From c15058c0bfdeb44fdaa76bc049f70c119a313d38 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Tue, 23 Jun 2020 18:21:30 -0400 Subject: [PATCH] gerrit: change retired.config acls This patch updates the retired.config ACL to allow for the technical commitee to be able to push changes into the repositories which are retired. The ACLs allows tech-committee group members to set all labels onto changes as well as allowing them exclusive rights to push (therefore not allowing any other members) and giving them access to submit changes (in order to skip our gating). The goal is to evenutally replace this group by another one once the ACLs are verified to be working. Change-Id: Ia6d516621ec405b02f3f97340d96d9938b605d8f --- gerrit/acls/openstack/retired.config | 18 ++++++++++++++++-- tools/normalize_acl.py | 1 + 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/gerrit/acls/openstack/retired.config b/gerrit/acls/openstack/retired.config index 9e7a0f50b2..2a5c607a68 100644 --- a/gerrit/acls/openstack/retired.config +++ b/gerrit/acls/openstack/retired.config @@ -1,2 +1,16 @@ -[project] -state = read only +[access "refs/for/refs/heads/*"] +exclusiveGroupPermissions = push +push = group tech-committee +submit = group tech-committee + +[access "refs/heads/*"] +label-Code-Review = -2..+2 group tech-committee +label-Verified = -2..+2 group tech-committee +label-Workflow = -1..+1 group tech-committee + +[receive] +requireChangeId = true +requireContributorAgreement = true + +[submit] +mergeContent = true diff --git a/tools/normalize_acl.py b/tools/normalize_acl.py index cd71d31fb3..d40031d819 100755 --- a/tools/normalize_acl.py +++ b/tools/normalize_acl.py @@ -82,6 +82,7 @@ valid_keys = {'abandon', 'requireChangeId', 'requireContributorAgreement', 'state', + 'submit', 'value'} if '0' in transformations or not transformations: