From d8416301e82a0160ea071a6273d94b571cfe9516 Mon Sep 17 00:00:00 2001
From: Andreas Jaeger <aj@suse.de>
Date: Wed, 10 Dec 2014 20:37:09 +0100
Subject: [PATCH] Check that Gerrit ACL files are normalized

Enhance Gerrit ACL check to check that the files are properly
normalized.

Co-Authored-By: Armando Migliaccio <armamig@gmail.com>

Change-Id: I9cdee60e77dab9c6943626d5fa1eda0402840277
---
 tools/check_valid_gerrit_config.sh |  7 +++++--
 tools/normalize_acl.py             | 17 +++++++++++++++++
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/tools/check_valid_gerrit_config.sh b/tools/check_valid_gerrit_config.sh
index 5b2b24ee4d..1c4ea9b189 100755
--- a/tools/check_valid_gerrit_config.sh
+++ b/tools/check_valid_gerrit_config.sh
@@ -16,9 +16,10 @@ function check_team_acl {
     for config in $configs_list; do
         echo "Checking $config file..."
 
-        if ! grep -q '\>-core\|\>-admins' $config;
+        $OLDPWD/tools/normalize_acl.py $config all > $TMPDIR/normalized
+        if ! diff -u $config $TMPDIR/normalized;
         then
-            echo "$config does not have a core/admins team defined!" >>config_failures
+            echo "Project $config is not normalized!" >>config_failures
         fi
     done
 }
@@ -30,6 +31,8 @@ done
 
 if [ -f config_failures ]; then
     echo -e; cat config_failures
+    num_errors=$(wc -l config_failures)
+    echo -e "There are $num_errors projects not normalized."
     exit 1
 fi
 
diff --git a/tools/normalize_acl.py b/tools/normalize_acl.py
index e3f35bb50c..1687040bab 100755
--- a/tools/normalize_acl.py
+++ b/tools/normalize_acl.py
@@ -3,6 +3,7 @@
 # Usage: normalize_acl.py acl.config [transformation [transformation [...]]]
 #
 # Transformations:
+# all Apply all transformations.
 # 0 - dry run (default, print to stdout rather than modifying file in place)
 # 1 - strip/condense whitespace and sort (implied by any other transformation)
 # 2 - get rid of unneeded create on refs/tags
@@ -10,6 +11,8 @@
 # 4 - strip default *.owner = group Administrators permissions
 # 5 - sort the exclusiveGroupPermissions group lists
 # 6 - replace openstack-ci-admins and openstack-ci-core with infra-core
+# 7 - add at least one core team, if no team is defined with special suffixes
+#     like core, admins, milestone or Users
 
 import re
 import sys
@@ -18,6 +21,8 @@ aclfile = sys.argv[1]
 
 try:
     transformations = sys.argv[2:]
+    if transformations and transformations[0] == 'all':
+        transformations = [str(x) for x in range(0, 8)]
 except KeyError:
     transformations = []
 
@@ -105,6 +110,18 @@ if '6' in transformations:
             newsection.append(option)
         acl[section] = newsection
 
+if '7' in transformations:
+    special_teams = ("core", "milestone", "Users", "admins")
+    for section in acl.keys():
+        newsection = []
+        for option in acl[section]:
+            if ("refs/heads" in section and "group" in option
+                    and "-2..+2" in option
+                    and not any(x in option for x in special_teams)):
+                option = "%s%s" % (option, "-core")
+            newsection.append(option)
+        acl[section] = newsection
+
 for section in sorted(acl.keys()):
     if acl[section]:
         out += '\n[%s]\n' % section