From 54e3fbd49d10b70d04e03a646a494ec29a49ffc3 Mon Sep 17 00:00:00 2001 From: Pedro Alvarez Date: Tue, 17 Jun 2014 10:06:13 +0000 Subject: Move gitano skeleton to /usr/share/trove-setup/ --- Makefile | 2 - gitano-admin/global-hooks/post-receive.lua | 105 -------------------- gitano-admin/groups/local-config-admins.conf | 1 - gitano-admin/groups/local-config-managers.conf | 3 - gitano-admin/groups/local-config-readers.conf | 5 - gitano-admin/groups/local-config-writers.conf | 3 - gitano-admin/groups/trove-admin.conf | 1 - gitano-admin/groups/workers.conf | 4 - gitano-admin/rules/adminchecks.lace | 25 ----- gitano-admin/rules/aschecks.lace | 30 ------ gitano-admin/rules/core.lace | 47 --------- gitano-admin/rules/createrepo.lace | 23 ----- gitano-admin/rules/defines.lace | 106 --------------------- gitano-admin/rules/destroyrepo.lace | 20 ---- gitano-admin/rules/other-project.lace | 25 ----- gitano-admin/rules/project.lace | 38 -------- gitano-admin/rules/remoteconfigchecks.lace | 20 ---- gitano-admin/rules/renamerepo.lace | 19 ---- gitano-admin/rules/selfchecks.lace | 15 --- gitano-admin/rules/siteadmin.lace | 32 ------- gitano-admin/rules/trove-project.lace | 29 ------ gitano-admin/users/distbuild/user.conf | 2 - gitano-admin/users/lorry/user.conf | 2 - gitano-admin/users/mason/user.conf | 2 - .../gitano-admin/global-hooks/post-receive.lua | 105 ++++++++++++++++++++ .../gitano-admin/groups/local-config-admins.conf | 1 + .../gitano-admin/groups/local-config-managers.conf | 3 + .../gitano-admin/groups/local-config-readers.conf | 5 + .../gitano-admin/groups/local-config-writers.conf | 3 + .../skel/gitano-admin/groups/trove-admin.conf | 1 + share/gitano/skel/gitano-admin/groups/workers.conf | 4 + .../skel/gitano-admin/rules/adminchecks.lace | 25 +++++ share/gitano/skel/gitano-admin/rules/aschecks.lace | 30 ++++++ share/gitano/skel/gitano-admin/rules/core.lace | 47 +++++++++ .../gitano/skel/gitano-admin/rules/createrepo.lace | 23 +++++ share/gitano/skel/gitano-admin/rules/defines.lace | 106 +++++++++++++++++++++ .../skel/gitano-admin/rules/destroyrepo.lace | 20 ++++ .../skel/gitano-admin/rules/other-project.lace | 25 +++++ share/gitano/skel/gitano-admin/rules/project.lace | 38 ++++++++ .../gitano-admin/rules/remoteconfigchecks.lace | 20 ++++ .../gitano/skel/gitano-admin/rules/renamerepo.lace | 19 ++++ .../gitano/skel/gitano-admin/rules/selfchecks.lace | 15 +++ .../gitano/skel/gitano-admin/rules/siteadmin.lace | 32 +++++++ .../skel/gitano-admin/rules/trove-project.lace | 29 ++++++ .../skel/gitano-admin/users/distbuild/user.conf | 2 + .../gitano/skel/gitano-admin/users/lorry/user.conf | 2 + .../gitano/skel/gitano-admin/users/mason/user.conf | 2 + 47 files changed, 557 insertions(+), 559 deletions(-) delete mode 100644 gitano-admin/global-hooks/post-receive.lua delete mode 100644 gitano-admin/groups/local-config-admins.conf delete mode 100644 gitano-admin/groups/local-config-managers.conf delete mode 100644 gitano-admin/groups/local-config-readers.conf delete mode 100644 gitano-admin/groups/local-config-writers.conf delete mode 100644 gitano-admin/groups/trove-admin.conf delete mode 100644 gitano-admin/groups/workers.conf delete mode 100644 gitano-admin/rules/adminchecks.lace delete mode 100644 gitano-admin/rules/aschecks.lace delete mode 100644 gitano-admin/rules/core.lace delete mode 100644 gitano-admin/rules/createrepo.lace delete mode 100644 gitano-admin/rules/defines.lace delete mode 100644 gitano-admin/rules/destroyrepo.lace delete mode 100644 gitano-admin/rules/other-project.lace delete mode 100644 gitano-admin/rules/project.lace delete mode 100644 gitano-admin/rules/remoteconfigchecks.lace delete mode 100644 gitano-admin/rules/renamerepo.lace delete mode 100644 gitano-admin/rules/selfchecks.lace delete mode 100644 gitano-admin/rules/siteadmin.lace delete mode 100644 gitano-admin/rules/trove-project.lace delete mode 100644 gitano-admin/users/distbuild/user.conf delete mode 100644 gitano-admin/users/lorry/user.conf delete mode 100644 gitano-admin/users/mason/user.conf create mode 100644 share/gitano/skel/gitano-admin/global-hooks/post-receive.lua create mode 100644 share/gitano/skel/gitano-admin/groups/local-config-admins.conf create mode 100644 share/gitano/skel/gitano-admin/groups/local-config-managers.conf create mode 100644 share/gitano/skel/gitano-admin/groups/local-config-readers.conf create mode 100644 share/gitano/skel/gitano-admin/groups/local-config-writers.conf create mode 100644 share/gitano/skel/gitano-admin/groups/trove-admin.conf create mode 100644 share/gitano/skel/gitano-admin/groups/workers.conf create mode 100644 share/gitano/skel/gitano-admin/rules/adminchecks.lace create mode 100644 share/gitano/skel/gitano-admin/rules/aschecks.lace create mode 100644 share/gitano/skel/gitano-admin/rules/core.lace create mode 100644 share/gitano/skel/gitano-admin/rules/createrepo.lace create mode 100644 share/gitano/skel/gitano-admin/rules/defines.lace create mode 100644 share/gitano/skel/gitano-admin/rules/destroyrepo.lace create mode 100644 share/gitano/skel/gitano-admin/rules/other-project.lace create mode 100644 share/gitano/skel/gitano-admin/rules/project.lace create mode 100644 share/gitano/skel/gitano-admin/rules/remoteconfigchecks.lace create mode 100644 share/gitano/skel/gitano-admin/rules/renamerepo.lace create mode 100644 share/gitano/skel/gitano-admin/rules/selfchecks.lace create mode 100644 share/gitano/skel/gitano-admin/rules/siteadmin.lace create mode 100644 share/gitano/skel/gitano-admin/rules/trove-project.lace create mode 100644 share/gitano/skel/gitano-admin/users/distbuild/user.conf create mode 100644 share/gitano/skel/gitano-admin/users/lorry/user.conf create mode 100644 share/gitano/skel/gitano-admin/users/mason/user.conf diff --git a/Makefile b/Makefile index ba0b752..0559468 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,4 @@ install: - mkdir -p "${DESTDIR}/usr/share/gitano/skel" - cp -a gitano-admin "${DESTDIR}/usr/share/gitano/skel" mkdir -p "${DESTDIR}/usr/lib/systemd/system/multi-user.target.wants" cp units/* "${DESTDIR}/usr/lib/systemd/system" for I in $$(cd units; ls); do \ diff --git a/gitano-admin/global-hooks/post-receive.lua b/gitano-admin/global-hooks/post-receive.lua deleted file mode 100644 index d1b3864..0000000 --- a/gitano-admin/global-hooks/post-receive.lua +++ /dev/null @@ -1,105 +0,0 @@ --- mason-notify.post-receive.lua --- --- Global post-receive hook which notifies Mason of any and all refs updates --- (except refs/gitano/*) which happen. --- --- It notifies Mason *before* passing the updates on to the project hook. --- --- Copyright 2012 Codethink Limited --- --- This is a part of Trove and re-use is limited to Baserock systems only. --- - -local project_hook, repo, updates = ... - -local EMPTY_SHA = ("0"):rep(40) - -local masonhost = "##MASON_HOST##:##MASON_PORT##" -local basepath = "/1.0" -local urlbases = { - "git://##TROVE_HOSTNAME##/", - "ssh://git@##TROVE_HOSTNAME##/", -} - -local notify_mason = false - -for ref in pairs(updates) do - if not ref:match("^refs/gitano/") then - notify_mason = true - end -end - -if notify_mason and repo.name ~= "gitano-admin" then - -- Build the report... - local masoninfo, indent_level = {}, 0 - local function _(...) - masoninfo[#masoninfo+1] = (" "):rep(indent_level) .. table.concat({...