Add REST api auth rules
This allows locally generated (by infra-root) tokens to be used for admin commands. Change-Id: I452fc7863985c0d94a98440823fd0aa1d454ec31
This commit is contained in:
parent
000aadc414
commit
3bc3b18f4d
@ -110,6 +110,8 @@ def check_zuul_main(zuul_main, projects):
|
|||||||
# Check that for each gerrit source, we have a project defined in gerrit.
|
# Check that for each gerrit source, we have a project defined in gerrit.
|
||||||
for tenant in main_content:
|
for tenant in main_content:
|
||||||
t = tenant.get('tenant')
|
t = tenant.get('tenant')
|
||||||
|
if not t:
|
||||||
|
continue
|
||||||
sources = t.get('source')
|
sources = t.get('source')
|
||||||
if sources and sources.get('gerrit'):
|
if sources and sources.get('gerrit'):
|
||||||
for project_types in sources['gerrit']:
|
for project_types in sources['gerrit']:
|
||||||
|
@ -1,5 +1,12 @@
|
|||||||
|
- admin-rule:
|
||||||
|
name: local-admin
|
||||||
|
conditions:
|
||||||
|
- iss: zuul.opendev.org
|
||||||
|
|
||||||
- tenant:
|
- tenant:
|
||||||
name: opendev
|
name: opendev
|
||||||
|
admin-rules:
|
||||||
|
- local-admin
|
||||||
max-nodes-per-job: 10
|
max-nodes-per-job: 10
|
||||||
source:
|
source:
|
||||||
gerrit:
|
gerrit:
|
||||||
@ -66,6 +73,8 @@
|
|||||||
|
|
||||||
- tenant:
|
- tenant:
|
||||||
name: openstack
|
name: openstack
|
||||||
|
admin-rules:
|
||||||
|
- local-admin
|
||||||
max-nodes-per-job: 10
|
max-nodes-per-job: 10
|
||||||
source:
|
source:
|
||||||
gerrit:
|
gerrit:
|
||||||
@ -1480,6 +1489,8 @@
|
|||||||
|
|
||||||
- tenant:
|
- tenant:
|
||||||
name: vexxhost
|
name: vexxhost
|
||||||
|
admin-rules:
|
||||||
|
- local-admin
|
||||||
max-nodes-per-job: 10
|
max-nodes-per-job: 10
|
||||||
source:
|
source:
|
||||||
gerrit:
|
gerrit:
|
||||||
@ -1578,6 +1589,8 @@
|
|||||||
|
|
||||||
- tenant:
|
- tenant:
|
||||||
name: zuul
|
name: zuul
|
||||||
|
admin-rules:
|
||||||
|
- local-admin
|
||||||
default-ansible-version: 2.9
|
default-ansible-version: 2.9
|
||||||
max-nodes-per-job: 10
|
max-nodes-per-job: 10
|
||||||
source:
|
source:
|
||||||
@ -1654,6 +1667,8 @@
|
|||||||
# https://github.com/pyca
|
# https://github.com/pyca
|
||||||
- tenant:
|
- tenant:
|
||||||
name: pyca
|
name: pyca
|
||||||
|
admin-rules:
|
||||||
|
- local-admin
|
||||||
max-nodes-per-job: 1
|
max-nodes-per-job: 1
|
||||||
source:
|
source:
|
||||||
gerrit:
|
gerrit:
|
||||||
@ -1679,6 +1694,8 @@
|
|||||||
# https://github.com/pypa
|
# https://github.com/pypa
|
||||||
- tenant:
|
- tenant:
|
||||||
name: pypa
|
name: pypa
|
||||||
|
admin-rules:
|
||||||
|
- local-admin
|
||||||
max-nodes-per-job: 1
|
max-nodes-per-job: 1
|
||||||
source:
|
source:
|
||||||
gerrit:
|
gerrit:
|
||||||
|
Loading…
Reference in New Issue
Block a user