diff options
| author | Patrick Uiterwijk <patrick@puiterwijk.org> | 2017-08-11 17:41:27 +0200 |
|---|---|---|
| committer | Patrick Uiterwijk <patrick@puiterwijk.org> | 2017-08-11 17:41:36 +0200 |
| commit | 3ba5349bef708a16c61d48fd34fe0a57bec2c016 (patch) | |
| tree | 68dd9e69eeb8db5cdcbf87da9b7cb5a5ed418668 | |
| parent | 1ed3eb4fee9d30119adc582521167cf41fbadbec (diff) | |
| download | ansible-3ba5349bef708a16c61d48fd34fe0a57bec2c016.tar.gz ansible-3ba5349bef708a16c61d48fd34fe0a57bec2c016.tar.xz ansible-3ba5349bef708a16c61d48fd34fe0a57bec2c016.zip | |
Introduce koji policies for the -stg infra tags
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
| -rw-r--r-- | roles/koji_hub/templates/hub.conf.j2 | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2 index fb512826f..708f32d49 100644 --- a/roles/koji_hub/templates/hub.conf.j2 +++ b/roles/koji_hub/templates/hub.conf.j2 @@ -114,6 +114,14 @@ tag = has_perm autosign && fromtag *-pending && package kernel shim grub2 fedora-release fedora-repos pesign :: allow has_perm secure-boot && package kernel shim grub2 fedora-release fedora-repos pesign :: allow package kernel shim grub2 fedora-release fedora-repos pesign :: deny +# Allow people to tag stuff into infra-candidate if they're infra + tag *-infra-candidate && has_perm infra :: allow + tag *-infra-candidate :: deny +# Allow people from infra to promote builds from -infra-stg to -infra tags + tag *-infra && fromtag *-infra-stg && has_perm infra :: allow +# These two rules makes sure people can't build srpms in infra tags and tag them into distribution tags + tag *infra* && fromtag *infra* && has_perm infra :: allow + fromtag *infra* :: deny all :: allow channel = |