www-infrastructure-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Joseph Davis (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (INFRA-3160) Hook: Authorization
Date Sat, 24 Sep 2011 23:00:26 GMT

     [ https://issues.apache.org/jira/browse/INFRA-3160?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Paul Joseph Davis resolved INFRA-3160.
--------------------------------------

    Resolution: Fixed

Since this ticket was created infra has been moving more towards using LDAP directly. Previous
versions of the auth code have used the same asf-authorization file that SVN uses. Currently
Git just queries LDAP directly to get the list of authorized committers for a given project.
For auth of users not in LDAP (global git admins, build bots, etc) there's a static file that
can be used to add in user names. The relevant code is here:

https://git-wip-us.apache.org/repos/infra/asfgit-admin/blob/master/asfgit/auth.py

> Hook: Authorization
> -------------------
>
>                 Key: INFRA-3160
>                 URL: https://issues.apache.org/jira/browse/INFRA-3160
>             Project: Infrastructure
>          Issue Type: New Feature
>      Security Level: public(Regular issues) 
>          Components: Git
>            Reporter: Paul Querna
>            Priority: Trivial
>         Attachments: pre-receive
>
>
> Task: Using a pre-receive hook, restrict the user to only write to a repository that
they have group write access to.
> Groups are defined in LDAP, but we generally use a static file that is updated after
ldap automatically, and it has been suggested that we re-use the svn authz file.
> If not using svn authz file format, write a script that exports to a file format usable
by the hook, in addition to the hook script itself.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message