}) - end - local function indent() - indent_level = indent_level + 1 - end - local function dedent() - indent_level = indent_level - 1 - end - _ "{" indent() - - _ '"urls": [' indent() - - for i = 1, #urlbases do - local comma = (i==#urlbases) and "" or "," - _(("%q,"):format(urlbases[i] .. repo.name)) - _(("%q%s"):format(urlbases[i] .. repo.name .. ".git", comma)) - end - - dedent() _ "]," - - _ '"changes": [' indent() - - local toreport = {} - for ref, info in pairs(updates) do - if not ref:match("^refs/gitano") then - local action - if info.oldsha == EMPTY_SHA then - action = "create" - elseif info.newsha == EMPTY_SHA then - action = "delete" - else - action = "update" - end - toreport[#toreport+1] = { - ('"ref": %q,'):format(ref), - ('"action": %q,'):format(action), - ('"old": %q,'):format(info.oldsha), - ('"new": %q'):format(info.newsha) - } - end - end - for i = 1, #toreport do - local comma = (i==#toreport) and "" or "," - _ "{" indent() - for __, ent in ipairs(toreport[i]) do - _(ent) - end - dedent() _("}", comma) - end - dedent() _ "]" - - dedent() _ "}" - - -- And finalise the JSON object - _("") - masoninfo = table.concat(masoninfo, "\n") - log.state("Notifying Mason of changes...") - - local code, msg, headers, content = - http.post(masonhost, basepath, "application/json", masoninfo) - if code ~= "200" then - log.state("Notification failed somehow") - end - for line in content:gmatch("([^\r\n]*)\r?\n") do - log.state("Mason: " .. line) - end -end - --- Finally, chain to the project hook -return project_hook(repo, updates) diff --git a/gitano-admin/groups/local-config-admins.conf b/gitano-admin/groups/local-config-admins.conf deleted file mode 100644 index 435a297..0000000 --- a/gitano-admin/groups/local-config-admins.conf +++ /dev/null @@ -1 +0,0 @@ -description "Users who are permitted to administer the local-config project" diff --git a/gitano-admin/groups/local-config-managers.conf b/gitano-admin/groups/local-config-managers.conf deleted file mode 100644 index 711be8f..0000000 --- a/gitano-admin/groups/local-config-managers.conf +++ /dev/null @@ -1,3 +0,0 @@ -description "Users who are permitted to manage the local-config project" - -subgroups["*"] "local-config-admins" diff --git a/gitano-admin/groups/local-config-readers.conf b/gitano-admin/groups/local-config-readers.conf deleted file mode 100644 index 63e6bb3..0000000 --- a/gitano-admin/groups/local-config-readers.conf +++ /dev/null @@ -1,5 +0,0 @@ -description "Users who are permitted to read from the local-config project" - -members["*"] "lorry" - -subgroups["*"] "local-config-writers" diff --git a/gitano-admin/groups/local-config-writers.conf b/gitano-admin/groups/local-config-writers.conf deleted file mode 100644 index 9bbff24..0000000 --- a/gitano-admin/groups/local-config-writers.conf +++ /dev/null @@ -1,3 +0,0 @@ -description "Users who are permitted to write to the local-config project" - -subgroups["*"] "local-config-managers" diff --git a/gitano-admin/groups/trove-admin.conf b/gitano-admin/groups/trove-admin.conf deleted file mode 100644 index e912653..0000000 --- a/gitano-admin/groups/trove-admin.conf +++ /dev/null @@ -1 +0,0 @@ -description "Trove-local administration" diff --git a/gitano-admin/groups/workers.conf b/gitano-admin/groups/workers.conf deleted file mode 100644 index 5586538..0000000 --- a/gitano-admin/groups/workers.conf +++ /dev/null @@ -1,4 +0,0 @@ -description "Workers who have read-access to everything" - -members["*"] "distbuild" -members["*"] "mason" diff --git a/gitano-admin/rules/adminchecks.lace b/gitano-admin/rules/adminchecks.lace deleted file mode 100644 index ffe99a0..0000000 --- a/gitano-admin/rules/adminchecks.lace +++ /dev/null @@ -1,25 +0,0 @@ -# _____ -# |_ _| __ _____ _____ -# | || '__/ _ \ \ / / _ \ -# | || | | (_) \ V / __/ -# |_||_| \___/ \_/ \___| -# -# Copyright 2012 Codethink Limited -# -# Core project administration rules - -# Called with ref known to be refs/gitano/admin - -# Administrators already got to do anything, so this is for non-admins - -# Non-admin members may not delete the admin ref -deny "Non-administrators may not delete the admin ref" op_deleteref - -# Otherwise, the project's owner is allowed to alter the admin tree -allow "Project owner may alter the admin ref" is_owner repo_is_personal - -# Project admins may alter admin refs -allow "Project admins may alter the admin ref of project repos" repo_is_local_project project_admin - -# Any other opportunities for altering the admin ref must be provided -# by the project's rules diff --git a/gitano-admin/rules/aschecks.lace b/gitano-admin/rules/aschecks.lace deleted file mode 100644 index fc76440..0000000 --- a/gitano-admin/rules/aschecks.lace +++ /dev/null @@ -1,30 +0,0 @@ -# _____ -# |_ _| __ _____ _____ -# | || '__/ _ \ \ / / _ \ -# | || | | (_) \ V / __/ -# |_||_| \___/ \_/ \___| -# -# Copyright 2012 Codethink Limited -# -# Rules for when we're running as another user. - -# Only 'deny' things which are not allowed. If you 'allow' then it will allow -# the actual operation, not just fail to deny the fact that it's 'as' someone -# else. - -define as_is_admin as_group gitano-admin - -# trove-admin members are permitted to run sshkey and whoami on behalf -# of others in order to check users and grant access, providing the target -# user is not part of the gitano-admin group. - -define as_is_trove_admin as_group trove-admin -define as_trove_admin_ok allof as_is_trove_admin !is_admin op_self - -# You are permitted to do things 'as' others if and only if the caller is -# either a member of the administration group, or else meets the above -# requirements. -define as_is_ok anyof as_is_admin as_trove_admin_ok - -# Explicitly deny any impersonation operation which does not meet the above. -deny "You may not run things as another user unless you are an admin" !as_is_ok diff --git a/gitano-admin/rules/core.lace b/gitano-admin/rules/core.lace deleted file mode 100644 index dab7cfb..0000000 --- a/gitano-admin/rules/core.lace +++ /dev/null @@ -1,47 +0,0 @@ -# _____ -# |_ _| __ _____ _____ -# | || '__/ _ \ \ / / _ \ -# | || | | (_) \ V / __/ -# |_||_| \___/ \_/ \___| -# -# Copyright 2012 Codethink Limited -# -# Core ruleset definitions for Trove. - -default deny "Trove ruleset failed to define result. Access denied." - -include global:defines - -# The users in the administration group (gitano-admin) may do anything -# they choose (providing they're not being impersonated). By default -# Only the user created as part of trove-setup has this level of access. -allow "Administrators can do anything" is_admin !if_asanother - -# Now let's decide if we can use 'as' -include global:aschecks if_asanother - -# Operations which are against 'self' get checked next -include global:selfchecks - -# Administration operations (users, groups) next -include global:siteadmin op_is_admin - -# Site-defined rules for repository creation -include global:createrepo op_createrepo - -# Site-defined rules for repository renaming -include global:renamerepo op_renamerepo - -# Site-defined rules for repository destruction -include global:destroyrepo op_destroyrepo - -# Site-defined rules for project repositories, including admin of them -include global:project - -# Now the project rules themselves -include main - -# If you're running your access control somewhat more openly than most, You can -# now uncomment the following and allow git:// access to *everything* which is -# not the admin repository -# allow "Anonymous access is okay" op_read !is_admin_repo diff --git a/gitano-admin/rules/createrepo.lace b/gitano-admin/rules/createrepo.lace deleted file mode 100644 index bf4683e..0000000 --- a/gitano-admin/rules/createrepo.lace +++ /dev/null @@ -1,23 +0,0 @@ -# _____ -# |_ _| __ _____ _____ -# | || '__/ _ \ \ / / _ \ -# | || | | (_) \ V / __/ -# |_||_| \___/ \_/ \___| -# -# Copyright 2012 Codethink Limited -# -# Rules related to creating repositories - -# Administrators have already been permitted whatever they like -# so this is for site-wide non-admins. - -##PEOPLE_COMMENT##allow "Personal repo creation is okay" repo_is_personal - -# Allow people in *-admins to create repositories under -allow "Project admins may make project repositories" repo_is_local_project project_admin - -# Allow lorry to create repositories anywhere but the local project root -allow "Lorry may create lorryable repos" is_lorry lorryable_repo - -# Otherwise the default is that non-admins can't create repositories -deny "Repository creation is not permitted." diff --git a/gitano-admin/rules/defines.lace b/gitano-admin/rules/defines.lace deleted file mode 100644 index 380948a..0000000 --- a/gitano-admin/rules/defines.lace +++ /dev/null @@ -1,106 +0,0 @@ -# _____ -# |_ _| __ _____ _____ -# | || '__/ _ \ \ / / _ \ -# | || | | (_) \ V / __/ -# |_||_| \___/ \_/ \___| -# -# Copyright 2012,2013 Codethink Limited -# -# Core definitions for access control - -# Gitano provided definitions first - -# User/group related -define is_admin group gitano-admin -define is_owner owner ${user} -define is_anonymous user gitano/anonymous - -define if_asanother as_user ~. - -# Self-related operations -define op_whoami operation whoami -define op_sshkey operation sshkey -define op_passwd operation passwd -define op_self anyof op_whoami op_sshkey op_passwd - -# Admin-related operations - -## Users -define op_useradd operation useradd -define op_userdel operation userdel -define op_userlist operation userlist -define op_useremail operation useremail -define op_username operation username -define op_user anyof op_userlist op_useradd op_userdel op_useremail op_username - -## Groups -define op_grouplist operation grouplist -define op_groupshow operation groupshow -define op_groupadd operation groupadd -define op_groupdel operation groupdel -define op_groupadduser operation groupadduser -define op_groupdeluser operation groupdeluser -define op_groupaddgroup operation groupaddgroup -define op_groupdelgroup operation groupdelgroup -define op_groupdescription operation groupdescription -define op_group anyof op_grouplist op_groupshow op_groupadd op_groupdel op_groupadduser op_groupdeluser op_groupaddgroup op_groupdelgroup op_groupdescription - -## Aggregation of admin ops -define op_is_admin anyof op_user op_group - -# Primary repository-related operations -define op_read operation read -define op_write operation write -define op_createrepo operation createrepo -define op_renamerepo operation renamerepo -define op_destroyrepo operation destroyrepo - -# Remote configuration operations -define op_config_show operation config_show -define op_config_set operation config_set -define op_config_del operation config_del -define op_is_config anyof op_config_show op_config_set op_config_del - -# Reference update related operations -define op_createref operation createref -define op_deleteref operation deleteref -define op_fastforward operation updaterefff -define op_forcedupdate operation updaterefnonff - -# Combinator operations -define op_is_basic anyof op_read op_write -define op_is_update anyof op_fastforward op_forcedupdate -define op_is_normal anyof op_fastforward op_createref op_deleteref - -# Administration -define is_admin_repo repository gitano-admin -define is_gitano_ref ref ~^refs/gitano/ -define is_admin_ref ref refs/gitano/admin - -# -# -# Trove definitions after here -# -# - -define repo_is_personal repository ~^##ESC_PERSONAL_PREFIX##/${user}/ -define ref_is_personal ref ~^refs/heads/##ESC_PREFIX##/${user}/ -define repo_is_local_project repository ~^##ESC_PREFIX##/[^/]+/ - -define project_reader group ${repository/2}-readers -define project_writer group ${repository/2}-writers -define project_admin group ${repository/2}-admins -define project_manager group ${repository/2}-managers - -define master_ref ref ~^refs/heads/master$ - -define op_is_reffy anyof op_is_normal op_forcedupdate - -define trove_site_admin group trove-admin -define target_group_gitano_admin targetgroup gitano-admin - -define is_lorry user lorry -define is_local_ref ref ~^refs/heads/##ESC_PREFIX##/ -define lorryable_repo allof !repo_is_local_project !repo_is_personal !is_admin_repo - -define is_worker group workers diff --git a/gitano-admin/rules/destroyrepo.lace b/gitano-admin/rules/destroyrepo.lace deleted file mode 100644 index 6e6b446..0000000 --- a/gitano-admin/rules/destroyrepo.lace +++ /dev/null @@ -1,20 +0,0 @@ -# _____ -# |_ _| __ _____ _____ -# | || '__/ _ \ \ / / _ \ -# | || | | (_) \ V / __/ -# |_||_| \___/ \_/ \___| -# -# Copyright 2012 Codethink Limited -# -# Rules related to the destroying of repositories - -# Owners may destroy personal repositories -allow "You may destroy your own repositories" is_owner repo_is_personal - -# Project admins may destroy repos inside their projects -allow "Project admins may destroy project repos" repo_is_local_project project_admin - -# Allow lorry to destroy repositories anywhere but the local project root -allow "Lorry may destroy lorryable repos" is_lorry lorryable_repo - -deny "You may not destroy repositories you do not own" diff --git a/gitano-admin/rules/other-project.lace b/gitano-admin/rules/other-project.lace deleted file mode 100644 index 7bc80cc..0000000 --- a/gitano-admin/rules/other-project.lace +++ /dev/null @@ -1,25 +0,0 @@ -# _____ -# |_ _| __ _____ _____ -# | || '__/ _ \ \ / / _ \ -# | || | | (_) \ V / __/ -# |_||_| \___/ \_/ \___| -# -# Copyright 2012,2013 Codethink Limited -# -# Rules for any repository not under ##PREFIX## - -# This is, by default, /baserock/ and /delta/ - -# There are two classes of accessors here. Lorry and Others -allow "Anyone may read here" op_read -allow "Anyone may write here" op_write !is_anonymous - -# Lorry can do anything reffy which is not inside the local refs -allow "Lorry may touch everything but refs/heads/##PREFIX##" op_is_reffy is_lorry !is_local_ref - -# Noone can rewind/rebase outside of their personal refs -deny "Non-personal branches may not be rewound/rebased" op_forcedupdate !is_lorry !ref_is_personal - -# Everyone else can do reffy things inside refs/heads/##PREFIX## -allow "Project writers may alter any refs" op_is_reffy !is_lorry is_local_ref - diff --git a/gitano-admin/rules/project.lace b/gitano-admin/rules/project.lace deleted file mode 100644 index aa5e1e2..0000000 --- a/gitano-admin/rules/project.lace +++ /dev/null @@ -1,38 +0,0 @@ -# _____ -# |_ _| __ _____ _____ -# | || '__/ _ \ \ / / _ \ -# | || | | (_) \ V / __/ -# |_||_| \___/ \_/ \___| -# -# Copyright 2012 Codethink Limited -# -# Core project administration rules - -# Admins already got allowed, so this is for non-admin users only -allow "Owners can always read and write" op_is_basic is_owner repo_is_personal - -# Any non-gitano-admin repo is readable to the lorry user and the worker group -allow "Lorry may read" op_read is_lorry lorryable_repo -allow "Workers may read" op_read !is_admin_repo is_worker - -# Force /baserock and /delta to always be anon-readable which means git:// will -# work. This is part of the core ruleset for Baserock because /baserock/ and -# /delta/ are always open source. -define is_baserock_repo repository ~^baserock/ -define is_delta_repo repository ~^delta/ -define is_opensource_repo anyof is_baserock_repo is_delta_repo - -allow "Anonymous access always allowed" op_read !is_admin_repo is_opensource_repo - -# Project remote-configuration rules (set-head etc) -include global:remoteconfigchecks op_is_config - -# Okay, if we're altering the admin ref, in we go -include global:adminchecks is_admin_ref - -# Now we're into branch operations. -# Owners of personal repositories can do any reffy operation -allow "Owners can create refs" op_is_reffy is_owner repo_is_personal - -include global:trove-project repo_is_local_project -include global:other-project lorryable_repo diff --git a/gitano-admin/rules/remoteconfigchecks.lace b/gitano-admin/rules/remoteconfigchecks.lace deleted file mode 100644 index 6f88f5f..0000000 --- a/gitano-admin/rules/remoteconfigchecks.lace +++ /dev/null @@ -1,20 +0,0 @@ -# _____ -# |_ _| __ _____ _____ -# | || '__/ _ \ \ / / _ \ -# | || | | (_) \ V / __/ -# |_||_| \___/ \_/ \___| -# -# Copyright 2012 Codethink Limited -# -# Remote config checks - -# Owners may do any remote admin operation they choose -allow "Owners may remote-admin their repositories" is_owner repo_is_personal - -# *-admins may remote-admin their project's repositories -allow "Project admins may admin project repos" repo_is_local_project project_admin - -# lorry may remote-admin lorryable repositories -allow "Lorry may admin lorry repos" is_lorry lorryable_repo - -deny "You may not configure this repository remotely" diff --git a/gitano-admin/rules/renamerepo.lace b/gitano-admin/rules/renamerepo.lace deleted file mode 100644 index e4a51be..0000000 --- a/gitano-admin/rules/renamerepo.lace +++ /dev/null @@ -1,19 +0,0 @@ -# _____ -# |_ _| __ _____ _____ -# | || '__/ _ \ \ / / _ \ -# | || | | (_) \ V / __/ -# |_||_| \___/ \_/ \___| -# -# Copyright 2012 Codethink Limited -# -# Rules related to renaming repositories - -# Owners may rename their own repositories -allow "Owners may rename repositories" op_renamerepo repo_is_personal is_owner - -# Project admins may rename repos provided they're admin of source *and* target -# Since the rename operation checks 'create' for the target, we can just -# check the source here -allow "Admins may rename project repositories" op_renamerepo repo_is_local_project project_admin - -deny "You may not rename a repository you do not own" diff --git a/gitano-admin/rules/selfchecks.lace b/gitano-admin/rules/selfchecks.lace deleted file mode 100644 index 83ef778..0000000 --- a/gitano-admin/rules/selfchecks.lace +++ /dev/null @@ -1,15 +0,0 @@ -# _____ -# |_ _| __ _____ _____ -# | || '__/ _ \ \ / / _ \ -# | || | | (_) \ V / __/ -# |_||_| \___/ \_/ \___| -# -# Copyright 2012 Codethink Limited -# -# Checks against self-like operations. - -allow "You may ask who you are" op_whoami - -allow "You may manage your own ssh keys" op_sshkey - -allow "You may change your own password" op_passwd diff --git a/gitano-admin/rules/siteadmin.lace b/gitano-admin/rules/siteadmin.lace deleted file mode 100644 index 06c71bb..0000000 --- a/gitano-admin/rules/siteadmin.lace +++ /dev/null @@ -1,32 +0,0 @@ -# _____ -# |_ _| __ _____ _____ -# | || '__/ _ \ \ / / _ \ -# | || | | (_) \ V / __/ -# |_||_| \___/ \_/ \___| -# -# Copyright 2012 Codethink Limited -# -# Site administration rules - -# You must explicitly allow site administration here for anyone who -# has the rights to do site admin but isn't an administrator. - -# trove_site_admin is a predicate which matches members of the trove-admin -# group (The site-wide user/group administration group which is not the full -# administration group) -allow "Trove Site Admins can manage users" trove_site_admin op_user -allow "Trove Site Admins can manage groups other than gitano-admin" trove_site_admin op_group !target_group_gitano_admin - -# XXX-managers members are permitted to edit XXX-* groups -define trove_may_admin_target_group group ${targetgroup/prefix}-managers -define target_group_has_hyphen targetgroup ~%- -allow "Trove project managers can manage the groups for their projects" op_group target_group_has_hyphen trove_may_admin_target_group - -# Anyone is permitted to look at the people in trove-admin and *-managers -define trove_target_group_is_trove_admin targetgroup trove-admin -define trove_target_group_is_project_managers targetgroup ~^.