23 files changed, 0 insertions, 557 deletions
diff --git a/gitano-admin/global-hooks/post-receive.lua b/gitano-admin/global-hooks/post-receive.lua
deleted file mode 100644
index d1b3864..0000000
--- a/gitano-admin/global-hooks/post-receive.lua
+++ /dev/null
@@ -1,105 +0,0 @@
--- mason-notify.post-receive.lua
---
--- Global post-receive hook which notifies Mason of any and all refs updates
--- (except refs/gitano/*) which happen.
---
--- It notifies Mason *before* passing the updates on to the project hook.
---
--- Copyright 2012 Codethink Limited
---
--- This is a part of Trove and re-use is limited to Baserock systems only.
---
-
-local project_hook, repo, updates = ...
-
-local EMPTY_SHA = ("0"):rep(40)
-
-local masonhost = "##MASON_HOST##:##MASON_PORT##"
-local basepath = "/1.0"
-local urlbases = {
-   "git://##TROVE_HOSTNAME##/",
-   "ssh://git@##TROVE_HOSTNAME##/",
-}
-
-local notify_mason = false
-
-for ref in pairs(updates) do
-   if not ref:match("^refs/gitano/") then
-      notify_mason = true
-   end
-end
-
-if notify_mason and repo.name ~= "gitano-admin" then
-   -- Build the report...
-   local masoninfo, indent_level = {}, 0
-   local function _(...)
-      masoninfo[#masoninfo+1] = ("    "):rep(indent_level) .. table.concat({...})
-   end
-   local function indent()
-      indent_level = indent_level + 1
-   end
-   local function dedent()
-      indent_level = indent_level - 1
-   end
-   _ "{" indent()
-   
-   _ '"urls": [' indent()
-
-   for i = 1, #urlbases do
-      local comma = (i==#urlbases) and "" or ","
-      _(("%q,"):format(urlbases[i] .. repo.name))
-      _(("%q%s"):format(urlbases[i] .. repo.name .. ".git", comma))
-   end
-
-   dedent() _ "],"
-
-   _ '"changes": [' indent()
-
-   local toreport = {}
-   for ref, info in pairs(updates) do
-      if not ref:match("^refs/gitano") then
-	 local action
-	 if info.oldsha == EMPTY_SHA then
-	    action = "create"
-	 elseif info.newsha == EMPTY_SHA then
-	    action = "delete"
-	 else
-	    action = "update"
-	 end
-	 toreport[#toreport+1] = { 
-	    ('"ref": %q,'):format(ref),
-	    ('"action": %q,'):format(action),
-	    ('"old": %q,'):format(info.oldsha),
-	    ('"new": %q'):format(info.newsha)
-	 }
-      end
-   end
-   for i = 1, #toreport do
-      local comma = (i==#toreport) and "" or ","
-      _ "{" indent()
-      for __, ent in ipairs(toreport[i]) do
-	 _(ent)
-      end
-      dedent() _("}", comma)
-   end
-   dedent() _ "]"
-
-   dedent() _ "}"
-
-   -- And finalise the JSON object
-   _("")
-   masoninfo = table.concat(masoninfo, "\n")
-   log.state("Notifying Mason of changes...")
