1. 계정 생성
$ sudo htpasswd /opt/gerrit/etc/passwords "pl_user"
$ sudo htpasswd /opt/gerrit/etc/passwords "user"먼저 "pl_user", "user" 계정을 생성한다.
2. Group 생성 및 설정
administrator 계정으로 로그인하여 BROWSE -> Groups -> Creadte New -> Project Leaders 그룹을 생성한다.
Members 클릭하여 "pl_user" 계정을 Project Leaders 그룹에 추가한다.
위와 같이 "user" 계정은 Service Users 그룹에 추가해 준다.
계정이 등록되어 있으면 위와 같이 자동완성처럼 나온다 만약 나오지 않는다면 계정으로 최초 로그인 후에 다시 확인한다.
root : Administrators
pl_user : Project Leaders
user : Service Users
2. 권한 설정
BROWSE -> All_Projects -> Access에서 권한 설정을 할 수있다. 프로젝트 권한에 대한 Configure은 모두
project.config 파일로 저장되어 있다. project.config를 보면서 간략하게 정리해 보겠다.
[project]
description = Access inherited by all other projects.
[receive]
requireContributorAgreement = false
requireSignedOffBy = false
requireChangeId = true
enableSignedPush = false
[submit]
mergeContent = true
[access "refs/*"]
read = group Administrators
[access "refs/for/*"]
addPatchSet = group Registered Users
[access "refs/for/refs/*"]
push = group Registered Users
pushMerge = group Registered Users
[access "refs/heads/*"]
create = group Administrators
# create = group Project Leaders 그룹 생성 권한
create = group Project Owners
editTopicName = +force group Administrators
# editTopicName = +force group Project Leaders 코드리뷰중 Topic 수정 가능
editTopicName = +force group Project Owners
forgeAuthor = group Registered Users
forgeCommitter = group Administrators
# forgeCommitter = group Project Leaders
forgeCommitter = group Project Owners
# forgeCommitter = group Registered Users
# forgeCommitter = group Service Users
label-Code-Review = -2..+2 group Administrators
label-Code-Review = -2..+2 group Project Owners
# label-Code-Review = -2..+2 group Registered Users "user" 점수 범위 수정
push = group Administrators
push = group Project Owners
read = group Anonymous Users
revert = group Registered Users
submit = group Administrators
# submit = group Project Leaders 코드리뷰후 submit 권한 부여
submit = group Project Owners
# delete = group Project Leaders 프로젝트 삭제 권한
# label-Verified = -1..+1 group Administrators 코드리뷰 Verified 권한 부여
# label-Verified = -1..+1 group Project Leaders
[access "refs/meta/config"]
exclusiveGroupPermissions = read
create = group Administrators
create = group Project Owners
label-Code-Review = -2..+2 group Administrators
label-Code-Review = -2..+2 group Project Owners
push = group Administrators
push = group Project Owners
read = group Administrators
# read = group Project Leaders project -> browse -> 저장소 보는 권한
read = group Project Owners
submit = group Administrators
submit = group Project Owners
[access "refs/meta/version"]
read = group Anonymous Users
[access "refs/tags/*"]
create = group Administrators
# create = group Project Leaders 테그 관련 권한 부여
create = group Project Owners
# create = group Service Users
createSignedTag = group Administrators
# createSignedTag = group Project Leaders
createSignedTag = group Project Owners
# createSignedTag = group Service Users
createTag = group Administrators
# createTag = group Project Leaders
createTag = group Project Owners
# createTag = group Service Users
label-Verified = -1..+1 group Project Leaders
[label "Code-Review"]
function = MaxWithBlock
defaultValue = 0
copyMinScore = true
copyAllScoresOnTrivialRebase = true
value = -2 This shall not be merged
value = -1 I would prefer this is not merged as is
value = 0 No score
value = +1 Looks good to me, but someone else must approve
value = +2 Looks good to me, approved
[label "Verified"]
function = MaxWithBlock
value = -1 Fails
value = 0 No score
value = +1 Verified
copyAllScoresIfNoCodeChange = true
defaultValue = 0
[capability]
administrateServer = group Administrators
priority = batch group Service Users
streamEvents = group Service Users주석처리된 부분이 Gerrit 설치 후 추가된 부분이다.
[label "Verified"] 같은 경우 gerrit 설치할 때, Install Verified label [y/N]? y 부분으로 생성되었다.
★★ git push-for-review error =>>> and you lack 'forge committer' permission.
■ Reference: refs/heads/* -> Forge Committer Identity 추가
■ Reference: refs/meta/config -> Read -> web browse 보기 기능
■merged 된거 들어가면 revert 있음. revert 하면 open에 생성됨.
■ 테그 생성
Reference: refs/tags/* -> Create Reference => 생성은 되지만 delete 안됨
Reference: refs/tags/* -> delete Reference => administrator은 자동으로 됨 (pl_users 추가) -> 테그 삭제 기능
Reference: refs/heads/* -> delete Reference => 브랜치 삭제 기능
■Global Capabilities -> create Project -> pl_users
■그냥 git push 는 administrator 만 가능. 코드리뷰에 뜨지 않음.
권한설정 참고 :
https://www.epicycle.info/2016/11/03/gerrit-acl.html
https://gerrit-review.googlesource.com/Documentation/access-control.html
Gerrit Code Review - Access Controls
LDAP groups are Account Groups that are maintained inside of your LDAP instance. If you are using LDAP to manage your groups they will not appear in the Groups list. However you can use them just like regular Account Groups by prefixing your group with "ld
gerrit-review.googlesource.com
아래에 적용된 소스입니다.
[project]
description = Access inherited by all other projects.
[receive]
requireContributorAgreement = false
requireSignedOffBy = false
requireChangeId = true
enableSignedPush = false
[submit]
mergeContent = true
[access "refs/*"]
read = group Administrators
[access "refs/for/*"]
addPatchSet = group Registered Users
[access "refs/for/refs/*"]
push = group Registered Users
pushMerge = group Registered Users
[access "refs/heads/*"]
create = group Administrators
create = group Project Leaders
create = group Project Owners
editTopicName = +force group Administrators
editTopicName = +force group Project Leaders
editTopicName = +force group Project Owners
forgeAuthor = group Registered Users
forgeCommitter = group Administrators
forgeCommitter = group Project Leaders
forgeCommitter = group Project Owners
forgeCommitter = group Registered Users
forgeCommitter = group Service Users
label-Code-Review = -2..+2 group Administrators
label-Code-Review = -2..+2 group Project Owners
label-Code-Review = -2..+2 group Registered Users
push = group Administrators
push = group Project Owners
read = group Anonymous Users
revert = group Registered Users
submit = group Administrators
submit = group Project Leaders
submit = group Project Owners
delete = group Project Leaders
label-Verified = -1..+1 group Administrators
label-Verified = -1..+1 group Project Leaders
[access "refs/meta/config"]
exclusiveGroupPermissions = read
create = group Administrators
create = group Project Owners
label-Code-Review = -2..+2 group Administrators
label-Code-Review = -2..+2 group Project Owners
push = group Administrators
push = group Project Owners
read = group Administrators
read = group Project Leaders
read = group Project Owners
submit = group Administrators
submit = group Project Owners
[access "refs/meta/version"]
read = group Anonymous Users
[access "refs/tags/*"]
create = group Administrators
create = group Project Leaders
create = group Project Owners
create = group Service Users
createSignedTag = group Administrators
createSignedTag = group Project Leaders
createSignedTag = group Project Owners
createSignedTag = group Service Users
createTag = group Administrators
createTag = group Project Leaders
createTag = group Project Owners
createTag = group Service Users
label-Verified = -1..+1 group Project Leaders
[label "Code-Review"]
function = MaxWithBlock
defaultValue = 0
copyMinScore = true
copyAllScoresOnTrivialRebase = true
value = -2 This shall not be merged
value = -1 I would prefer this is not merged as is
value = 0 No score
value = +1 Looks good to me, but someone else must approve
value = +2 Looks good to me, approved
[label "Verified"]
function = MaxWithBlock
value = -1 Fails
value = 0 No score
value = +1 Verified
copyAllScoresIfNoCodeChange = true
defaultValue = 0
[capability]
administrateServer = group Administrators
priority = batch group Service Users
streamEvents = group Service Users
Project.config를 git clone하여 수정하여 사용가능하다.
https://stackoverflow.com/questions/22229536/edit-project-config-in-a-gerrit-project
https://monkeycow.tistory.com/29
'Gerrit' 카테고리의 다른 글
| Gerrit Porject 생성 및 Push (1) | 2021.12.05 |
|---|---|
| Gerrit 설치 (0) | 2021.12.02 |