+-managers$ -define trove_show_target_ok anyof trove_target_group_is_trove_admin trove_target_group_is_project_managers -allow "Anyone may see admin groups" op_groupshow trove_show_target_ok - -# Otherwise we always deny site administration -deny "You may not perform site administration" diff --git a/gitano-admin/rules/trove-project.lace b/gitano-admin/rules/trove-project.lace deleted file mode 100644 index 383ba98..0000000 --- a/gitano-admin/rules/trove-project.lace +++ /dev/null @@ -1,29 +0,0 @@ -# _____ -# |_ _| __ _____ _____ -# | || '__/ _ \ \ / / _ \ -# | || | | (_) \ V / __/ -# |_||_| \___/ \_/ \___| -# -# Copyright 2012,2013 Codethink Limited -# -# Rules for ##PREFIX##/... repositories - -# Reading the repository -allow "Project readers may read" op_read project_reader -deny "This repository is not for you" op_read - -# Basic writes to the repo -allow "Project writers may write" op_write project_writer -deny "This repository is not for you" op_write - -# Ref based rules for the repo -deny "Non-personal branches may not be rewound/rebased" op_forcedupdate !ref_is_personal - -## Master -allow "Master may be created" op_createref master_ref -allow "Master may be altered" op_is_update master_ref -deny "Master may not be deleted" op_deleteref master_ref - -## Anything else. -allow "Project writers may alter any refs" op_is_reffy !master_ref project_writer - diff --git a/gitano-admin/users/distbuild/user.conf b/gitano-admin/users/distbuild/user.conf deleted file mode 100644 index 62ac3f5..0000000 --- a/gitano-admin/users/distbuild/user.conf +++ /dev/null @@ -1,2 +0,0 @@ -email_address "distbuild@##TROVE_HOSTNAME##" -real_name "Baserock Distributed Build Service" diff --git a/gitano-admin/users/lorry/user.conf b/gitano-admin/users/lorry/user.conf deleted file mode 100644 index f21fac7..0000000 --- a/gitano-admin/users/lorry/user.conf +++ /dev/null @@ -1,2 +0,0 @@ -email_address "lorry@##TROVE_HOSTNAME##" -real_name "Source Code Lorry Service" diff --git a/gitano-admin/users/mason/user.conf b/gitano-admin/users/mason/user.conf deleted file mode 100644 index 639de4e..0000000 --- a/gitano-admin/users/mason/user.conf +++ /dev/null @@ -1,2 +0,0 @@ -email_address "mason@##TROVE_HOSTNAME##" -real_name "Baserock Continuous Integration Service" diff --git a/share/gitano/skel/gitano-admin/global-hooks/post-receive.lua b/share/gitano/skel/gitano-admin/global-hooks/post-receive.lua new file mode 100644 index 0000000..d1b3864 --- /dev/null +++ b/share/gitano/skel/gitano-admin/global-hooks/post-receive.lua @@ -0,0 +1,105 @@ +-- mason-notify.post-receive.lua +-- +-- Global post-receive hook which notifies Mason of any and all refs updates +-- (except refs/gitano/*) which happen. +-- +-- It notifies Mason *before* passing the updates on to the project hook. +-- +-- Copyright 2012 Codethink Limited +-- +-- This is a part of Trove and re-use is limited to Baserock systems only. +-- + +local project_hook, repo, updates = ... + +local EMPTY_SHA = ("0"):rep(40) + +local masonhost = "##MASON_HOST##:##MASON_PORT##" +local basepath = "/1.0" +local urlbases = { + "git://##TROVE_HOSTNAME##/", + "ssh://git@##TROVE_HOSTNAME##/", +} + +local notify_mason = false + +for ref in pairs(updates) do + if not ref:match("^refs/gitano/") then + notify_mason = true + end +end + +if notify_mason and repo.name ~= "gitano-admin" then + -- Build the report... + local masoninfo, indent_level = {}, 0 + local function _(...) + masoninfo[#masoninfo+1] = (" "):rep(indent_level) .. table.concat({...}) + end + local function indent() + indent_level = indent_level + 1 + end + local function dedent() + indent_level = indent_level - 1 + end + _ "{" indent() + + _ '"urls": [' indent() + + for i = 1, #urlbases do + local comma = (i==#urlbases) and "" or "," + _(("%q,"):format(urlbases[i] .. repo.name)) + _(("%q%s"):format(urlbases[i] .. repo.name .. ".git", comma)) + end + + dedent() _ "]," + + _ '"changes": [' indent() + + local toreport = {} + for ref, info in pairs(updates) do + if not ref:match("^refs/gitano") then + local action + if info.oldsha == EMPTY_SHA then + action = "create" + elseif info.newsha == EMPTY_SHA then + action = "delete" + else + action = "update" + end + toreport[#toreport+1] = { + ('"ref": %q,'):format(ref), + ('"action": %q,'):format(action), + ('"old": %q,'):format(info.oldsha), + ('"new": %q'):format(info.newsha) + } + end + end + for i = 1, #toreport do + local comma = (i==#toreport) and "" or "," + _ "{" indent() + for __, ent in ipairs(toreport[i]) do + _(ent) + end + dedent() _("}", comma) + end + dedent() _ "]" + + dedent() _ "}" + + -- And finalise the JSON object + _("") + masoninfo = table.concat(masoninfo, "\n") + log.state("Notifying Mason of changes...") + + local code, msg, headers, content = + http.post(masonhost, basepath, "application/json", masoninfo) + if code ~= "200" then + log.state("Notification failed somehow") + end + for line in content:gmatch("([^\r\n]*)\r?\n") do + log.state("Mason: " .. line) + end +end + +-- Finally, chain to the project hook +return project_hook(repo, updates) diff --git a/share/gitano/skel/gitano-admin/groups/local-config-admins.conf b/share/gitano/skel/gitano-admin/groups/local-config-admins.conf new file mode 100644 index 0000000..435a297 --- /dev/null +++ b/share/gitano/skel/gitano-admin/groups/local-config-admins.conf @@ -0,0 +1 @@ +description "Users who are permitted to administer the local-config project" diff --git a/share/gitano/skel/gitano-admin/groups/local-config-managers.conf b/share/gitano/skel/gitano-admin/groups/local-config-managers.conf new file mode 100644 index 0000000..711be8f --- /dev/null +++ b/share/gitano/skel/gitano-admin/groups/local-config-managers.conf @@ -0,0 +1,3 @@ +description "Users who are permitted to manage the local-config project" + +subgroups["*"] "local-config-admins" diff --git a/share/gitano/skel/gitano-admin/groups/local-config-readers.conf b/share/gitano/skel/gitano-admin/groups/local-config-readers.conf new file mode 100644 index 0000000..63e6bb3 --- /dev/null +++ b/share/gitano/skel/gitano-admin/groups/local-config-readers.conf @@ -0,0 +1,5 @@ +description "Users who are permitted to read from the local-config project" + +members["*"] "lorry" + +subgroups["*"] "local-config-writers" diff --git a/share/gitano/skel/gitano-admin/groups/local-config-writers.conf b/share/gitano/skel/gitano-admin/groups/local-config-writers.conf new file mode 100644 index 0000000..9bbff24 --- /dev/null +++ b/share/gitano/skel/gitano-admin/groups/local-config-writers.conf @@ -0,0 +1,3 @@ +description "Users who are permitted to write to the local-config project" + +subgroups["*"] "local-config-managers" diff --git a/share/gitano/skel/gitano-admin/groups/trove-admin.conf b/share/gitano/skel/gitano-admin/groups/trove-admin.conf new file mode 100644 index 0000000..e912653 --- /dev/null +++ b/share/gitano/skel/gitano-admin/groups/trove-admin.conf @@ -0,0 +1 @@ +description "Trove-local administration" diff --git a/share/gitano/skel/gitano-admin/groups/workers.conf b/share/gitano/skel/gitano-admin/groups/workers.conf new file mode 100644 index 0000000..5586538 --- /dev/null +++ b/share/gitano/skel/gitano-admin/groups/workers.conf @@ -0,0 +1,4 @@ +description "Workers who have read-access to everything" + +members["*"] "distbuild" +members["*"] "mason" diff --git a/share/gitano/skel/gitano-admin/rules/adminchecks.lace b/share/gitano/skel/gitano-admin/rules/adminchecks.lace new file mode 100644 index 0000000..ffe99a0 --- /dev/null +++ b/share/gitano/skel/gitano-admin/rules/adminchecks.lace @@ -0,0 +1,25 @@ +# _____ +# |_ _| __ _____ _____ +# | || '__/ _ \ \ / / _ \ +# | || | | (_) \ V / __/ +# |_||_| \___/ \_/ \___| +# +# Copyright 2012 Codethink Limited +# +# Core project administration rules + +# Called with ref known to be refs/gitano/admin + +# Administrators already got to do anything, so this is for non-admins + +# Non-admin members may not delete the admin ref +deny "Non-administrators may not delete the admin ref" op_deleteref + +# Otherwise, the project's owner is allowed to alter the admin tree +allow "Project owner may alter the admin ref" is_owner repo_is_personal + +# Project admins may alter admin refs +allow "Project admins may alter the admin ref of project repos" repo_is_local_project project_admin + +# Any other opportunities for altering the admin ref must be provided +# by the project's rules diff --git a/share/gitano/skel/gitano-admin/rules/aschecks.lace b/share/gitano/skel/gitano-admin/rules/aschecks.lace new file mode 100644 index 0000000..fc76440 --- /dev/null +++ b/share/gitano/skel/gitano-admin/rules/aschecks.lace @@ -0,0 +1,30 @@ +# _____ +# |_ _| __ _____ _____ +# | || '__/ _ \ \ / / _ \ +# | || | | (_) \ V / __/ +# |_||_| \___/ \_/ \___| +# +# Copyright 2012 Codethink Limited +# +# Rules for when we're running as another user. + +# Only 'deny' things which are not allowed. If you 'allow' then it will allow +# the actual operation, not just fail to deny the fact that it's 'as' someone +# else. + +define as_is_admin as_group gitano-admin + +# trove-admin members are permitted to run sshkey and whoami on behalf +# of others in order to check users and grant access, providing the target +# user is not part of the gitano-admin group. + +define as_is_trove_admin as_group trove-admin +define as_trove_admin_ok allof as_is_trove_admin !is_admin op_self + +# You are permitted to do things 'as' others if and only if the caller is +# either a member of the administration group, or else meets the above +# requirements. +define as_is_ok anyof as_is_admin as_trove_admin_ok + +# Explicitly deny any impersonation operation which does not meet the above. +deny "You may not run things as another user unless you are an admin" !as_is_ok diff --git a/share/gitano/skel/gitano-admin/rules/core.lace b/share/gitano/skel/gitano-admin/rules/core.lace new file mode 100644 index 0000000..dab7cfb --- /dev/null +++ b/share/gitano/skel/gitano-admin/rules/core.lace @@ -0,0 +1,47 @@ +# _____ +# |_ _| __ _____ _____ +# | || '__/ _ \ \ / / _ \ +# | || | | (_) \ V / __/ +# |_||_| \___/ \_/ \___| +# +# Copyright 2012 Codethink Limited +# +# Core ruleset definitions for Trove. + +default deny "Trove ruleset failed to define result. Access denied." + +include global:defines + +# The users in the administration group (gitano-admin) may do anything +# they choose (providing they're not being impersonated). By default +# Only the user created as part of trove-setup has this level of access. +allow "Administrators can do anything" is_admin !if_asanother + +# Now let's decide if we can use 'as' +include global:aschecks if_asanother + +# Operations which are against 'self' get checked next +include global:selfchecks + +# Administration operations (users, groups) next +include global:siteadmin op_is_admin + +# Site-defined rules for repository creation +include global:createrepo op_createrepo + +# Site-defined rules for repository renaming +include global:renamerepo op_renamerepo + +# Site-defined rules for repository destruction +include global:destroyrepo op_destroyrepo + +# Site-defined rules for project repositories, including admin of them +include global:project + +# Now the project rules themselves +include main + +# If you're running your access control somewhat more openly than most, You can +# now uncomment the following and allow git:// access to *everything* which is +# not the admin repository +# allow "Anonymous access is okay" op_read !is_admin_repo diff --git a/share/gitano/skel/gitano-admin/rules/createrepo.lace b/share/gitano/skel/gitano-admin/rules/createrepo.lace new file mode 100644 index 0000000..bf4683e --- /dev/null +++ b/share/gitano/skel/gitano-admin/rules/createrepo.lace @@ -0,0 +1,23 @@ +# _____ +# |_ _| __ _____ _____ +# | || '__/ _ \ \ / / _ \ +# | || | | (_) \ V / __/ +# |_||_| \___/ \_/ \___| +# +# Copyright 2012 Codethink Limited +# +# Rules related to creating repositories + +# Administrators have already been permitted whatever they like +# so this is for site-wide non-admins. + +##PEOPLE_COMMENT##allow "Personal repo creation is okay" repo_is_personal + +# Allow people in *-admins to create repositories under +allow "Project admins may make project repositories" repo_is_local_project project_admin + +# Allow lorry to create repositories anywhere but the local project root +allow "Lorry may create lorryable repos" is_lorry lorryable_repo + +# Otherwise the default is that non-admins can't create repositories +deny "Repository creation is not permitted." diff --git a/share/gitano/skel/gitano-admin/rules/defines.lace b/share/gitano/skel/gitano-admin/rules/defines.lace new file mode 100644 index 0000000..380948a --- /dev/null +++ b/share/gitano/skel/gitano-admin/rules/defines.lace @@ -0,0 +1,106 @@ +# _____ +# |_ _| __ _____ _____ +# | || '__/ _ \ \ / / _ \ +# | || | | (_) \ V / __/ +# |_||_| \___/ \_/ \___| +# +# Copyright 2012,2013 Codethink Limited +# +# Core definitions for access control + +# Gitano provided definitions first + +# User/group related +define is_admin group gitano-admin +define