-
-   local code, msg, headers, content =
-      http.post(masonhost, basepath, "application/json", masoninfo)
-   if code ~= "200" then
-      log.state("Notification failed somehow")
-   end
-   for line in content:gmatch("([^\r\n]*)\r?\n") do
-      log.state("Mason: " .. line)
-   end
-end
-
--- Finally, chain to the project hook
-return project_hook(repo, updates)
diff --git a/gitano-admin/groups/local-config-admins.conf b/gitano-admin/groups/local-config-admins.conf
deleted file mode 100644
index 435a297..0000000
--- a/gitano-admin/groups/local-config-admins.conf
+++ /dev/null
@@ -1 +0,0 @@
-description "Users who are permitted to administer the local-config project"
diff --git a/gitano-admin/groups/local-config-managers.conf b/gitano-admin/groups/local-config-managers.conf
deleted file mode 100644
index 711be8f..0000000
--- a/gitano-admin/groups/local-config-managers.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-description "Users who are permitted to manage the local-config project"
-
-subgroups["*"] "local-config-admins"
diff --git a/gitano-admin/groups/local-config-readers.conf b/gitano-admin/groups/local-config-readers.conf
deleted file mode 100644
index 63e6bb3..0000000
--- a/gitano-admin/groups/local-config-readers.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-description "Users who are permitted to read from the local-config project"
-
-members["*"] "lorry"
-
-subgroups["*"] "local-config-writers"
diff --git a/gitano-admin/groups/local-config-writers.conf b/gitano-admin/groups/local-config-writers.conf
deleted file mode 100644
index 9bbff24..0000000
--- a/gitano-admin/groups/local-config-writers.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-description "Users who are permitted to write to the local-config project"
-
-subgroups["*"] "local-config-managers"
diff --git a/gitano-admin/groups/trove-admin.conf b/gitano-admin/groups/trove-admin.conf
deleted file mode 100644
index e912653..0000000
--- a/gitano-admin/groups/trove-admin.conf
+++ /dev/null
@@ -1 +0,0 @@
-description "Trove-local administration"
diff --git a/gitano-admin/groups/workers.conf b/gitano-admin/groups/workers.conf
deleted file mode 100644
index 5586538..0000000
--- a/gitano-admin/groups/workers.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-description "Workers who have read-access to everything"
-
-members["*"] "distbuild"
-members["*"] "mason"
diff --git a/gitano-admin/rules/adminchecks.lace b/gitano-admin/rules/adminchecks.lace
deleted file mode 100644
index ffe99a0..0000000
--- a/gitano-admin/rules/adminchecks.lace
+++ /dev/null
@@ -1,25 +0,0 @@
-#  _____                   
-# |_   _| __ _____   _____ 
-#   | || '__/ _ \ \ / / _ \
-#   | || | | (_) \ V /  __/
-#   |_||_|  \___/ \_/ \___|
-#
-# Copyright 2012 Codethink Limited
-#
-# Core project administration rules
-
-# Called with ref known to be refs/gitano/admin
-
-# Administrators already got to do anything, so this is for non-admins
-
-# Non-admin members may not delete the admin ref
-deny "Non-administrators may not delete the admin ref" op_deleteref
-
-# Otherwise, the project's owner is allowed to alter the admin tree
-allow "Project owner may alter the admin ref" is_owner repo_is_personal
-
-# Project admins may alter admin refs
-allow "Project admins may alter the admin ref of project repos" repo_is_local_project project_admin
-
-# Any other opportunities for altering the admin ref must be provided
-# by the project's rules
diff --git a/gitano-admin/rules/aschecks.lace b/gitano-admin/rules/aschecks.lace
deleted file mode 100644
index fc76440..0000000
--- a/gitano-admin/rules/aschecks.lace
+++ /dev/null
@@ -1,30 +0,0 @@
-#  _____                   
-# |_   _| __ _____   _____ 
-#   | || '__/ _ \ \ / / _ \
-#   | || | | (_) \ V /  __/
-#   |_||_|  \___/ \_/ \___|
-#
-# Copyright 2012 Codethink Limited
-#
-# Rules for when we're running as another user.
-
-# Only 'deny' things which are not allowed.  If you 'allow' then it will allow
-# the actual operation, not just fail to deny the fact that it's 'as' someone
-# else.
-
-define as_is_admin as_group gitano-admin
-
-# trove-admin members are permitted to run sshkey and whoami on behalf
-# of others in order to check users and grant access, providing the target
-# user is not part of the gitano-admin group.
-
-define as_is_trove_admin as_group trove-admin
-define as_trove_admin_ok allof as_is_trove_admin !is_admin op_self
-
-# You are permitted to do things 'as' others if and only if the caller is
-# either a member of the administration group, or else meets the above
-# requirements.
-define as_is_ok anyof as_is_admin as_trove_admin_ok
-
-# Explicitly deny any impersonation operation which does not meet the above.
-deny "You may not run things as another user unless you are an admin" !as_is_ok
diff --git a/gitano-admin/rules/core.lace b/gitano-admin/rules/core.lace
deleted file mode 100644
index dab7cfb..0000000
--- a/gitano-admin/rules/core.lace
+++ /dev/null
@@ -1,47 +0,0 @@
-#  _____                   
-# |_   _| __ _____   _____ 
-#   | || '__/ _ \ \ / / _ \
-#   | || | | (_) \ V /  __/
-#   |_||_|  \___/ \_/ \___|
-#
-# Copyright 2012 Codethink Limited
-#
-# Core ruleset definitions for Trove.
