From dd6c0bcd910a539ac2465ea683f118e55fc5f31a Mon Sep 17 00:00:00 2001 From: Jay Faulkner Date: Wed, 9 Oct 2024 14:12:27 -0700 Subject: [PATCH] Proposed new Ironic core structure Ironic is considering a two-tier structure, separating permission to approve/workflow patches from the ability to core-review vote. The final state is intended to be: - All existing active ironic-cores go into ironic-approvers - ironic-approvers goes into ironic-reviewers - anyone approved later can get added to ironic-reviewers In terms of permissions, the desired state is: - ironic-approvers are the only team that can approve patches for landing - ironic-reviewers are allowed to core review and do most other core activities except the final workflow to land code As a transition, I'm leaving the ironic-core group in the ACLs. Once the new group is created, populated, and working, we can rename the old one to reflect its disuse. I've also, as a result of auditing the core groups for other Ironic projects and seeing some of them out of date, am unifying more ironic-related projects into the same ACL configuration. The now disused old core groups for those projects will also be renamed to reflect their disuse when completed. Change-Id: I7fea059274ffd8635e426e82882a3076527464eb --- gerrit/acls/openstack/ironic-inspector.config | 57 ------------------- gerrit/acls/openstack/ironic-specs.config | 16 ------ gerrit/acls/openstack/ironic-ui.config | 19 ------- gerrit/acls/openstack/ironic.config | 13 +++++ gerrit/acls/openstack/metalsmith.config | 15 ----- .../networking-generic-switch.config | 34 ----------- gerrit/acls/openstack/sushy-oem-idrac.config | 21 ------- gerrit/acls/openstack/sushy.config | 16 ------ gerrit/acls/openstack/virtualbmc.config | 15 ----- gerrit/acls/openstack/virtualpdu.config | 15 ----- gerrit/projects.yaml | 15 ++++- tools/normalize_acl.py | 1 + 12 files changed, 26 insertions(+), 211 deletions(-) delete mode 100644 gerrit/acls/openstack/ironic-inspector.config delete mode 100644 gerrit/acls/openstack/ironic-specs.config delete mode 100644 gerrit/acls/openstack/ironic-ui.config delete mode 100644 gerrit/acls/openstack/metalsmith.config delete mode 100644 gerrit/acls/openstack/networking-generic-switch.config delete mode 100644 gerrit/acls/openstack/sushy-oem-idrac.config delete mode 100644 gerrit/acls/openstack/sushy.config delete mode 100644 gerrit/acls/openstack/virtualbmc.config delete mode 100644 gerrit/acls/openstack/virtualpdu.config diff --git a/gerrit/acls/openstack/ironic-inspector.config b/gerrit/acls/openstack/ironic-inspector.config deleted file mode 100644 index 2de293d542..0000000000 --- a/gerrit/acls/openstack/ironic-inspector.config +++ /dev/null @@ -1,57 +0,0 @@ -[access] - inheritFrom = openstack/meta-config - -[access "refs/heads/*"] - abandon = group ironic-inspector-core - editHashtags = group Registered Users - label-Code-Review = -2..+2 group ironic-core - label-Code-Review = -2..+2 group ironic-inspector-core - label-Workflow = -1..+1 group ironic-core - label-Workflow = -1..+1 group ironic-inspector-core - toggleWipState = group ironic-core - toggleWipState = group ironic-inspector-core - -[access "refs/heads/bugfix/*"] - abandon = group Change Owner - abandon = group Project Bootstrappers - abandon = group ironic-stable-maint - abandon = group stable-maint-core - delete = group ironic-release - exclusiveGroupPermissions = abandon label-Code-Review label-Workflow - label-Code-Review = -2..+2 group Project Bootstrappers - label-Code-Review = -2..+2 group ironic-stable-maint - label-Code-Review = -2..