From 979a37fb44a8e46978daa318c4de3fdc823d2279 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Thu, 14 May 2020 20:03:12 +0100 Subject: Allow creating repos/groups as internal or public on GitLab GitLab groups can have a visibility of 'private' (only members), 'internal'/'limited' (only authenticated users), or 'public' (anyone). GitLab subgroups and projects can have the same visibilities as groups, but cannot be more visible than the containing group. When mirroring public source code, it may be desirable to make the entities we create more visible than the current default of 'private'. Add an option to set any of the three levels of visibility supported by GitLab, with the default unchanged. (The same levels are supported by Gitea, though with one named differently.) Never change the visibility of a group or repository that already exists. Note that the GitLab connector previously tried to create all projects as public, but this stopped working after the change to API v4. In Gerrit and Gitano the access control model is lot more complex, and generally only administrators can set visibility. Make their connectors reject visibility other than 'private'. Relates to #6, #9. --- lorrycontroller/gerrit.py | 7 ++++++- lorrycontroller/gitano.py | 6 ++++++ lorrycontroller/gitlab.py | 10 ++++++++-- 3 files changed, 20 insertions(+), 3 deletions(-) (limited to 'lorrycontroller') diff --git a/lorrycontroller/gerrit.py b/lorrycontroller/gerrit.py index dd82ff8..c5498e2 100644 --- a/lorrycontroller/gerrit.py +++ b/lorrycontroller/gerrit.py @@ -21,7 +21,6 @@ from . import hosts class GerritDownstream(hosts.DownstreamHost): - '''Run commands on a Gerrit instance. This uses the SSH API to Gerrit. The REST API is actually much nicer to @@ -31,6 +30,12 @@ class GerritDownstream(hosts.DownstreamHost): ''' + @staticmethod + def check_app_settings(app_settings): + if app_settings['downstream-visibility'] != 'private': + raise cliapp.ApplicationError( + 'Cannot create non-private repositories in Gerrit') + def __init__(self, app_settings): # XXX These need to be configurable host = 'localhost' diff --git a/lorrycontroller/gitano.py b/lorrycontroller/gitano.py index 499bb5d..87e2182 100644 --- a/lorrycontroller/gitano.py +++ b/lorrycontroller/gitano.py @@ -144,6 +144,12 @@ class _LocalTroveGitanoCommand(_GitanoCommand): class GitanoDownstream(hosts.DownstreamHost): + @staticmethod + def check_app_settings(app_settings): + if app_settings['downstream-visibility'] != 'private': + raise cliapp.ApplicationError( + 'Cannot create non-private repositories in Gitano') + def __init__(self, app_settings): self._gitano = _LocalTroveGitanoCommand() diff --git a/lorrycontroller/gitlab.py b/lorrycontroller/gitlab.py index 4f70f0a..eda9c9d 100644 --- a/lorrycontroller/gitlab.py +++ b/lorrycontroller/gitlab.py @@ -66,6 +66,8 @@ class GitlabDownstream(hosts.DownstreamHost): self.gl = _init_gitlab(host, app_settings['gitlab-private-token']) + self._visibility = app_settings['downstream-visibility'] + def prepare_repo(self, repo_path, metadata): try: @@ -101,7 +103,11 @@ class GitlabDownstream(hosts.DownstreamHost): except gitlab.GitlabGetError as e: if e.response_code != 404: raise - data = {'name': group_name, 'path': group_name} + data = { + 'name': group_name, + 'path': group_name, + 'visibility': self._visibility, + } if parent_group is not None: data['parent_id'] = parent_group.id group = self.gl.groups.create(data) @@ -109,7 +115,7 @@ class GitlabDownstream(hosts.DownstreamHost): project = { 'name': path_comps[-1], - 'public': True, + 'visibility': self._visibility, 'merge_requests_enabled': False, 'namespace_id': group.id, 'default_branch': metadata.get('head'), -- cgit v1.2.1