Reorganizing docs as recommended in:
https://www.divio.com/blog/documentation/
This is simply a reorganization of the existing documents and changes
no content EXCEPT to correct the location of sphinx doc references.
Expect followup changes to change document names (to reflect the new
structure) and to move content from existing guides (e.g., to move the
pipeline/project/job structure definitions out of the "Project Configuration"
reference guide into their own reference documents for easier locatability).
All documents are now located in either the "overview", "tutorials",
"discussions", or "references" subdirectories to reflect the new structure
presented to the user. Code examples and images are moved to "examples" and
"images" root-level directories.
Developer specific documents are located in the "references/developer"
directory.
Change-Id: I538ffd7409941c53bf42fe64b7acbc146023c1e3
Allow operators to define complex rules either using the flattened JSONPath syntax,
or the more YAML-friendly nested dicts.
Change-Id: Iabf65313e114dcb15788844a1f0095ae52567275
Move this setting to the end so that the most important required
settings are listed first, and the reader can follow directly
into the admin-rules section.
Also, change the link title from "this section" to the actual
section name.
Change-Id: Ibaffe2a6f8cbc7654e1aaf603f44720b1d062e75
This adds a tenant option to use the Zuul web build page as the
URL reported to the code review system when a build completes.
The setting is per-tenant (because it requires that the tenant
have a working SQL reporter configured in all pipelines) and
defaults to false, since we can't guarantee that. In the future,
we expect to make SQL reporting implicit, then this can default
to true and eventually be deprecated.
A new zuul.conf option is added and marked required to supply
the root web URL. As we perform further integration with the web
app, we may be able to deprecate other similar settings, such
as "status_url".
Change-Id: Iaa3be10525994722d020d2aa5a7dcf141f2404d9
Add an "authorize_user" RPC call allowing to test a set of claims
against the rules of a given tenant. Make zuul-web use this call
to authorize access to tenant-scoped privileged actions.
Change-Id: I50575f25b6db06f56b231bb47f8ad675febb9d82
This is intended to address the case of the zuul-jobs repo, where
it would be convenient to include a project definition and job
definitions which test the roles in the zuul-jobs repo. However,
we want the repo te be consumable by anyone, which means we can
not encode nodesets or required-projects in any jobs which may
be loaded by another Zuul.
To address this, this commit adds a feature which will allow us
to put those job and project definitions in a separate file or
directory which will not be loaded by default. But in the Zuul
tenant of the OpenDev Zuul installation, we will configure the
system to load this secondary configuration location, so the
self-test jobs will be available.
Change-Id: Ic205d1f93f583514757a100471c47688d6641c53
Currently the default ansible version is selected by the version of
zuul itself. However we want to make this configurable per deployment
(zuul.conf), tenant and job.
Change-Id: Iccbb124ac7f7a8260c730fbc109ccfc1dec09f8b
This changes adds new tenant settings to limit the connection a tenant can
use to trigger from or report to.
Change-Id: I1793ec9c8a249b3a1ce90868086421c8d349d7aa
This patch adds a new option for the scheduler "tenant_config_script".
When this option is set and target an executable script then the script
is executed and its stdout is taken as the tenant config. This new
option is excluse with "tenant_config". When set, "tenant_config"
is ignored.
The goal is to be able to fetch tenant configuration from
an external source whatever the type of the source as
the logic is handled in a script.
Change-Id: Ic8234dfcdf1f07f824542c4a2ebf99fe8ff19fd5
This patch aims to cover an undocumented tenant configuration
that is the projects group. In configloader.py:TenantParser._getProjects
a project group definition is allowed. A config-projects or
untrusted-projects list could be composed of dictionnaries
with a projects attribute and at least an include or exclude
attribute.
Change-Id: Ia3ca58b4186ee21fed1edd42ecf09ac4355008cc
The extra column was causing sub-items to render as:
"tenant.untrusted-projects.<project>:.include".
Change-Id: Ica71a4638a654d6ac140a83ec3bb4a52ca6d5242
Also change the word to Configuration Item since that's what it's called
in config.rst and in error messages. Leave TenantParser use of classes.
Change-Id: I1844665a4f6dd63d517cab68049fae6ed7fcca68
When using a branch and pull model on a shared repository there are
usually one or more protected branches which are gated and a dynamic
number of temporary personal/feature branches which are the source for
the pull requests. These temporary branches while ungated can
potentially include broken zuul config and therefore break the global
tenant wide configuration.
In order to deal with this model add support for excluding unprotected
branches. This can be configured on tenant level and overridden per
project.
Change-Id: I8a45fd41539a3c964a84142f04c1644585c0fdcf
Refresh the user and admin guide for v3 changes, and reorganize into
a narrative structure which makes more sense for v3.
Change-Id: I4ac3b18d5ed33b0fea4e2ef0318b19bfc3447ccc