in gen.py [0:0]
def write_dist(self, output):
content = [
DIST_PREAMBLE.format(
now=time.ctime(),
SVN_ADMINS=SVN_ADMINS,
),
]
# Fetch the list of projects. They are described by the CN
# values within the PROJECTS schema in LDAP.
projects = self.client.get_all_cn(self.QUERY_PMC[0])
print('LEN:', len(projects))
print('RV:', projects)
### not sure what these are, but the old code did this.
SKIP_PROJECTS = { 'incubator', 'tac', 'diversity', 'security', }
# Define each of the authz groups: committers, and PMC members.
# For some reasons, incubator is moved to the end. ??
for p in sorted(projects - SKIP_PROJECTS) + ['incubator',]:
committers = self.group_members(p)
pmc = self.group_members(p+'-pmc')
content.append(f'{p}={",".join(sorted(committers))}')
content.append(f'{p}-pmc={",".join(sorted(pmc))}')
# Construct ACLs for all the projects.
for p in sorted(projects - SKIP_PROJECTS):
content.extend([
'',
'',
f'# {p}',
'',
f'[/dev/{p}]',
f'@{p}-pmc = rw',
f'@{p} = rw',
f'svc_dist_{p} = rw' if p in CI_MAY_STAGE else '', # svc_dist_foo may stage to /dev/foo if set up
'',
f'[/release/{p}]',
f'@{p}-pmc = rw',
])
# Some projects allow committers to make releases.
if p in COMMITTERS_MAY_RELEASE:
content.append(f'@{p} = rw')
# Podling role accounts would normally require incubator r/w, but we will carve out special perms here
if p in CI_MAY_STAGE:
content.extend([
'',
'# project role accounts also extend to /dev/incubator/$project',
f'[/dev/incubator/{p}]',
f'svc_dist_{p} = rw',
])
content.append(DIST_EPILOGUE)
atomic_write(output, '\n'.join(content))