-
-default deny "Trove ruleset failed to define result.  Access denied."
-
-include global:defines
-
-# The users in the administration group (gitano-admin) may do anything
-# they choose (providing they're not being impersonated).  By default
-# Only the user created as part of trove-setup has this level of access.
-allow "Administrators can do anything" is_admin !if_asanother
-
-# Now let's decide if we can use 'as'
-include global:aschecks if_asanother
-
-# Operations which are against 'self' get checked next
-include global:selfchecks
-
-# Administration operations (users, groups) next
-include global:siteadmin op_is_admin
-
-# Site-defined rules for repository creation
-include global:createrepo op_createrepo
-
-# Site-defined rules for repository renaming
-include global:renamerepo op_renamerepo
-
-# Site-defined rules for repository destruction
-include global:destroyrepo op_destroyrepo
-
-# Site-defined rules for project repositories, including admin of them
-include global:project
-
-# Now the project rules themselves
-include main
-
-# If you're running your access control somewhat more openly than most, You can
-# now uncomment the following and allow git:// access to *everything* which is
-# not the admin repository
-# allow "Anonymous access is okay" op_read !is_admin_repo
diff --git a/gitano-admin/rules/createrepo.lace b/gitano-admin/rules/createrepo.lace
deleted file mode 100644
index bf4683e..0000000
--- a/gitano-admin/rules/createrepo.lace
+++ /dev/null
@@ -1,23 +0,0 @@
-#  _____                   
-# |_   _| __ _____   _____ 
-#   | || '__/ _ \ \ / / _ \
-#   | || | | (_) \ V /  __/
-#   |_||_|  \___/ \_/ \___|
-#
-# Copyright 2012 Codethink Limited
-#
-# Rules related to creating repositories
-
-# Administrators have already been permitted whatever they like
-# so this is for site-wide non-admins.
-
-##PEOPLE_COMMENT##allow "Personal repo creation is okay" repo_is_personal
-
-# Allow people in *-admins to create repositories under <foo>
-allow "Project admins may make project repositories" repo_is_local_project project_admin
-
-# Allow lorry to create repositories anywhere but the local project root
-allow "Lorry may create lorryable repos" is_lorry lorryable_repo
-
-# Otherwise the default is that non-admins can't create repositories
-deny "Repository creation is not permitted."
diff --git a/gitano-admin/rules/defines.lace b/gitano-admin/rules/defines.lace
deleted file mode 100644
index 380948a..0000000
--- a/gitano-admin/rules/defines.lace
+++ /dev/null
@@ -1,106 +0,0 @@
-#  _____                   
-# |_   _| __ _____   _____ 
-#   | || '__/ _ \ \ / / _ \
-#   | || | | (_) \ V /  __/
-#   |_||_|  \___/ \_/ \___|
-#
-# Copyright 2012,2013 Codethink Limited
-#
-# Core definitions for access control
-
-# Gitano provided definitions first
-
-# User/group related
-define is_admin group gitano-admin
-define is_owner owner ${user}
-define is_anonymous user gitano/anonymous
-
-define if_asanother as_user ~.
