From 3bc3b18f4dfdf54c17a54635b2aebaf0bbcaeaf1 Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Thu, 2 Dec 2021 15:42:18 -0800 Subject: [PATCH] Add REST api auth rules This allows locally generated (by infra-root) tokens to be used for admin commands. Change-Id: I452fc7863985c0d94a98440823fd0aa1d454ec31 --- tools/check_valid_gerrit_projects.py | 2 ++ zuul/main.yaml | 17 +++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/tools/check_valid_gerrit_projects.py b/tools/check_valid_gerrit_projects.py index 933fac45c8..154ed316f1 100755 --- a/tools/check_valid_gerrit_projects.py +++ b/tools/check_valid_gerrit_projects.py @@ -110,6 +110,8 @@ def check_zuul_main(zuul_main, projects): # Check that for each gerrit source, we have a project defined in gerrit. for tenant in main_content: t = tenant.get('tenant') + if not t: + continue sources = t.get('source') if sources and sources.get('gerrit'): for project_types in sources['gerrit']: diff --git a/zuul/main.yaml b/zuul/main.yaml index 2ef15f6cfe..4b3593f9b7 100644 --- a/zuul/main.yaml +++ b/zuul/main.yaml @@ -1,5 +1,12 @@ +- admin-rule: + name: local-admin + conditions: + - iss: zuul.opendev.org + - tenant: name: opendev + admin-rules: + - local-admin max-nodes-per-job: 10 source: gerrit: @@ -66,6 +73,8 @@ - tenant: name: openstack + admin-rules: + - local-admin max-nodes-per-job: 10 source: gerrit: @@ -1480,6 +1489,8 @@ - tenant: name: vexxhost + admin-rules: + - local-admin max-nodes-per-job: 10 source: gerrit: @@ -1578,6 +1589,8 @@ - tenant: name: zuul + admin-rules: + - local-admin default-ansible-version: 2.9 max-nodes-per-job: 10 source: @@ -1654,6 +1667,8 @@ # https://github.com/pyca - tenant: name: pyca + admin-rules: + - local-admin max-nodes-per-job: 1 source: gerrit: @@ -1679,6 +1694,8 @@ # https://github.com/pypa - tenant: name: pypa + admin-rules: + - local-admin max-nodes-per-job: 1 source: gerrit: