Commit Graph

29 Commits (master)

Author SHA1 Message Date
Jeremy Stanley 464f4f586a
Indent Gerrit ACL options
Gerrit very much wants its ACLs to indent option lines (but not
section headings) by a single hard tab.

The recent migration to schema 185 with Gerrit 3.7 has updated
copyConditions flags and re-written most of the ACL files to look like
this (c.f. I1f11c07e3786bd1a68b43d908d939fde42ddb99c).

This updates the normalize tool to format like this, and modifies all
our ACL's to the new format.

This is intended to be a no-op with no functional change.  For future
upgrades, this will reduce the diffs of any updates Gerrit might make.

Change-Id: I3a0c0da1eb32f8afb31ffa0c24ea45aaca8da8cc
2 months ago
Jeremy Stanley 0d066f954d Remove unsigned tagging permission from projects
Now that we have a fix in place for Gerrit's tag signature detection
regression, remove the unsafe permission for pushing unsigned tags
to return everything to the state we had prior to the 3.4 upgrade.

Change-Id: Ia9afb5fb4be311cca59d3e1cf3b7bc611184fe15
1 year ago
Jeremy Stanley 83ca7a97f9 Work around signed tag regression from Gerrit 3.4
Upon upgrading from Gerrit 3.3 to 3.4, a regression was observed in
which jgit no longer returns signatures in its tag messages, causing
Gerrit to misidentify signed tags as unsigned (annotated) tags.
Because our ACLs only allow signed tags to be pushed, this
regression prevents Gerrit from accepting them now.

Temporarily grant permission to push unsigned tags to anyone who
has permission to push signed ones. We will revert that as soon as a
fixed Gerrit is in place, but in the meantime users will be warned
to take care when pushing tags so that they don't accidentally push
actually unsigned tags to Gerrit.

Also, the pushSignedTag keyword was deprecated in favor of the new
createSignedTag name, so go ahead and update to that while we're
doing this so that we can limit the amount of churn across all these
ACLs. Documentation will be corrected to recommend the new format in
a separate change, but update the ACL linter now to prevent the old
syntax from being used in new projects.

This workaround was already tested on opendev/bindep in the parent
Iad8c1f83e247c9a8bcf5b4f530f7b83663e1f793 change, and confirmed to
function as intended.

Change-Id: Ia426ea36b4e6877fdce5725ff1e00ae02c62e3f4
1 year ago
Matt McEuen 5f1a5c8a97 Add ACL rule for deleting treasuremap branches
This grants delete privileges on Treasuremap project branches to the
airship-release group.  This is required so that we can clean up the
old `v2` branch now that its contents have been moved to master, and
is no longer needed (and can be confusing).

Change-Id: I052401ba1932f821f0825fa7047576a119cee1ed
2 years ago
Kostiantyn Kalynovskyi f4fac9a53e ACL, allow merge for airship-release group
This commit adds pushMerge capability to airship-release group
in airship/treasuremap repository

Change-Id: Ie285d3d0e959314550cdcc0e45dc18a61ba58d76
2 years ago
Matt McEuen 97d53affe4 New Project Request: airship/gerrit-to-github-bot
This is a request to create the airship/gerrit-to-github-bot
project in opendev.

This bot synchronizes state between gerrit patchsets, where
airship work is done, and github issues, where airship scope
is tracked.

If you can seed the new gerrit group with me then I can add
the appropriate core team.

The upstream imported project, while created for Airship in
the first place, is essentially abandoned by its owner (hence our
need to import to airship proper to continue enhancing it).
We are unable to clean up the extra feature branch outside of master.

Change-Id: I9c75e12d6b9c2b1c7c4a3047a90e9f80440c3532
2 years ago
Zuul 1e0334587f Merge "New Project Request: airship/sip" 3 years ago
Matt McEuen a605f3609f New Project Request: airship/sip
This is a request to create the airship/sip project in opendev.

SIP (Service Infrastructure Provisioner) will be a Kubernetes
operator which will have responsibility within Airship-based
clusters for standing up supporting infrastructure for managed
CAPI sub-clusters: Metal3 setup, an authentication service,
an operational access point, etc.

If you can seed the new gerrit group with me and I can add the appropriate
initial core team.

Change-Id: I81a59d49311e2b5af10803f06501dc2b985e9e5e
3 years ago
Matt McEuen 1d3632d936 New Project Request: airship/vino
This is a request to create the airship/vino project in opendev.

ViNo is a Kubernetes operator that has
responsibility within Airship-based Kubernetes
clusters for lifecycle managing static libvirt definitions on
worker nodes, for use within simple CAPI sub-clusters.

If you can seed the new gerrit group with me and I can add the appropriate
initial core team.

Change-Id: I9facf665936f9ba8529af2457bb97fc5cc6e49b1
3 years ago
Matt McEuen 772c0e92ff New Project Request: hostconfig-operator
This is a request to create the airship/hostconfig-operator project in opendev.
Hostconfig-operator is based on the Kubernetes ansible operator framework,
which allows declarative intent (represented as custom resources) to drive
Ansible playbooks.

This operator will be used by Airship 2 to drive declarative host-level
management for the nodes that run the managed Kubernetes cluster;
generally for things that are not handled by existing tools like the
Cluster API or KubeADM.  Examples include setting permissions on the
filesystem, enforcing OS resource limits, etc.

This project plays a similar role in Airship 2 that Divingbell played
in Airship 1.

Change-Id: I22090408b152b15f5b4f823945b098615ca8c2af
3 years ago
Matt McEuen 756386a7d2 Project creation request: airship/charts
This project will serve as a home for Helm Charts maintained by the
Airship community, for Airship and Airship-adjacent use cases.