+2 group stable-maint-core - label-Code-Review = -1..+1 group Registered Users - label-Workflow = -1..+0 group Change Owner - label-Workflow = -1..+1 group Project Bootstrappers - label-Workflow = -1..+1 group ironic-stable-maint - label-Workflow = -1..+1 group stable-maint-core - toggleWipState = group ironic-stable-maint - toggleWipState = group stable-maint-core - -[access "refs/heads/stable/*"] - abandon = group Change Owner - abandon = group Project Bootstrappers - abandon = group ironic-stable-maint - abandon = group stable-maint-core - exclusiveGroupPermissions = abandon label-Code-Review label-Workflow - label-Code-Review = -2..+2 group Project Bootstrappers - label-Code-Review = -2..+2 group ironic-stable-maint - label-Code-Review = -2..+2 group stable-maint-core - label-Code-Review = -1..+1 group Registered Users - label-Workflow = -1..+0 group Change Owner - label-Workflow = -1..+1 group Project Bootstrappers - label-Workflow = -1..+1 group ironic-stable-maint - label-Workflow = -1..+1 group stable-maint-core - toggleWipState = group ironic-stable-maint - toggleWipState = group stable-maint-core - -[access "refs/tags/*"] - createSignedTag = group ironic-release - -[receive] - requireChangeId = true - requireContributorAgreement = true - -[submit] - mergeContent = true diff --git a/gerrit/acls/openstack/ironic-specs.config b/gerrit/acls/openstack/ironic-specs.config deleted file mode 100644 index e7bdcc3895..0000000000 --- a/gerrit/acls/openstack/ironic-specs.config +++ /dev/null @@ -1,16 +0,0 @@ -[access] - inheritFrom = openstack/meta-config - -[access "refs/heads/*"] - abandon = group ironic-specs-core - editHashtags = group Registered Users - label-Code-Review = -2..+2 group ironic-specs-core - label-Workflow = -1..+1 group ironic-specs-core - toggleWipState = group ironic-specs-core - -[receive] - requireChangeId = true - requireContributorAgreement = true - -[submit] - mergeContent = true diff --git a/gerrit/acls/openstack/ironic-ui.config b/gerrit/acls/openstack/ironic-ui.config deleted file mode 100644 index 48a3efc3de..0000000000 --- a/gerrit/acls/openstack/ironic-ui.config +++ /dev/null @@ -1,19 +0,0 @@ -[access] - inheritFrom = openstack/meta-config - -[access "refs/heads/*"] - abandon = group ironic-ui-core - editHashtags = group Registered Users - label-Code-Review = -2..+2 group ironic-core - label-Code-Review = -2..+2 group ironic-ui-core - label-Workflow = -1..+1 group ironic-core - label-Workflow = -1..+1 group ironic-ui-core - toggleWipState = group ironic-core - toggleWipState = group ironic-ui-core - -[receive] - requireChangeId = true - requireContributorAgreement = true - -[submit] - mergeContent = true diff --git a/gerrit/acls/openstack/ironic.config b/gerrit/acls/openstack/ironic.config index b6dd8ac3ef..bceb95dbbe 100644 --- a/gerrit/acls/openstack/ironic.config +++ b/gerrit/acls/openstack/ironic.config @@ -2,38 +2,49 @@ inheritFrom = openstack/meta-config [access "refs/heads/*"] + abandon = group ironic-approvers abandon = group ironic-core editHashtags = group Registered Users label-Backport-Candidate = -1..+1 group ironic-core + label-Backport-Candidate = -1..+1 group ironic-reviewers label-Code-Review = -2..+2 group ironic-core + label-Code-Review = -2..+2 group ironic-reviewers + label-Workflow = -1..+1 group ironic-approvers label-Workflow = -1..+1 group ironic-core toggleWipState = group ironic-core + toggleWipState = group ironic-reviewers [access "refs/heads/bugfix/*"] abandon = group Change Owner abandon = group Project Bootstrappers + abandon = group ironic-approvers abandon = group ironic-stable-maint abandon = group stable-maint-core delete = group ironic-release exclusiveGroupPermissions = abandon label-Code-Review label-Workflow label-Code-Review = -2..