is_owner owner ${user} +define is_anonymous user gitano/anonymous + +define if_asanother as_user ~. + +# Self-related operations +define op_whoami operation whoami +define op_sshkey operation sshkey +define op_passwd operation passwd +define op_self anyof op_whoami op_sshkey op_passwd + +# Admin-related operations + +## Users +define op_useradd operation useradd +define op_userdel operation userdel +define op_userlist operation userlist +define op_useremail operation useremail +define op_username operation username +define op_user anyof op_userlist op_useradd op_userdel op_useremail op_username + +## Groups +define op_grouplist operation grouplist +define op_groupshow operation groupshow +define op_groupadd operation groupadd +define op_groupdel operation groupdel +define op_groupadduser operation groupadduser +define op_groupdeluser operation groupdeluser +define op_groupaddgroup operation groupaddgroup +define op_groupdelgroup operation groupdelgroup +define op_groupdescription operation groupdescription +define op_group anyof op_grouplist op_groupshow op_groupadd op_groupdel op_groupadduser op_groupdeluser op_groupaddgroup op_groupdelgroup op_groupdescription + +## Aggregation of admin ops +define op_is_admin anyof op_user op_group + +# Primary repository-related operations +define op_read operation read +define op_write operation write +define op_createrepo operation createrepo +define op_renamerepo operation renamerepo +define op_destroyrepo operation destroyrepo + +# Remote configuration operations +define op_config_show operation config_show +define op_config_set operation config_set +define op_config_del operation config_del +define op_is_config anyof op_config_show op_config_set op_config_del + +# Reference update related operations +define op_createref operation createref +define op_deleteref operation deleteref +define op_fastforward operation updaterefff +define op_forcedupdate operation updaterefnonff + +# Combinator operations +define op_is_basic anyof op_read op_write +define op_is_update anyof op_fastforward op_forcedupdate +define op_is_normal anyof op_fastforward op_createref op_deleteref + +# Administration +define is_admin_repo repository gitano-admin +define is_gitano_ref ref ~^refs/gitano/ +define is_admin_ref ref refs/gitano/admin + +# +# +# Trove definitions after here +# +# + +define repo_is_personal repository ~^##ESC_PERSONAL_PREFIX##/${user}/ +define ref_is_personal ref ~^refs/heads/##ESC_PREFIX##/${user}/ +define repo_is_local_project repository ~^##ESC_PREFIX##/[^/]+/ + +define project_reader group ${repository/2}-readers +define project_writer group ${repository/2}-writers +define project_admin group ${repository/2}-admins +define project_manager group ${repository/2}-managers + +define master_ref ref ~^refs/heads/master$ + +define op_is_reffy anyof op_is_normal op_forcedupdate + +define trove_site_admin group trove-admin +define target_group_gitano_admin targetgroup gitano-admin + +define is_lorry user lorry +define is_local_ref ref ~^refs/heads/##ESC_PREFIX##/ +define lorryable_repo allof !repo_is_local_project !repo_is_personal !is_admin_repo + +define is_worker group workers diff --git a/share/gitano/skel/gitano-admin/rules/destroyrepo.lace b/share/gitano/skel/gitano-admin/rules/destroyrepo.lace new file mode 100644 index 0000000..6e6b446 --- /dev/null +++ b/share/gitano/skel/gitano-admin/rules/destroyrepo.lace @@ -0,0 +1,20 @@ +# _____ +# |_ _| __ _____ _____ +# | || '__/ _ \ \ / / _ \ +# | || | | (_) \ V / __/ +# |_||_| \___/ \_/ \___| +# +# Copyright 2012 Codethink Limited +# +# Rules related to the destroying of repositories + +# Owners may destroy personal repositories +allow "You may destroy your own repositories" is_owner repo_is_personal + +# Project admins may destroy repos inside their projects +allow "Project admins may destroy project repos" repo_is_local_project project_admin + +# Allow lorry to destroy repositories anywhere but the local project root +allow "Lorry may destroy lorryable repos" is_lorry lorryable_repo + +deny "You may not destroy repositories you do not own" diff --git a/share/gitano/skel/gitano-admin/rules/other-project.lace b/share/gitano/skel/gitano-admin/rules/other-project.lace new file mode 100644 index 0000000..7bc80cc --- /dev/null +++ b/share/gitano/skel/gitano-admin/rules/other-project.lace @@ -0,0 +1,25 @@ +# _____ +# |_ _| __ _____ _____ +# | || '__/ _ \ \ / / _ \ +# | || | | (_) \ V / __/ +# |_||_| \___/ \_/ \___| +# +# Copyright 2012,2013 Codethink Limited +# +# Rules for any repository not under ##PREFIX## + +# This is, by default, /baserock/ and /delta/ + +# There are two classes of accessors here. Lorry and Others +allow "Anyone may read here" op_read +allow "Anyone may write here" op_write !is_anonymous + +# Lorry can do anything reffy which is not inside the local refs +allow "Lorry may touch everything but refs/heads/##PREFIX##" op_is_reffy is_lorry !is_local_ref + +# Noone can rewind/rebase outside of their personal refs +deny "Non-personal branches may not be rewound/rebased" op_forcedupdate !is_lorry !ref_is_personal + +# Everyone else can do reffy things inside refs/heads/##PREFIX## +allow "Project writers may alter any refs" op_is_reffy !is_lorry is_local_ref + diff --git a/share/gitano/skel/gitano-admin/rules/project.lace b/share/gitano/skel/gitano-admin/rules/project.lace new file mode 100644 index 0000000..aa5e1e2 --- /dev/null +++ b/share/gitano/skel/gitano-admin/rules/project.lace @@ -0,0 +1,38 @@ +# _____ +# |_ _| __ _____ _____ +# | || '__/ _ \ \ / / _ \ +# | || | | (_) \ V / __/ +# |_||_| \___/ \_/ \___| +# +# Copyright 2012 Codethink Limited +# +# Core project administration rules + +# Admins already got allowed, so this is for non-admin users only +allow "Owners can always read and write" op_is_basic is_owner repo_is_personal + +# Any non-gitano-admin repo is readable to the lorry user and the worker group +allow "Lorry may read" op_read is_lorry lorryable_repo +allow "Workers may read" op_read !is_admin_repo is_worker + +# Force /baserock and /delta to always be anon-readable which means git:// will +# work. This is part of the core ruleset for Baserock because /baserock/ and +# /delta/ are always open source. +define is_baserock_repo repository ~^baserock/ +define is_delta_repo repository ~^delta/ +define is_opensource_repo anyof is_baserock_repo is_delta_repo + +allow "Anonymous access always allowed" op_read !is_admin_repo is_opensource_repo + +# Project remote-configuration rules (set-head etc) +include global:remoteconfigchecks op_is_config + +# Okay, if we're altering the admin ref, in we go +include global:adminchecks