Please add mattmceuen as an initial core reviewer in the
airship-charts-core group, and he will add the rest.

Change-Id: I4e77a8948789a3d452eec8d32ae6d929155b0dba
3 years ago
Zuul 25c2afbd8f Merge "New project: zuul-airship-roles" 4 years ago
Matt McEuen dd6faaa442 New project: zuul-airship-roles
This new project will hold common, reusable ansible roles that
are primarily targeted for use in Airship 2.0 Zuul gates.

There is no need to import from an existing repo; some existing
material on github will be revised before being put in
as a patchset against the new repo.

Please add me (Matt McEuen) as an initial member of the new ACL,
and I can add additional seed core reviewers.


Change-Id: I249e610ca5074f0134038aeddfba81d2f61f5e5d
4 years ago
Matt McEuen 04013d4943 New project: go-redfish
This new project will host go client library for the Redfish
host management API.  It is intended to be consumable/useful
outside of Airship itself; the Airship team created this library
only because of deficiencies in other available implementations.

The folks that own the github repo from which the extant
implementation should be imported have blessed this change, and
will continue their work under the Airship umbrella.

Please add me (Matt McEuen) as an initial member of the new ACL,
and I can add additional seed core reviewers.


Change-Id: I0c7542461555f5a23eddf0b3d3e548a734af778e
4 years ago
Kostiantyn Kalynovskyi a35cd2953a Add airship/apis project
- Apis will hold CRDs for Airship
- Storyboard is disabled, as it is not used anymore.
- Repository is to be filled along with CRD development, and at
the start will be empty.

Change-Id: Ica811b09fda9959fa14e3c395a84685d72140418
4 years ago
Zuul b162818634 Merge "Add airshipui project" 4 years ago
Scott Hussey 324c76c9ef Add airshipui project
- Airshipui will be the Airship 2.0 Web UI

Change-Id: Ia4af21cf036de575d63a8b9399e27e2b9216f4d9
4 years ago
Zuul abce4a36e5 Merge "New project request: airship/images" 4 years ago
Matt McEuen ee86e24c5b Add per-project Airship groups
Per discussion at the last PTG, new Airship projects have been
getting created with per-project core groups, instead of the older
airship-core group.  This change catches up existing Airship projects
to this setup, as they either have new core reviewers being added
or will in the future.  A few projects which are closely and
logically related to other projects are configured to share their
ACLs for simplicity's sake.

Note that this removes the airship.config ACL, but we do need to retain
the airship-core group (for now).

With (or ahead of) this change, please seed the existing airship-core
group as a member of all the newly created groups, to ensure
uninterrupted review/merge ability.

Change-Id: I0c054714ca9a709bd58b85570a5c415a76cacd1c
4 years ago
Dmitry Ukov b830c37774 New project request: airship/images
This repo will contain scripts and Dockerfiles for building
Airship supplementary images. Some Airship sub-projects may run
utility containers. These utilities may not fit to particular project
in terms of implementation therefore container image artifacts should be
moved to separate repository.

Change-Id: I8b3e13a83deb4a6acf25bca961ef57bd5090ee5f
4 years ago
Zuul d10b029638 Merge "New project request: airship/kubernetes-entrypoint" 4 years ago
Matt McEuen 0339e2fe4f New project request: airship/kubernetes-entrypoint
This change migrates the kubernetes-entrypoint project from
the Stackanetes namespace into Airship.  Stackanetes is no longer
actively maintaining the project; however, Airship and OpenStack-Helm
are active consumers and contributors to it.  This move has been
socialized with the Stackanetes team, and they are supportive.

Change-Id: If259ab21a5a5336bbd53330cda3e74297c4cdce6
4 years ago
Matt McEuen d3590fcc59 New project request: airship/porthole
This moves the Porthole project, which has been incubating in
github, into the Airship namespace.  Porthole is a project that
provides a collection of utility containers which can be used
to access various Airship and OpenStack-Helm component CLIs
(e.g. etcdctl, psql...), and can be configured for enterprise
use cases that require fine-grained RBAC controls.

Change-Id: I40c4c40292bbb9543cbcbd560731d89610f9a99d
4 years ago
Zuul 9d02413d05 Merge "New project request: airship/docs" 4 years ago
Zuul 127b42db06 Merge "Add airship/airshipctl" 4 years ago
Matt McEuen e32c205838 New project request: airship/docs
This adds a documentation project for Airship.  Currently, Airship
documentation is scattered across a handful of non-obvious projects.
At the PTG it was decided to create a single, clear home for
Airship-wide documentation as the project matures.
Existing documentation will migrate to this project, and new docs
will be authored here, once the project is created.

Change-Id: Ifab77cc746e0187611eda98776715909e4819af8
4 years ago
Matt McEuen 4bf9b5cbda Add airship/airshipctl
This adds the airshipctl command line interface, which will be used
to drive Airship operations in the Airship 2.0 target state.

Change-Id: I79abd7ee9f06cbcaec645f5da284f52566a40bb1
4 years ago
Matt McEuen f82147cde8 Add airship/election
This adds the Airship Election documentation project, which
is modeled after the StarlingX and OpenStack Election projects.

Change-Id: I1728359788f818f2b3c5b5942f6f63bbff4c02d9
4 years ago
Matt McEuen f4532f1a80 Add granular ACLs for Airship Projects
This adds more granular ACLs for the Airship Pegleg and Spyglass
projects.  As discussed at the Denver PTG, Airship project-specific core
teams will be requested as-needed, while the existing Airship-wide core
team will maintain grandfathered core review responsibilities.

Change-Id: I47f4188f8cf85b371a686a8ce964e154775730dc
4 years ago