-
-# Self-related operations
-define op_whoami operation whoami
-define op_sshkey operation sshkey
-define op_passwd operation passwd
-define op_self anyof op_whoami op_sshkey op_passwd
-
-# Admin-related operations
-
-## Users
-define op_useradd operation useradd
-define op_userdel operation userdel
-define op_userlist operation userlist
-define op_useremail operation useremail
-define op_username operation username
-define op_user anyof op_userlist op_useradd op_userdel op_useremail op_username
-
-## Groups
-define op_grouplist operation grouplist
-define op_groupshow operation groupshow
-define op_groupadd operation groupadd
-define op_groupdel operation groupdel
-define op_groupadduser operation groupadduser
-define op_groupdeluser operation groupdeluser
-define op_groupaddgroup operation groupaddgroup
-define op_groupdelgroup operation groupdelgroup
-define op_groupdescription operation groupdescription
-define op_group anyof op_grouplist op_groupshow op_groupadd op_groupdel op_groupadduser op_groupdeluser op_groupaddgroup op_groupdelgroup op_groupdescription
-
-## Aggregation of admin ops
-define op_is_admin anyof op_user op_group
-
-# Primary repository-related operations
-define op_read operation read
-define op_write operation write
-define op_createrepo operation createrepo
-define op_renamerepo operation renamerepo
-define op_destroyrepo operation destroyrepo
-
-# Remote configuration operations
-define op_config_show operation config_show
-define op_config_set operation config_set
-define op_config_del operation config_del
-define op_is_config anyof op_config_show op_config_set op_config_del
-
-# Reference update related operations
-define op_createref operation createref
-define op_deleteref operation deleteref
-define op_fastforward operation updaterefff
-define op_forcedupdate operation updaterefnonff
-
-# Combinator operations
-define op_is_basic anyof op_read op_write
-define op_is_update anyof op_fastforward op_forcedupdate
-define op_is_normal anyof op_fastforward op_createref op_deleteref
-
-# Administration
-define is_admin_repo repository gitano-admin
-define is_gitano_ref ref ~^refs/gitano/
-define is_admin_ref ref refs/gitano/admin
-
-#
-#
-# Trove definitions after here
-#
-#
-
-define repo_is_personal repository ~^##ESC_PERSONAL_PREFIX##/${user}/
-define ref_is_personal ref ~^refs/heads/##ESC_PREFIX##/${user}/
-define repo_is_local_project repository ~^##ESC_PREFIX##/[^/]+/
-
-define project_reader  group ${repository/2}-readers
-define project_writer  group ${repository/2}-writers
-define project_admin   group ${repository/2}-admins
-define project_manager group ${repository/2}-managers
-
-define master_ref ref ~^refs/heads/master$
-
-define op_is_reffy anyof op_is_normal op_forcedupdate
-
-define trove_site_admin group trove-admin
-define target_group_gitano_admin targetgroup gitano-admin
-
-define is_lorry user lorry
-define is_local_ref ref ~^refs/heads/##ESC_PREFIX##/
-define lorryable_repo allof !repo_is_local_project !repo_is_personal !is_admin_repo
-
-define is_worker group workers
diff --git a/gitano-admin/rules/destroyrepo.lace b/gitano-admin/rules/destroyrepo.lace
deleted file mode 100644
index 6e6b446..0000000
--- a/gitano-admin/rules/destroyrepo.lace
+++ /dev/null
@@ -1,20 +0,0 @@
-#  _____                   
-# |_   _| __ _____   _____ 
-#   | || '__/ _ \ \ / / _ \
-#   | || | | (_) \ V /  __/
-#   |_||_|  \___/ \_/ \___|
-#
-# Copyright 2012 Codethink Limited
-#
-# Rules related to the destroying of repositories
-
-# Owners may destroy personal repositories
-allow "You may destroy your own repositories" is_owner repo_is_personal
-
-# Project admins may destroy repos inside their projects
-allow "Project admins may destroy project repos" repo_is_local_project project_admin
-
-# Allow lorry to destroy repositories anywhere but the local project root
-allow "Lorry may destroy lorryable repos" is_lorry lorryable_repo
-
-deny "You may not destroy repositories you do not own"
diff --git a/gitano-admin/rules/other-project.lace b/gitano-admin/rules/other-project.lace
deleted file mode 100644
index 7bc80cc..0000000
--- a/gitano-admin/rules/other-project.lace
+++ /dev/null
@@ -1,25 +0,0 @@
-#  _____                   
-# |_   _| __ _____   _____ 
-#   | || '__/ _ \ \ / / _ \
-#   | || | | (_) \ V /  __/
-#   |_||_|  \___/ \_/ \___|
-#
-# Copyright 2012,2013 Codethink Limited
-#
-# Rules for any repository not under ##PREFIX##
-
-# This is, by default, /baserock/ and /delta/
-
-# There are two classes of accessors here.  Lorry and Others
-allow "Anyone may read here" op_read
-allow "Anyone may write here" op_write !is_anonymous
-
-# Lorry can do anything reffy which is not inside the local refs
-allow "Lorry may touch everything but refs/heads/##PREFIX##" op_is_reffy is_lorry !is_local_ref
-
-# Noone can rewind/rebase outside of their personal refs
-deny "Non-personal branches may not be rewound/rebased" op_forcedupdate !is_lorry !ref_is_personal
-
-# Everyone else can do reffy things inside refs/heads/##PREFIX##
-allow "Project writers may alter any refs" op_is_reffy !is_lorry is_local_ref
-
diff --git a/gitano-admin/rules/project.lace b/gitano-admin/rules/project.lace
deleted file mode 100644
index aa5e1e2..0000000
--- a/gitano-admin/rules/project.lace
+++ /dev/null
@@ -1,38 +0,0 @@
-#  _____                   
-# |_   _| __ _____   _____ 
-#   | || '__/ _ \ \ / / _ \
-#   | || | | (_) \ V /  __/
-#   |_||_|  \___/ \_/ \___|
-#
-# Copyright 2012 Codethink Limited
-#
-# Core project administration rules
-
-# Admins already got allowed, so this is for non-admin users only
-allow "Owners can always read and write" op_is_basic is_owner repo_is_personal
-
-# Any non-gitano-admin repo is readable to the lorry user and the worker group
-allow "Lorry may read" op_read is_lorry lorryable_repo
-allow "Workers may read" op_read !is_admin_repo is_worker
-
-# Force /baserock and /delta to always be anon-readable which means git:// will
-# work.  This is part of the core ruleset for Baserock because /baserock/ and
-# /delta/ are always open source.
-define is_baserock_repo repository ~^baserock/
-define is_delta_repo repository ~^delta/
-define is_opensource_repo anyof is_baserock_repo is_delta_repo
-
-allow "Anonymous access always allowed" op_read !is_admin_repo is_opensource_repo
-
-# Project remote-configuration rules (set-head etc)
-include global:remoteconfigchecks op_is_config
-
-# Okay, if we're altering the admin ref, in we go
-include global:adminchecks is_admin_ref
-
-# Now we're into branch operations.
-# Owners of personal repositories can do any reffy operation
-allow "Owners can create refs" op_is_reffy is_owner repo_is_personal
-
-include global:trove-project repo_is_local_project
-include global:other-project lorryable_repo
diff --git a/gitano-admin/rules/remoteconfigchecks.lace b/gitano-admin/rules/remoteconfigchecks.lace
deleted file mode 100644
index 6f88f5f..0000000
--- a/gitano-admin/rules/remoteconfigchecks.lace
+++ /dev/null
@@ -1,20 +0,0 @@
-#  _____                   
-# |_   _| __ _____   _____ 
-#   | || '__/ _ \ \ / / _ \
-#   | || | | (_) \ V /  __/
-#   |_||_|  \___/ \_/ \___|
-#
-# Copyright 2012 Codethink Limited
-#
-# Remote config checks
-
-# Owners may do any remote admin operation they choose
-allow "Owners may remote-admin their repositories" is_owner repo_is_personal
-
-# *-admins may remote-admin their project's repositories
-allow "Project admins may admin project repos" repo_is_local_project project_admin
-
-# lorry may remote-admin lorryable repositories
-allow "Lorry may admin lorry repos" is_lorry lorryable_repo
-
-deny "You may not configure this repository remotely"
diff --git a/gitano-admin/rules/renamerepo.lace b/gitano-admin/rules/renamerepo.lace
deleted file mode 100644
index e4a51be..0000000
--- a/gitano-admin/rules/renamerepo.lace
+++ /dev/null
@@ -1,19 +0,0 @@
-#  _____                   
-# |_   _| __ _____   _____ 
-#   | || '__/ _ \ \ / / _ \
-#   | || | | (_) \ V /  __/
-#   |_||_|  \___/ \_/ \___|
-#
-# Copyright 2012 Codethink Limited
-#
-# Rules related to renaming repositories
-
-# Owners may rename their own repositories
-allow "Owners may rename repositories" op_renamerepo repo_is_personal is_owner
-
-# Project admins may rename repos provided they're admin of source *and* target
-# Since the rename operation checks 'create' for the target, we can just
-# check the source here
-allow "Admins may rename project repositories" op_renamerepo repo_is_local_project project_admin
-
-deny "You may not rename a repository you do not own"
diff --git a/gitano-admin/rules/selfchecks.lace b/gitano-admin/rules/selfchecks.lace
deleted file mode 100644
index 83ef778..0000000
--- a/gitano-admin/rules/selfchecks.lace
+++ /dev/null
@@ -1,15 +0,0 @@
-#  _____                   
-# |_   _| __ _____   _____ 
-#   | || '__/ _ \ \ / / _ \
-#   | || | | (_) \ V /  __/
-#   |_||_|  \___/ \_/ \___|
-#
-# Copyright 2012 Codethink Limited
-#
-# Checks against self-like operations.
