vexxhost: move base-jobs to config-project
Inside the VEXXHOST tenant, we have a need to be able to use build Docker images in many different places. Therefore, we need the ability to have secrets inside of a repository which other repos can just use the jobs for, avoiding the need of encrypting the Docker credentials for every single repository. However, due to the current limitation in Zuul, it's not possible to accomplish this without having a config-project, and by being a config-project, that provides an elevated set of access. As an interim solution until Zuul has the ability to do this without using a config-project, this change makes the project a config project however changes the ACLs to include project-config-core. The rationale was that I (mnaser) is already part of that group and therefore this wouldn't be providing me any more access to make changes to config projects. This would be an interim solution until we're able to do this natively with Zuul and the ACLs can return to VEXXHOST. In this change, we also move opendev/project-config to only load jobs, secrets and nodesets and to avoid loading the project so we don't end up reporting to changes to opendev/project-config. Change-Id: I6baefcae3e23767aeeaa2d572b1a17fd2aa5ebe6
This commit is contained in:
parent
d1c645f6e6
commit
2545dfd73a
@ -6135,7 +6135,7 @@
|
||||
acl-config: /home/gerrit2/acls/vexxhost/vexxhost.config
|
||||
- project: vexxhost/base-jobs
|
||||
description: Base jobs for VEXXHOST tenant
|
||||
acl-config: /home/gerrit2/acls/vexxhost/vexxhost.config
|
||||
acl-config: /home/gerrit2/acls/opendev/project-config.config
|
||||
- project: vexxhost/kue
|
||||
description: Tooling for Kubernetes deployment on OpenStack
|
||||
acl-config: /home/gerrit2/acls/vexxhost/vexxhost.config
|
||||
|
@ -1522,20 +1522,18 @@
|
||||
source:
|
||||
gerrit:
|
||||
config-projects:
|
||||
- opendev/project-config
|
||||
# Only use jobs and secrets from this repo, we do not want
|
||||
# the project definition.
|
||||
- opendev/base-jobs:
|
||||
include:
|
||||
- job
|
||||
- secret
|
||||
- nodeset
|
||||
- include: [job, secret, nodeset]
|
||||
projects:
|
||||
- opendev/base-jobs
|
||||
- vexxhost/base-jobs
|
||||
- opendev/project-config
|
||||
untrusted-projects:
|
||||
- zuul/zuul-jobs
|
||||
- vexxhost/ansible-role-docker-distribution
|
||||
- vexxhost/ansible-role-openmanage
|
||||
- vexxhost/ansible-role-wireguard
|
||||
- vexxhost/base-jobs
|
||||
- vexxhost/kue
|
||||
- vexxhost/libvirtd_exporter
|
||||
- vexxhost/lodgeit-helm
|
||||
|
Loading…
x
Reference in New Issue
Block a user