Page MenuHomePhabricator
Create Task
Maniphest T75303

Restrict 'integration' Gerrit group
Closed, ResolvedPublic
Actions

Description

From a mail Timo sent me and I have missed:

Can we remove the inclusion of ldap/wmf group in 'integration'?

https://gerrit.wikimedia.org/r/#/admin/groups/10,members

In places where we want all of wmf to have access, we can manually include it as second group in permissions. For example, on https://gerrit.wikimedia.org/r/#/admin/projects/integration,access integration and ldap/wmf are both listed.

But for "Submit" I'd like to restrict e.g. integration/jenkins-job-builder-config to integration members. To avoid a mess like on https://gerrit.wikimedia.org/r/#/c/156193/

— Timo

Version: wmf-deployment
Severity: enhancement

Details

Reference
bz73303

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 3:51 AM
bzimport added a project: Continuous-Integration-Infrastructure.
bzimport set Reference to bz73303.
hashar created this task.Nov 12 2014, 10:55 AM
hashar added a comment.Nov 12 2014, 10:58 AM

I agree integration/config.git submit right should only be granted to people having the ability to deploy Zuul configuration changes on the cluster. Though we can also work on having the Zuul config deployed by the Jenkins job itself (scary).

hashar moved this task from Untriaged to Done on the Continuous-Integration-Infrastructure board.Feb 28 2015, 2:17 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL