+  }
+
  @Test
  public void pushInitialCommitForRefsMetaConfigBranch() throws Exception {
    // delete refs/meta/config
--- a/gerrit-extension-api/src/main/java/com/google/gerrit/extensions/api/projects/ProjectInput.java
+++ b/gerrit-extension-api/src/main/java/com/google/gerrit/extensions/api/projects/ProjectInput.java
@@ -33,6 +33,8 @@ public class ProjectInput {
  public InheritableBoolean useContentMerge;
  public InheritableBoolean requireChangeId;
  public InheritableBoolean createNewChangeForAllNotInTarget;
+  public InheritableBoolean enableSignedPush;
+  public InheritableBoolean requireSignedPush;
  public String maxObjectSizeLimit;
  public Map<String, Map<String, ConfigValue>> pluginConfigValues;
 }
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/CreateProject.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/CreateProject.java
@@ -186,6 +186,10 @@ public class CreateProject implements RestModifyView<TopLevelResource, ProjectIn
            input.createNewChangeForAllNotInTarget, InheritableBoolean.INHERIT);
    args.changeIdRequired =
        MoreObjects.firstNonNull(input.requireChangeId, InheritableBoolean.INHERIT);
+    args.enableSignedPush =
+        MoreObjects.firstNonNull(input.enableSignedPush, InheritableBoolean.INHERIT);
+    args.requireSignedPush =
+        MoreObjects.firstNonNull(input.requireSignedPush, InheritableBoolean.INHERIT);
    try {
      args.maxObjectSizeLimit = ProjectConfig.validMaxObjectSizeLimit(input.maxObjectSizeLimit);
    } catch (ConfigInvalidException e) {
@@ -269,6 +273,8 @@ public class CreateProject implements RestModifyView<TopLevelResource, ProjectIn
      newProject.setCreateNewChangeForAllNotInTarget(args.newChangeForAllNotInTarget);
      newProject.setRequireChangeID(args.changeIdRequired);
      newProject.setMaxObjectSizeLimit(args.maxObjectSizeLimit);
+      newProject.setEnableSignedPush(args.enableSignedPush);
+      newProject.setRequireSignedPush(args.requireSignedPush);
      if (args.newParent != null) {
        newProject.setParentName(args.newParent);
      }
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/CreateProjectArgs.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/CreateProjectArgs.java
@@ -34,6 +34,8 @@ public class CreateProjectArgs {
  public InheritableBoolean contentMerge;
  public InheritableBoolean newChangeForAllNotInTarget;
  public InheritableBoolean changeIdRequired;
+  public InheritableBoolean enableSignedPush;
+  public InheritableBoolean requireSignedPush;
  public boolean createEmptyCommit;
  public String maxObjectSizeLimit;

@@ -43,6 +45,8 @@ public class CreateProjectArgs {
    contentMerge = InheritableBoolean.INHERIT;
    changeIdRequired = InheritableBoolean.INHERIT;
    newChangeForAllNotInTarget = InheritableBoolean.INHERIT;
+    enableSignedPush = InheritableBoolean.INHERIT;
+    requireSignedPush = InheritableBoolean.INHERIT;
    submitType = SubmitType.MERGE_IF_NECESSARY;
  }