From a096f26c5359de75e9999dbbbafc0281e2b15549 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Fri, 15 May 2020 14:23:04 +0100 Subject: GerritDownstream: Add application setting for parent project GerritDownstream does not specify a parent project for create-project, so it implicitly creates projects directly under 'All-Projects'. This requires that Lorry's user account is given broad permissions on All-Projects, which seems undesirable. Allow specifying an alternate parent project, so that Lorry can be given permissions on only that project. --- lorrycontroller/gerrit.py | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'lorrycontroller') diff --git a/lorrycontroller/gerrit.py b/lorrycontroller/gerrit.py index 0970d63..475ef08 100644 --- a/lorrycontroller/gerrit.py +++ b/lorrycontroller/gerrit.py @@ -31,6 +31,14 @@ class GerritDownstream(hosts.DownstreamHost): ''' + @staticmethod + def add_app_settings(app_settings): + app_settings.string( + ['gerrit-parent-project'], + 'parent project for repositories on Gerrit', + default='All-Projects', + metavar='PROJECT') + def __init__(self, app_settings): url = app_settings['downstream-ssh-url'] if url is None: @@ -41,6 +49,8 @@ class GerritDownstream(hosts.DownstreamHost): self._ssh_command = hosts.SshCommand( url, StrictHostKeyChecking=key_check) + self._parent_project = app_settings['gerrit-parent-project'] + def _has_project(self, name): # There's no 'does this project exist' command in Gerrit 2.9.4; 'list # all projects with this prefix' is as close we can get. @@ -65,7 +75,9 @@ class GerritDownstream(hosts.DownstreamHost): logging.info('Project %s exists in local Gerrit already.', name) else: - self._ssh_command.run(['gerrit', 'create-project', name]) + self._ssh_command.run(['gerrit', 'create-project', + '-p', self._parent_project, + name]) logging.info('Created %s project in local Gerrit.', name) # We can only set this metadata if we're the owner of the -- cgit v1.2.1