Attempt to more fully manage project creation.

Manage project creation via yaml files. Also,
Modify the manage_projects scripts to configure Gerrit project ACLs.
This change expects the project yaml to exist. The change will clone the
project for the localhost Gerrit install. It will then checkout the
meta/config ref, copy the ACL config file into the repo, commit, and
push to the origin. The ACL config location should be specified in the
projects.yaml file with the acl_config key.

For this to work the ACLs will need to be copied by Puppet from Puppet
to the Gerrit host. Add the file resource to do this as well.

Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4
Reviewed-on: https://review.openstack.org/15352
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins

modules/gerrit/manifests/init.pp

@@ -84,6 +84,8 @@ class gerrit(
   $ssh_dsa_pubkey_contents = '', # If left empty puppet will not create file.
   $ssh_rsa_key_contents = '', # If left empty puppet will not create file.
   $ssh_rsa_pubkey_contents = '', # If left empty puppet will not create file.
+  $ssh_project_rsa_key_contents = '', # If left empty puppet will not create file.
+  $ssh_project_rsa_pubkey_contents = '', # If left empty puppet will not create file.
   $openidssourl = 'https://login.launchpad.net/+openid',
   $email = '',
   $database_poollimit = '',
@@ -101,17 +103,15 @@ class gerrit(
   $contactstore_appsec = '',
   $contactstore_pubkey = '',
   $contactstore_url = '',
-  $projects_file = 'UNDEF',
   $enable_melody = false,
   $melody_session = false,
   $replicate_github = false,
-  $replicate_local = true,
-  $local_git_dir = '/var/lib/git',
   $replication_targets = [],
   $gitweb = true,
   $testmode = false
 ) {
   include apache
+  include pip
 
   $java_home = $::lsbdistcodename ? {
     'precise' => '/usr/lib/jvm/java-6-openjdk-amd64/jre',
@@ -145,6 +145,12 @@ class gerrit(
     ensure => present,
   }
 
+  package { 'gerritlib':
+    ensure   => latest,
+    provider => 'pip',
+    require  => Class[pip],
+  }
+
   file { '/var/log/gerrit':
     ensure => directory,
     owner  => 'gerrit2',
@@ -203,34 +209,6 @@ class gerrit(
     }
   }
 
-  if ($projects_file != 'UNDEF') {
-
-    if ($replicate_local) {
-      file { $local_git_dir:
-        ensure => directory,
-        owner  => 'gerrit2',
-      }
-    }
-
-    file { '/home/gerrit2/projects.yaml':
-      ensure  => present,
-      owner   => 'gerrit2',
-      group   => 'gerrit2',
-      mode    => '0444',
-      source  => $projects_file,
-      replace => true,
-    }
-
-    exec { 'make_local_repos':
-      user        => 'gerrit2',
-      command     => "/usr/local/gerrit/scripts/make_local_repos.py ${local_git_dir}",
-      subscribe   => File['/home/gerrit2/projects.yaml'],
-      refreshonly => true,
-      require     => File['/home/gerrit2/projects.yaml'],
-    }
-
-  }
-
   # Gerrit sets these permissions in 'init'; don't fight them.
   file { '/home/gerrit2/review_site/etc/gerrit.config':
     ensure  => present,
@@ -373,6 +351,28 @@ class gerrit(
     }
   }
 
+  if $ssh_project_rsa_key_contents != '' {
+    file { '/home/gerrit2/review_site/etc/ssh_project_rsa_key':
+      owner   => 'gerrit2',
+      group   => 'gerrit2',
+      mode    => '0600',
+      content => $ssh_project_rsa_key_contents,
+      replace => true,
+      require => File['/home/gerrit2/review_site/etc']
+    }
+  }
+
+  if $ssh_project_rsa_pubkey_contents != '' {
+    file { '/home/gerrit2/review_site/etc/ssh_project_rsa_key.pub':
+      owner   => 'gerrit2',
+      group   => 'gerrit2',
+      mode    => '0644',
+      content => $ssh_rsa_project_pubkey_contents,
+      replace => true,
+      require => File['/home/gerrit2/review_site/etc']
+    }
+  }
+
   # Install Gerrit itself.
 
   # The Gerrit WAR is specified as a url like