Add REST api auth rules

This allows locally generated (by infra-root) tokens to be used
for admin commands.

Change-Id: I452fc7863985c0d94a98440823fd0aa1d454ec31
This commit is contained in:
James E. Blair 2021-12-02 15:42:18 -08:00
parent 000aadc414
commit 3bc3b18f4d
2 changed files with 19 additions and 0 deletions

View File

@ -110,6 +110,8 @@ def check_zuul_main(zuul_main, projects):
# Check that for each gerrit source, we have a project defined in gerrit. # Check that for each gerrit source, we have a project defined in gerrit.
for tenant in main_content: for tenant in main_content:
t = tenant.get('tenant') t = tenant.get('tenant')
if not t:
continue
sources = t.get('source') sources = t.get('source')
if sources and sources.get('gerrit'): if sources and sources.get('gerrit'):
for project_types in sources['gerrit']: for project_types in sources['gerrit']:

View File

@ -1,5 +1,12 @@
- admin-rule:
name: local-admin
conditions:
- iss: zuul.opendev.org
- tenant: - tenant:
name: opendev name: opendev
admin-rules:
- local-admin
max-nodes-per-job: 10 max-nodes-per-job: 10
source: source:
gerrit: gerrit:
@ -66,6 +73,8 @@
- tenant: - tenant:
name: openstack name: openstack
admin-rules:
- local-admin
max-nodes-per-job: 10 max-nodes-per-job: 10
source: source:
gerrit: gerrit:
@ -1480,6 +1489,8 @@
- tenant: - tenant:
name: vexxhost name: vexxhost
admin-rules:
- local-admin
max-nodes-per-job: 10 max-nodes-per-job: 10
source: source:
gerrit: gerrit:
@ -1578,6 +1589,8 @@
- tenant: - tenant:
name: zuul name: zuul
admin-rules:
- local-admin
default-ansible-version: 2.9 default-ansible-version: 2.9
max-nodes-per-job: 10 max-nodes-per-job: 10
source: source:
@ -1654,6 +1667,8 @@
# https://github.com/pyca # https://github.com/pyca
- tenant: - tenant:
name: pyca name: pyca
admin-rules:
- local-admin
max-nodes-per-job: 1 max-nodes-per-job: 1
source: source:
gerrit: gerrit:
@ -1679,6 +1694,8 @@
# https://github.com/pypa # https://github.com/pypa
- tenant: - tenant:
name: pypa name: pypa
admin-rules:
- local-admin
max-nodes-per-job: 1 max-nodes-per-job: 1
source: source:
gerrit: gerrit: