Merge "Add checks for gerrit ACLs"

gerrit/projects.yaml

@@ -715,6 +715,7 @@
 - project: openstack-infra/vinz-webclient
   use-storyboard: true
   description: Standalone UI replacment for Gerrit
+  acl-config: /home/gerrit2/acls/openstack-infra/vinz.config
 - project: openstack-infra/yaml2ical
   use-storyboard: true
   description: Generate iCal files from a YAML description of meetings
@@ -783,7 +784,6 @@
   acl-config: /home/gerrit2/acls/openstack/app-catalog.config
 - project: openstack/astara
   description: Astara L3+ Network Virtualization - orchestration service
-  acl-config: /home/gerrit2/acls/openstack/astara.config
   groups:
     - astara
 - project: openstack/astara-appliance
@@ -844,7 +844,6 @@
   description: Billing service for OpenStack
 - project: openstack/blazar
   description: Reservation Service for OpenStack
-  acl-config: /home/gerrit2/acls/openstack/blazar.config
 - project: openstack/blazar-nova
   description: Specific Nova part of the Blazar Reservation Service for OpenStack
   acl-config: /home/gerrit2/acls/openstack/blazar.config
@@ -1319,7 +1318,6 @@
   description: Image building tools for OpenStack
 - project: openstack/distil
   description: Rating Service for OpenStack
-  acl-config: /home/gerrit2/acls/openstack/distil.config
 - project: openstack/django-openstack-auth-kerberos
   description: Kerberos support for django-openstack-auth
   acl-config: /home/gerrit2/acls/openstack/django_openstack_auth.config
@@ -1385,6 +1383,7 @@
   description: OpenStack Freezer Specifications.
   groups:
     - freezer
+  acl-config: /home/gerrit2/acls/openstack/freezer.config
 - project: openstack/freezer-web-ui
   description: Horizon Web interface for Freezer backup, restore and disaster recovery
     platform
@@ -2228,7 +2227,6 @@
   description: Simple library for parsing OpenStack microversion headers.
 - project: openstack/mistral
   description: Workflow Service for OpenStack.
-  acl-config: /home/gerrit2/acls/openstack/mistral.config
 - project: openstack/mistral-dashboard
   description: Mistral Horizon plugin.
   groups:
@@ -3015,7 +3013,6 @@
   acl-config: /home/gerrit2/acls/openstack/puppet-modules.config
 - project: openstack/puppet-ceph
   description: Ceph Puppet Module
-  acl-config: /home/gerrit2/acls/openstack/puppet-ceph.config
 - project: openstack/puppet-cinder
   description: OpenStack Cinder Puppet Module
   acl-config: /home/gerrit2/acls/openstack/puppet-modules.config
@@ -3409,12 +3406,10 @@
   description: Sahara aims to provide users with simple means to provision a Hadoop
     cluster by specifying several parameters like Hadoop version, cluster topology,
     nodes hardware details and a few more.
-  acl-config: /home/gerrit2/acls/openstack/sahara.config
   options:
     - translate
 - project: openstack/sahara-ci-config
   description: Sahara-ci 3rd party testing configs (jjb, zuul, etc.)
-  acl-config: /home/gerrit2/acls/openstack/sahara-ci-config.config
 - project: openstack/sahara-dashboard
   groups:
     - sahara
@@ -3547,7 +3542,6 @@
 - project: openstack/solum
   description: 'An OpenStack project designed to make cloud services easier to consume
     and integrate into your application development process. See: https://wiki.openstack.org/wiki/Solum'
-  acl-config: /home/gerrit2/acls/openstack/solum.config
 - project: openstack/solum-dashboard
   description: 'Horizon plugin for Solum. See: https://wiki.openstack.org/wiki/Solum'
   acl-config: /home/gerrit2/acls/openstack/solum.config

tools/check_valid_gerrit_projects.py

@@ -17,6 +17,7 @@
 import argparse
 import contextlib
 import git
+import os
 import re
 import shutil
 import sys
@@ -72,6 +73,10 @@ def main():
         'infile',
         help='Path to gerrit/projects.yaml',
     )
+    parser.add_argument(
+        'acldir',
+        help='Path to gerrit/acl',
+    )
     args = parser.parse_args()
 
     projects = yaml.load(open(args.infile, 'r'))
@@ -150,6 +155,30 @@ def main():
                 found_errors += 1
                 print("Error: Unknown option '%s' in project %s" %
                       (option, name))
+        # Check redundant acl-config
+        acl_config = p.get('acl-config')
+        if acl_config:
+            if acl_config.endswith(name + '.config'):
+                found_errors += 1
+                print("Error: Project %s has redundant acl_config line, "
+                      "remove it." % name)
+            if not acl_config.startswith('/home/gerrit2/acls/'):
+                found_errors += 1
+                print("Error: Project %s has wrong acl_config line, "
+                      "fix the path." % name)
+            acl_file = os.path.join(args.acldir,
+                                    acl_config[len('/home/gerrit2/acls/'):])
+            if not os.path.isfile(acl_file):
+                found_errors += 1
+                print("Error: Project %s has non existing acl_config line" %
+                      name)
+        else:
+            # Check that default file exists
+            acl_file = os.path.join(args.acldir, name + ".config")
+            if not os.path.isfile(acl_file):
+                found_errors += 1
+                print("Error: Project %s has no default acl-config file" %
+                      name)
 
     if found_errors:
         print("Found %d error(s) in %s" % (found_errors, args.infile))

tox.ini

@@ -19,7 +19,7 @@ commands =
 deps = PyYAML
      GitPython
 commands =
-  {toxinidir}/tools/check_valid_gerrit_projects.py gerrit/projects.yaml
+  {toxinidir}/tools/check_valid_gerrit_projects.py gerrit/projects.yaml gerrit/acls
   {toxinidir}/tools/check_projects_yaml_alphabetized.sh gerrit/projects.yaml
 
 [testenv:venv]