diff options
author | David Ostrovsky <david@ostrovsky.org> | 2018-09-18 07:52:51 +0200 |
---|---|---|
committer | David Ostrovsky <david@ostrovsky.org> | 2018-09-21 08:39:07 +0200 |
commit | 1c6ff2e7245034dfad6754ee5313a699a2e555ac (patch) | |
tree | f1d3262074739b0cabdb4a4e5c7a2263c7a0fc47 | |
parent | d64425d0015df6f403b616d543bf0672be559bbe (diff) |
CreateProject: Provide signed push option on project creation
Also add acceptance test that non-signed push to project that required
signed push is rejected.
Bug: Issue 7750
Change-Id: I28fa94ad08fb7f21e1af37c251e64421d2e443c2
7 files changed, 33 insertions, 0 deletions
diff --git a/Documentation/rest-api-projects.txt b/Documentation/rest-api-projects.txt index 1c54a7f78d..5a5d42b9d7 100644 --- a/Documentation/rest-api-projects.txt +++ b/Documentation/rest-api-projects.txt @@ -3187,6 +3187,12 @@ Whether content merge should be enabled for the project (`TRUE`, |`require_change_id` |`INHERIT` if not set| Whether the usage of Change-Ids is required for the project (`TRUE`, `FALSE`, `INHERIT`). +|`enable_signed_push` |`INHERIT` if not set| +Whether signed push validation is enabled on the project (`TRUE`, +`FALSE`, `INHERIT`). +|`require_signed_push` |`INHERIT` if not set| +Whether signed push validation is required on the project (`TRUE`, +`FALSE`, `INHERIT`). |`max_object_size_limit` |optional| Max allowed Git object size for this project. Common unit suffixes of 'k', 'm', or 'g' are supported. diff --git a/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/AbstractDaemonTest.java b/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/AbstractDaemonTest.java index 1c99d1fc90..9e4595351e 100644 --- a/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/AbstractDaemonTest.java +++ b/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/AbstractDaemonTest.java @@ -402,6 +402,8 @@ public abstract class AbstractDaemonTest { in.useContentMerge = ann.useContributorAgreements(); in.useSignedOffBy = ann.useSignedOffBy(); in.useContentMerge = ann.useContentMerge(); + in.enableSignedPush = ann.enableSignedPush(); + in.requireSignedPush = ann.requireSignedPush(); } else { // Defaults should match TestProjectConfig, omitting nullable values. in.createEmptyCommit = true; diff --git a/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/TestProjectInput.java b/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/TestProjectInput.java index 739d4f5f93..86f3c03f09 100644 --- a/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/TestProjectInput.java +++ b/gerrit-acceptance-framework/src/test/java/com/google/gerrit/acceptance/TestProjectInput.java @@ -45,6 +45,10 @@ public @interface TestProjectInput { InheritableBoolean requireChangeId() default InheritableBoolean.INHERIT; + InheritableBoolean enableSignedPush() default InheritableBoolean.INHERIT; + + InheritableBoolean requireSignedPush() default InheritableBoolean.INHERIT; + // Fields specific to acceptance test behavior. /** Username to use for initial clone, passed to {@link AccountCreator}. */ diff --git a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/git/AbstractPushForReview.java b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/git/AbstractPushForReview.java index cf80cd59ce..39f09a85c4 100644 --- a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/git/AbstractPushForReview.java +++ b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/git/AbstractPushForReview.java @@ -197,6 +197,15 @@ public abstract class AbstractPushForReview extends AbstractDaemonTest { } @Test + @GerritConfig(name = "receive.enableSignedPush", value = "true") + @TestProjectInput( + enableSignedPush = InheritableBoolean.TRUE, + requireSignedPush = InheritableBoolean.TRUE) + public void nonSignedPushRejectedWhenSignPushRequired() throws Exception { + pushTo("refs/for/master").assertErrorStatus("push cert error"); + } + + @Test public void pushInitialCommitForRefsMetaConfigBranch() throws Exception { // delete refs/meta/config try (Repository repo = repoManager.openRepository(project); diff --git a/gerrit-extension-api/src/main/java/com/google/gerrit/extensions/api/projects/ProjectInput.java b/gerrit-extension-api/src/main/java/com/google/gerrit/extensions/api/projects/ProjectInput.java index 612c49ca22..2adb2ddea1 100644 --- a/gerrit-extension-api/src/main/java/com/google/gerrit/extensions/api/projects/ProjectInput.java +++ b/gerrit-extension-api/src/main/java/com/google/gerrit/extensions/api/projects/ProjectInput.java @@ -33,6 +33,8 @@ public class ProjectInput { public InheritableBoolean useContentMerge; public InheritableBoolean requireChangeId; public InheritableBoolean createNewChangeForAllNotInTarget; + public InheritableBoolean enableSignedPush; + public InheritableBoolean requireSignedPush; public String maxObjectSizeLimit; public Map<String, Map<String, ConfigValue>> pluginConfigValues; } diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/CreateProject.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/CreateProject.java index 9b355f1921..bd8f11e3f9 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/project/CreateProject.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/CreateProject.java @@ -186,6 +186,10 @@ public class CreateProject implements RestModifyView<TopLevelResource, ProjectIn input.createNewChangeForAllNotInTarget, InheritableBoolean.INHERIT); args.changeIdRequired = MoreObjects.firstNonNull(input.requireChangeId, InheritableBoolean.INHERIT); + args.enableSignedPush = + MoreObjects.firstNonNull(input.enableSignedPush, InheritableBoolean.INHERIT); + args.requireSignedPush = + MoreObjects.firstNonNull(input.requireSignedPush, InheritableBoolean.INHERIT); try { args.maxObjectSizeLimit = ProjectConfig.validMaxObjectSizeLimit(input.maxObjectSizeLimit); } catch (ConfigInvalidException e) { @@ -269,6 +273,8 @@ public class CreateProject implements RestModifyView<TopLevelResource, ProjectIn newProject.setCreateNewChangeForAllNotInTarget(args.newChangeForAllNotInTarget); newProject.setRequireChangeID(args.changeIdRequired); newProject.setMaxObjectSizeLimit(args.maxObjectSizeLimit); + newProject.setEnableSignedPush(args.enableSignedPush); + newProject.setRequireSignedPush(args.requireSignedPush); if (args.newParent != null) { newProject.setParentName(args.newParent); } diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/CreateProjectArgs.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/CreateProjectArgs.java index b98ffc2f06..01f456e655 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/project/CreateProjectArgs.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/CreateProjectArgs.java @@ -34,6 +34,8 @@ public class CreateProjectArgs { public InheritableBoolean contentMerge; public InheritableBoolean newChangeForAllNotInTarget; public InheritableBoolean changeIdRequired; + public InheritableBoolean enableSignedPush; + public InheritableBoolean requireSignedPush; public boolean createEmptyCommit; public String maxObjectSizeLimit; @@ -43,6 +45,8 @@ public class CreateProjectArgs { contentMerge = InheritableBoolean.INHERIT; changeIdRequired = InheritableBoolean.INHERIT; newChangeForAllNotInTarget = InheritableBoolean.INHERIT; + enableSignedPush = InheritableBoolean.INHERIT; + requireSignedPush = InheritableBoolean.INHERIT; submitType = SubmitType.MERGE_IF_NECESSARY; } |