diff --git a/gerrit/acls/openstack/meta-config.config b/gerrit/acls/openstack/meta-config.config index 0ff49617f6..2d65c2e362 100644 --- a/gerrit/acls/openstack/meta-config.config +++ b/gerrit/acls/openstack/meta-config.config @@ -4,6 +4,19 @@ createSignedTag = group Release Managers delete = group Release Managers +[access "refs/heads/unmaintained/*"] + abandon = group Change Owner + abandon = group Project Bootstrappers + abandon = group Release Managers + abandon = group openstack-unmaintained-core + exclusiveGroupPermissions = abandon label-Code-Review label-Workflow + label-Code-Review = -2..+2 group Project Bootstrappers + label-Code-Review = -2..+2 group openstack-unmaintained-core + label-Code-Review = -1..+1 group Registered Users + label-Workflow = -1..+0 group Change Owner + label-Workflow = -1..+1 group Project Bootstrappers + label-Workflow = -1..+1 group openstack-unmaintained-core + [receive] requireChangeId = true requireContributorAgreement = true diff --git a/tools/check_valid_gerrit_config.sh b/tools/check_valid_gerrit_config.sh index 01e85954c2..574e855cbd 100755 --- a/tools/check_valid_gerrit_config.sh +++ b/tools/check_valid_gerrit_config.sh @@ -13,13 +13,16 @@ declare -i NUM_TESTS=0 function check_team_acl { local configs_dir="$1" + local namespace local configs_list - echo "Checking" $(basename $configs_dir) + namespace="$(basename $configs_dir)" + echo "Checking $namespace" configs_list=$(find $configs_dir -name "*.config") for config in $configs_list; do let "NUM_TESTS+=1" - $OLDPWD/tools/normalize_acl.py $config all > $TMPDIR/normalized + $OLDPWD/tools/normalize_acl.py $namespace $config all \ + > $TMPDIR/normalized if ! diff -u $config $TMPDIR/normalized >>config_failures; then echo "Project $config is not normalized!" >>config_failures diff --git a/tools/normalize_acl.py b/tools/normalize_acl.py index 54fa4e4401..6b79b2136b 100755 --- a/tools/normalize_acl.py +++ b/tools/normalize_acl.py @@ -11,9 +11,13 @@ # License for the specific language governing permissions and limitations # under the License. -# Usage: normalize_acl.py acl.config [transformation [transformation [...]]] +# Usage: normalize_acl.py NAMESPACE acl.config [transform [transform [...]]] # -# Transformations are described in user-facing detail below +# The NAMESPACE specifies the OpenInfra project, e.g., 'openstack', and +# conventionally corresponds to the directory name containing that project's +# acl files. +# +# Transforms are described in user-facing detail below # # Transformations: # all Report all transformations as a dry run. @@ -83,19 +87,39 @@ The current transformations LAST_TRANSFORMATION = 10 -aclfile = sys.argv[1] +USAGE_STRING = ("Usage:\n normalize_acl.py NAMESPACE acl.config [transform " + "[transform [...]]]\n or 'normalize_acl.py -help' for info " + "on the available transforms") + + +try: + namespace = sys.argv[1] +except IndexError: + print('error: missing NAMESPACE or -help') + print(USAGE_STRING) + sys.exit(1) # NOTE(ianw) : 2023-04-20 obviously we would not write any of this # like this if we were starting fresh. But this has grown from a # simple thing into something difficult for people to deal with. If # we have any errors during the tox job, we use this to print out a # help message. -if (aclfile == '-help'): +if (namespace == '-help'): print(NORMALIZATION_HELP) sys.exit(1) try: - transformations = sys.argv[2:] + aclfile = sys.argv[2] +except IndexError: + print('error: missing acl filespec') + print(USAGE_STRING) + sys.exit(1) + +# TODO(rosmaita): refactor this, there's nothing in the 'try' +# that will raise a KeyError, and in any case, an out-of-range slice +# reference already returns an empty list +try: + transformations = sys.argv[3:] if transformations: RANGE_END = LAST_TRANSFORMATION + 1 if transformations[0] == 'all': @@ -306,6 +330,9 @@ if '8' in transformations: if 'abandon' in exclusives: newsection.append('abandon = group Change Owner') newsection.append('abandon = group Project Bootstrappers') + if (namespace == 'openstack' + and 'refs/heads/unmaintained' in section): + newsection.append('abandon = group Release Managers') if 'label-Code-Review' in exclusives: newsection.append('label-Code-Review = -2..+2 ' 'group Project Bootstrappers')