+2 group Project Bootstrappers + label-Code-Review = -2..+2 group ironic-reviewers label-Code-Review = -2..+2 group ironic-stable-maint label-Code-Review = -2..+2 group stable-maint-core label-Code-Review = -1..+1 group Registered Users label-Workflow = -1..+0 group Change Owner label-Workflow = -1..+1 group Project Bootstrappers + label-Workflow = -1..+1 group ironic-approvers label-Workflow = -1..+1 group ironic-stable-maint label-Workflow = -1..+1 group stable-maint-core + toggleWipState = group ironic-reviewers toggleWipState = group ironic-stable-maint toggleWipState = group stable-maint-core [access "refs/heads/stable/*"] abandon = group Change Owner abandon = group Project Bootstrappers + abandon = group ironic-approvers abandon = group ironic-stable-maint abandon = group stable-maint-core exclusiveGroupPermissions = abandon label-Code-Review label-Workflow label-Code-Review = -2..+2 group Project Bootstrappers + label-Code-Review = -2..+2 group ironic-reviewers label-Code-Review = -2..+2 group ironic-stable-maint label-Code-Review = -2..+2 group stable-maint-core label-Code-Review = -1..+1 group Registered Users @@ -51,10 +62,12 @@ abandon = group ironic-unmaintained-core exclusiveGroupPermissions = abandon label-Code-Review label-Workflow label-Code-Review = -2..+2 group Project Bootstrappers + label-Code-Review = -2..+2 group ironic-reviewers label-Code-Review = -2..+2 group ironic-unmaintained-core label-Code-Review = -1..+1 group Registered Users label-Workflow = -1..+0 group Change Owner label-Workflow = -1..+1 group Project Bootstrappers + label-Workflow = -1..+1 group ironic-approvers label-Workflow = -1..+1 group ironic-unmaintained-core [access "refs/tags/*"] diff --git a/gerrit/acls/openstack/metalsmith.config b/gerrit/acls/openstack/metalsmith.config deleted file mode 100644 index 0e002d391f..0000000000 --- a/gerrit/acls/openstack/metalsmith.config +++ /dev/null @@ -1,15 +0,0 @@ -[access] - inheritFrom = openstack/meta-config - -[access "refs/heads/*"] - abandon = group metalsmith-core - editHashtags = group metalsmith-core - label-Code-Review = -2..+2 group metalsmith-core - label-Workflow = -1..+1 group metalsmith-core - -[receive] - requireChangeId = true - requireContributorAgreement = true - -[submit] - mergeContent = true diff --git a/gerrit/acls/openstack/networking-generic-switch.config b/gerrit/acls/openstack/networking-generic-switch.config deleted file mode 100644 index 8389d5152b..0000000000 --- a/gerrit/acls/openstack/networking-generic-switch.config +++ /dev/null @@ -1,34 +0,0 @@ -[access] - inheritFrom = openstack/meta-config - -[access "refs/heads/*"] - abandon = group ironic-core - abandon = group networking-generic-switch-core - editHashtags = group Registered Users - label-Code-Review = -2..+2 group ironic-core - label-Code-Review = -2..+2 group networking-generic-switch-core - label-Workflow = -1..+1 group ironic-core - label-Workflow = -1..+1 group networking-generic-switch-core - -[access "refs/heads/stable/*"] - abandon = group Change Owner - abandon = group Project Bootstrappers - abandon = group ironic-stable-maint - abandon = group stable-maint-core - editHashtags = group ironic-core - exclusiveGroupPermissions = abandon label-Code-Review label-Workflow - label-Code-Review = -2..+2 group Project Bootstrappers - label-Code-Review = -2..+2 group ironic-stable-maint - label-Code-Review = -2..+2 group stable-maint-core - label-Code-Review = -1..+1 group Registered Users - label-Workflow = -1..+0 group Change Owner - label-Workflow = -1..+1 group Project Bootstrappers - label-Workflow = -1..+1 group ironic-stable-maint - label-Workflow = -1..+1 group stable-maint-core - -[receive] - requireChangeId = true - requireContributorAgreement = true - -[submit] - mergeContent = true diff --git a/gerrit/acls/openstack/sushy-oem-idrac.config b/gerrit/acls/openstack/sushy-oem-idrac.config deleted file mode 100644 index 2a95c962b7..0000000000 --- a/gerrit/acls/openstack/sushy-oem-idrac.config +++ /dev/null @@ -1,21 +0,0 @@ -[access] - inheritFrom = openstack/meta-config - -[access "refs/heads/*"] - abandon = group sushy-oem-idrac-core - create = group sushy-oem-idrac-release - editHashtags = group Registered Users - label-Code-Review = -2..+2 group sushy-oem-idrac-core - label-Verified = -1..+1 group sushy-oem-idrac-ci - label-Workflow = -1..+1 group sushy-oem-idrac-core - toggleWipState = group sushy-oem-idrac-core - -[access "refs/tags/*"] - createSignedTag = group sushy-oem-idrac-release - -[receive] - requireChangeId = true - requireContributorAgreement = true - -[submit] - mergeContent = true diff --git a/gerrit/acls/openstack/sushy.config b/gerrit/acls/openstack/sushy.config deleted file mode 100644 index e6adead2e7..0000000000 --- a/gerrit/acls/openstack/sushy.config +++ /dev/null @@ -1,16 +0,0 @@ -[access] - inheritFrom = openstack/meta-config - -[access "refs/heads/*"] - abandon = group sushy-core - editHashtags = group Registered Users - label-Code-Review = -2..+2 group sushy-core - label-Workflow = -1..+1 group sushy-core - toggleWipState = group sushy-core - -[receive] - requireChangeId = true - requireContributorAgreement = true - -[submit] - mergeContent = true diff --git a/gerrit/acls/openstack/virtualbmc.config b/gerrit/acls/openstack/virtualbmc.config deleted file mode 100644 index 858554d1fc..0000000000 --- a/gerrit/acls/openstack/virtualbmc.config +++ /dev/null @@ -1,15 +0,0 @@ -[access] - inheritFrom = openstack/meta-config - -[access "refs/heads/*"] - abandon = group virtualbmc-core - editHashtags = group virtualbmc-core - label-Code-Review = -2..+2 group virtualbmc-core - label-Workflow = -1..+1 group virtualbmc-core - -[receive] - requireChangeId = true - requireContributorAgreement = true - -[submit] - mergeContent = true diff --git a/gerrit/acls/openstack/virtualpdu.config b/gerrit/acls/openstack/virtualpdu.config deleted file mode 100644 index 11dd36473b..0000000000 --- a/gerrit/acls/openstack/virtualpdu.config +++ /dev/null @@ -1,15 +0,0 @@ -[access] - inheritFrom = openstack/meta-config - -[access "refs/heads/*"] - abandon = group virtualpdu-core - editHashtags = group virtualpdu-core - label-Code-Review = -2..+2 group virtualpdu-core - label-Workflow = -1..+1 group virtualpdu-core - -[receive] - requireChangeId = true - requireContributorAgreement = true - -[submit] - mergeContent = true diff --git a/gerrit/projects.yaml b/gerrit/projects.yaml index 67cfe8858d..8bf73919cd 100644 --- a/gerrit/projects.yaml +++ b/gerrit/projects.yaml @@ -3801,9 +3801,10 @@ description: Hardware introspection daemon for OpenStack Ironic options: - translate + acl-config: /home/gerrit2/acls/openstack/ironic.config - project: openstack/ironic-inspector-specs description: Specs for ironic-inspector - acl-config: /home/gerrit2/acls/openstack/ironic-inspector.config + acl-config: /home/gerrit2/acls/openstack/ironic.config groups: - ironic-inspector - project: openstack/ironic-lib @@ -3823,6 +3824,7 @@ groups: - ironic description: OpenStack Baremetal (Ironic) Specifications + acl-config: /home/gerrit2/acls/openstack/ironic.config - project: openstack/ironic-tempest-plugin description: Tempest plugin for ironic acl-config: /home/gerrit2/acls/openstack/ironic.config @@ -3833,6 +3835,7 @@ metal. options: - translate + acl-config: /home/gerrit2/acls/openstack/ironic.config - project: openstack/ironic-webclient description: RETIRED, Ironic HTTP(S) Client acl-config: /home/gerrit2/acls/openstack/retired.config @@ -3998,6 +4001,7 @@ description: Empty project providing a base ACL for inheriting - project: openstack/metalsmith description: Simple deployment and scheduling tool for bare metal + acl-config: /home/gerrit2/acls/openstack/ironic.config - project: openstack/microversion-parse description: Simple library for parsing OpenStack microversion headers. - project: openstack/mistral @@ -4178,6 +4182,7 @@ acl-config: /home/gerrit2/acls/openstack/retired.config - project: openstack/networking-generic-switch description: Multi-vendor Modular Layer 2 (ML2) driver. + acl-config: /home/gerrit2/acls/openstack/ironic.config - project: openstack/networking-generic-switch-tempest-plugin description: RETIRED, Tempest plugin for networking-generic-switch acl-config: /home/gerrit2/acls/openstack/retired.config @@ -5259,7 +5264,7 @@ acl-config: /home/gerrit2/acls/openstack/heat.config - project: openstack/python-ironic-inspector-client description: A python client and OpenStackClient plugin for Ironic Inspector - acl-config: /home/gerrit2/acls/openstack/ironic-inspector.config + acl-config: /home/gerrit2/acls/openstack/ironic.config - project: openstack/python-ironicclient description: A python client implementing the Ironic API. acl-config: /home/gerrit2/acls/openstack/ironic.config @@ -5640,6 +5645,7 @@ - project: openstack/sushy description: Sushy is a small Python library to communicate with Redfish based systems + acl-config: /home/gerrit2/acls/openstack/ironic.config - project: openstack/sushy-cli description: RETIRED, Redfish CLI client built on top of sushy library to talk to Redfish BMC from command line. Mostly intended for developers and testers. @@ -5649,9 +5655,10 @@ - sushy description: An extension to sushy package supporting Redfish features that are specific to Dell EMC BMC (which is known under the name of iDRAC). + acl-config: /home/gerrit2/acls/openstack/ironic.config - project: openstack/sushy-tools description: A set of tools to support the development and test of the Sushy library - acl-config: /home/gerrit2/acls/openstack/sushy.config + acl-config: /home/gerrit2/acls/openstack/ironic.config - project: openstack/swift description: OpenStack Storage (Swift) options: @@ -5873,8 +5880,10 @@ acl-config: /home/gerrit2/acls/openstack/venus.config - project: openstack/virtualbmc description: A virtual BMC for controlling virtual machines using IPMI commands. + acl-config: /home/gerrit2/acls/openstack/ironic.config - project: openstack/virtualpdu description: VirtualPDU is a service for simulating power distribution units (PDUs). + acl-config: /home/gerrit2/acls/openstack/ironic.config - project: openstack/vitrage description: OpenStack RCA (Root Cause Analysis) Engine use-storyboard: true diff --git a/tools/normalize_acl.py b/tools/normalize_acl.py index ed294cc5a2..dc03d19b02 100755 --- a/tools/normalize_acl.py +++ b/tools/normalize_acl.py @@ -299,6 +299,7 @@ if '7' in transformations: 'milestone', 'packagers', 'release', + 'reviewers', 'Users', ) for section in acl.keys():