-
-allow "You may ask who you are" op_whoami
-
-allow "You may manage your own ssh keys" op_sshkey
-
-allow "You may change your own password" op_passwd
diff --git a/gitano-admin/rules/siteadmin.lace b/gitano-admin/rules/siteadmin.lace
deleted file mode 100644
index 06c71bb..0000000
--- a/gitano-admin/rules/siteadmin.lace
+++ /dev/null
@@ -1,32 +0,0 @@
-#  _____                   
-# |_   _| __ _____   _____ 
-#   | || '__/ _ \ \ / / _ \
-#   | || | | (_) \ V /  __/
-#   |_||_|  \___/ \_/ \___|
-#
-# Copyright 2012 Codethink Limited
-#
-# Site administration rules
-
-# You must explicitly allow site administration here for anyone who
-# has the rights to do site admin but isn't an administrator.
-
-# trove_site_admin is a predicate which matches members of the trove-admin
-# group (The site-wide user/group administration group which is not the full
-# administration group)
-allow "Trove Site Admins can manage users" trove_site_admin op_user
-allow "Trove Site Admins can manage groups other than gitano-admin" trove_site_admin op_group !target_group_gitano_admin
-
-# XXX-managers members are permitted to edit XXX-* groups
-define trove_may_admin_target_group group ${targetgroup/prefix}-managers
-define target_group_has_hyphen targetgroup ~%-
-allow "Trove project managers can manage the groups for their projects" op_group target_group_has_hyphen trove_may_admin_target_group
-
-# Anyone is permitted to look at the people in trove-admin and *-managers
-define trove_target_group_is_trove_admin targetgroup trove-admin
-define trove_target_group_is_project_managers targetgroup ~^.+-managers$
-define trove_show_target_ok anyof trove_target_group_is_trove_admin trove_target_group_is_project_managers
-allow "Anyone may see admin groups" op_groupshow trove_show_target_ok
-
-# Otherwise we always deny site administration
-deny "You may not perform site administration"
diff --git a/gitano-admin/rules/trove-project.lace b/gitano-admin/rules/trove-project.lace
deleted file mode 100644
index 383ba98..0000000
--- a/gitano-admin/rules/trove-project.lace
+++ /dev/null
@@ -1,29 +0,0 @@
-#  _____                   
-# |_   _| __ _____   _____ 
-#   | || '__/ _ \ \ / / _ \
-#   | || | | (_) \ V /  __/
-#   |_||_|  \___/ \_/ \___|
-#
-# Copyright 2012,2013 Codethink Limited
-#
-# Rules for ##PREFIX##/... repositories
-
-# Reading the repository
-allow "Project readers may read" op_read project_reader
-deny "This repository is not for you" op_read
-
-# Basic writes to the repo
-allow "Project writers may write" op_write project_writer
-deny "This repository is not for you" op_write
-
-# Ref based rules for the repo
-deny "Non-personal branches may not be rewound/rebased" op_forcedupdate !ref_is_personal
-
-## Master
-allow "Master may be created" op_createref master_ref
-allow "Master may be altered" op_is_update master_ref
-deny "Master may not be deleted" op_deleteref master_ref
-
-## Anything else.
-allow "Project writers may alter any refs" op_is_reffy !master_ref project_writer
-
diff --git a/gitano-admin/users/distbuild/user.conf b/gitano-admin/users/distbuild/user.conf
deleted file mode 100644
index 62ac3f5..0000000
--- a/gitano-admin/users/distbuild/user.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-email_address "distbuild@##TROVE_HOSTNAME##"
-real_name "Baserock Distributed Build Service"
diff --git a/gitano-admin/users/lorry/user.conf b/gitano-admin/users/lorry/user.conf
deleted file mode 100644
index f21fac7..0000000
--- a/gitano-admin/users/lorry/user.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-email_address "lorry@##TROVE_HOSTNAME##"
-real_name "Source Code Lorry Service"
diff --git a/gitano-admin/users/mason/user.conf b/gitano-admin/users/mason/user.conf
deleted file mode 100644
index 639de4e..0000000
--- a/gitano-admin/users/mason/user.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-email_address "mason@##TROVE_HOSTNAME##"
-real_name "Baserock Continuous Integration Service"