is_admin_ref + +# Now we're into branch operations. +# Owners of personal repositories can do any reffy operation +allow "Owners can create refs" op_is_reffy is_owner repo_is_personal + +include global:trove-project repo_is_local_project +include global:other-project lorryable_repo diff --git a/share/gitano/skel/gitano-admin/rules/remoteconfigchecks.lace b/share/gitano/skel/gitano-admin/rules/remoteconfigchecks.lace new file mode 100644 index 0000000..6f88f5f --- /dev/null +++ b/share/gitano/skel/gitano-admin/rules/remoteconfigchecks.lace @@ -0,0 +1,20 @@ +# _____ +# |_ _| __ _____ _____ +# | || '__/ _ \ \ / / _ \ +# | || | | (_) \ V / __/ +# |_||_| \___/ \_/ \___| +# +# Copyright 2012 Codethink Limited +# +# Remote config checks + +# Owners may do any remote admin operation they choose +allow "Owners may remote-admin their repositories" is_owner repo_is_personal + +# *-admins may remote-admin their project's repositories +allow "Project admins may admin project repos" repo_is_local_project project_admin + +# lorry may remote-admin lorryable repositories +allow "Lorry may admin lorry repos" is_lorry lorryable_repo + +deny "You may not configure this repository remotely" diff --git a/share/gitano/skel/gitano-admin/rules/renamerepo.lace b/share/gitano/skel/gitano-admin/rules/renamerepo.lace new file mode 100644 index 0000000..e4a51be --- /dev/null +++ b/share/gitano/skel/gitano-admin/rules/renamerepo.lace @@ -0,0 +1,19 @@ +# _____ +# |_ _| __ _____ _____ +# | || '__/ _ \ \ / / _ \ +# | || | | (_) \ V / __/ +# |_||_| \___/ \_/ \___| +# +# Copyright 2012 Codethink Limited +# +# Rules related to renaming repositories + +# Owners may rename their own repositories +allow "Owners may rename repositories" op_renamerepo repo_is_personal is_owner + +# Project admins may rename repos provided they're admin of source *and* target +# Since the rename operation checks 'create' for the target, we can just +# check the source here +allow "Admins may rename project repositories" op_renamerepo repo_is_local_project project_admin + +deny "You may not rename a repository you do not own" diff --git a/share/gitano/skel/gitano-admin/rules/selfchecks.lace b/share/gitano/skel/gitano-admin/rules/selfchecks.lace new file mode 100644 index 0000000..83ef778 --- /dev/null +++ b/share/gitano/skel/gitano-admin/rules/selfchecks.lace @@ -0,0 +1,15 @@ +# _____ +# |_ _| __ _____ _____ +# | || '__/ _ \ \ / / _ \ +# | || | | (_) \ V / __/ +# |_||_| \___/ \_/ \___| +# +# Copyright 2012 Codethink Limited +# +# Checks against self-like operations. + +allow "You may ask who you are" op_whoami + +allow "You may manage your own ssh keys" op_sshkey + +allow "You may change your own password" op_passwd diff --git a/share/gitano/skel/gitano-admin/rules/siteadmin.lace b/share/gitano/skel/gitano-admin/rules/siteadmin.lace new file mode 100644 index 0000000..06c71bb --- /dev/null +++ b/share/gitano/skel/gitano-admin/rules/siteadmin.lace @@ -0,0 +1,32 @@ +# _____ +# |_ _| __ _____ _____ +# | || '__/ _ \ \ / / _ \ +# | || | | (_) \ V / __/ +# |_||_| \___/ \_/ \___| +# +# Copyright 2012 Codethink Limited +# +# Site administration rules + +# You must explicitly allow site administration here for anyone who +# has the rights to do site admin but isn't an administrator. + +# trove_site_admin is a predicate which matches members of the trove-admin +# group (The site-wide user/group administration group which is not the full +# administration group) +allow "Trove Site Admins can manage users" trove_site_admin op_user +allow "Trove Site Admins can manage groups other than gitano-admin" trove_site_admin op_group !target_group_gitano_admin + +# XXX-managers members are permitted to edit XXX-* groups +define trove_may_admin_target_group group ${targetgroup/prefix}-managers +define target_group_has_hyphen targetgroup ~%- +allow "Trove project managers can manage the groups for their projects" op_group target_group_has_hyphen trove_may_admin_target_group + +# Anyone is permitted to look at the people in trove-admin and *-managers +define trove_target_group_is_trove_admin targetgroup trove-admin +define trove_target_group_is_project_managers targetgroup ~^.+-managers$ +define trove_show_target_ok anyof trove_target_group_is_trove_admin trove_target_group_is_project_managers +allow "Anyone may see admin groups" op_groupshow trove_show_target_ok + +# Otherwise we always deny site administration +deny "You may not perform site administration" diff --git a/share/gitano/skel/gitano-admin/rules/trove-project.lace b/share/gitano/skel/gitano-admin/rules/trove-project.lace new file mode 100644 index 0000000..383ba98 --- /dev/null +++ b/share/gitano/skel/gitano-admin/rules/trove-project.lace @@ -0,0 +1,29 @@ +# _____ +# |_ _| __ _____ _____ +# | || '__/ _ \ \ / / _ \ +# | || | | (_) \ V / __/ +# |_||_| \___/ \_/ \___| +# +# Copyright 2012,2013 Codethink Limited +# +# Rules for ##PREFIX##/... repositories + +# Reading the repository +allow "Project readers may read" op_read project_reader +deny "This repository is not for you" op_read + +# Basic writes to the repo +allow "Project writers may write" op_write project_writer +deny "This repository is not for you" op_write + +# Ref based rules for the repo +deny "Non-personal branches may not be rewound/rebased" op_forcedupdate !ref_is_personal + +## Master +allow "Master may be created" op_createref master_ref +allow "Master may be altered" op_is_update master_ref +deny "Master may not be deleted" op_deleteref master_ref + +## Anything else. +allow "Project writers may alter any refs" op_is_reffy !master_ref project_writer + diff --git a/share/gitano/skel/gitano-admin/users/distbuild/user.conf b/share/gitano/skel/gitano-admin/users/distbuild/user.conf new file mode 100644 index 0000000..62ac3f5 --- /dev/null +++ b/share/gitano/skel/gitano-admin/users/distbuild/user.conf @@ -0,0 +1,2 @@ +email_address "distbuild@##TROVE_HOSTNAME##" +real_name "Baserock Distributed Build Service" diff --git a/share/gitano/skel/gitano-admin/users/lorry/user.conf b/share/gitano/skel/gitano-admin/users/lorry/user.conf new file mode 100644 index 0000000..f21fac7 --- /dev/null +++ b/share/gitano/skel/gitano-admin/users/lorry/user.conf @@ -0,0 +1,2 @@ +email_address "lorry@##TROVE_HOSTNAME##" +real_name "Source Code Lorry Service" diff --git a/share/gitano/skel/gitano-admin/users/mason/user.conf b/share/gitano/skel/gitano-admin/users/mason/user.conf new file mode 100644 index 0000000..639de4e --- /dev/null +++ b/share/gitano/skel/gitano-admin/users/mason/user.conf @@ -0,0 +1,2 @@ +email_address "mason@##TROVE_HOSTNAME##" +real_name "Baserock Continuous Integration Service" -- cgit v1.2.1