Add an empty project for an OpenStack base ACL
Presently, the OpenStack release managers have special access granted over every project in OpenDev's Gerrit due to historical entries in the All-Projects ACL. These permissions allow creation of branches, pushing tags and abandoning open changes, and they would like to add deletion of branches to the mix. It would be ideal, both for safety and correctness, to only have those permissions apply to projects in the "openstack/" namespace, and this could be accomplished with Gerrit's ACL inheritance feature. Create a new empty repository which serves only as a reference to a Gerrit ACL, for future use as an inherited base ACL in official OpenStack projects. It is intentional that this repository lacks typical change approval rights, an entry in the Zuul config, and so on, as it should never receive proposed changes nor need to test and merge them. When copying in the Release Managers group permissions, replace pushTag with the stricter pushSignedTag since we expect all tags to be signed (Zuul would ignore unsigned tag events anyway). Change-Id: Ifb7ef3870b2c2d876a3dbe21a4ad7a930f09ee5c
This commit is contained in:
parent
4286aa0276
commit
b89296fee2
|
@ -0,0 +1,12 @@
|
|||
[access "refs/*"]
|
||||
abandon = group Release Managers
|
||||
create = group Release Managers
|
||||
delete = group Release Managers
|
||||
pushSignedTag = group Release Managers
|
||||
|
||||
[receive]
|
||||
requireChangeId = true
|
||||
requireContributorAgreement = true
|
||||
|
||||
[submit]
|
||||
mergeContent = true
|
|
@ -3529,6 +3529,8 @@
|
|||
- masakari
|
||||
description: Design Specifications for Masakari
|
||||
acl-config: /home/gerrit2/acls/openstack/masakari.config
|
||||
- project: openstack/meta-config
|
||||
description: Empty project providing a base ACL for inheriting
|
||||
- project: openstack/metalsmith
|
||||
description: Simple deployment and scheduling tool for bare metal
|
||||
use-storyboard: true
|
||||
|
|
Loading…
Reference in New Issue