Yuvipanda has submitted this change and it was merged.

Change subject: puppetmaster: Allow enabling cherrypicks
......................................................................


puppetmaster: Allow enabling cherrypicks

For use as per-project puppetmaster on labs, we want to
allow people to enable cherrypicking on top of it

Change-Id: I9ae072ef16591423104d6ae2f2243b044218fb00
---
M modules/puppetmaster/manifests/gitclone.pp
M modules/puppetmaster/manifests/init.pp
2 files changed, 19 insertions(+), 2 deletions(-)

Approvals:
  Yuvipanda: Verified; Looks good to me, approved



diff --git a/modules/puppetmaster/manifests/gitclone.pp 
b/modules/puppetmaster/manifests/gitclone.pp
index 2929ba1..f551298 100644
--- a/modules/puppetmaster/manifests/gitclone.pp
+++ b/modules/puppetmaster/manifests/gitclone.pp
@@ -10,9 +10,12 @@
 # [*is_git_master*]
 # If True, the git private repository here will be considered a master.
 #
+# [*prevent_cherrypicks*]
+# If true, setup git hooks to prevent manual modification of the git repos.
 class puppetmaster::gitclone(
     $secure_private = true,
     $is_git_master = false,
+    $prevent_cherrypicks = true,
 ){
     $servers = hiera('puppetmaster::servers', {})
 
@@ -21,28 +24,38 @@
         gitowner => 'gitpuppet'
     }
 
+    if $prevent_cherrypicks {
+        $cherrypick_hook_ensure = present
+    } else {
+        $cherrypick_hook_ensure = absent
+    }
+
     file {
         "${puppetmaster::gitdir}/operations/puppet/.git/hooks/post-merge":
             ensure  => absent;
         "${puppetmaster::gitdir}/operations/puppet/.git/hooks/pre-commit":
+            ensure  => $cherrypick_hook_ensure,
             require => Git::Clone['operations/puppet'],
             owner   => 'gitpuppet',
             group   => 'gitpuppet',
             source  => 'puppet:///modules/puppetmaster/git/pre-commit',
             mode    => '0550';
         "${puppetmaster::gitdir}/operations/puppet/.git/hooks/pre-merge":
+            ensure  => $cherrypick_hook_ensure,
             require => Git::Clone['operations/puppet'],
             owner   => 'gitpuppet',
             group   => 'gitpuppet',
             source  => 'puppet:///modules/puppetmaster/git/pre-merge',
             mode    => '0550';
         "${puppetmaster::gitdir}/operations/puppet/.git/hooks/pre-rebase":
+            ensure  => $cherrypick_hook_ensure,
             require => Git::Clone['operations/puppet'],
             owner   => 'gitpuppet',
             group   => 'gitpuppet',
             source  => 'puppet:///modules/puppetmaster/git/pre-rebase',
             mode    => '0550';
         "${puppetmaster::gitdir}/operations/software/.git/hooks/pre-commit":
+            ensure  => $cherrypick_hook_ensure,
             require => Git::Clone['operations/software'],
             owner   => 'gitpuppet',
             group   => 'gitpuppet',
diff --git a/modules/puppetmaster/manifests/init.pp 
b/modules/puppetmaster/manifests/init.pp
index 6525d9a..e055cdb 100644
--- a/modules/puppetmaster/manifests/init.pp
+++ b/modules/puppetmaster/manifests/init.pp
@@ -29,6 +29,8 @@
 #        Otherwise, /etc/puppet/private will be labs/private.git.
 #    - $extra_auth_rules:
 #        String - extra authentication rules to add before the default policy.
+#    - $prevent_cherrypicks:
+#        Bool - use git hooks to prevent cherry picking on top of the git repo
 
 class puppetmaster(
     $server_name='puppet',
@@ -50,6 +52,7 @@
     $secure_private=true,
     $extra_auth_rules='',
     $include_conftool=true,
+    $prevent_cherrypicks=true,
 ){
 
     $gitdir = '/var/lib/git'
@@ -142,8 +145,9 @@
     }
 
     class { 'puppetmaster::gitclone':
-        secure_private => $secure_private,
-        is_git_master  => $is_git_master,
+        secure_private      => $secure_private,
+        is_git_master       => $is_git_master,
+        prevent_cherrypicks => $prevent_cherrypicks,
     }
 
     include puppetmaster::scripts

-- 
To view, visit https://gerrit.wikimedia.org/r/312287
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I9ae072ef16591423104d6ae2f2243b044218fb00
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org>
Gerrit-Reviewer: Yuvipanda <yuvipa...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to