Commit 1486add7 authored by Brennen Bearnes's avatar Brennen Bearnes
Browse files

configure-projects: disable container registries by default

This is a temporary restriction to limit resource usage while we
experiment with enabling the container registry on the instance as a whole.
It can probably be lifted once we have sufficient disk space or a backing
store external to the production omnibus installation.

Self-merging as reflective of current production state.

Bug: T307537
parent 6079f24e
......@@ -8,6 +8,7 @@
import time
import gitlab
import pprint
from gitlab_settings.util import get_token
......@@ -36,32 +37,52 @@ issue_wiki_allowlist = [
"repos/research/",
]
registry_allowlist = [
"repos/releng/",
]
for project in get_projects():
project_path = project.path_with_namespace
changed = False
allow = False
allow_iw = False
for prefix in issue_wiki_allowlist:
if project_path.startswith(prefix):
allow = True
allow_iw = True
# Issues
if project.issues_access_level != 'disabled':
if allow:
if allow_iw:
print(project_path, '- temporarily allowing issues')
else:
project.issues_access_level = 'disabled'
print(project_path, '- disabling issue access')
changed = True
# Wikis
if project.wiki_access_level != 'disabled':
if allow:
if allow_iw:
print(project_path, '- temporarily allowing wikis')
else:
print(project_path, '- disabling wiki access')
project.wiki_access_level = 'disabled'
changed = True
# Container registry
allow_registry = False
for prefix in registry_allowlist:
if project_path.startswith(prefix):
allow_registry = True
if project.container_registry_access_level == 'enabled':
if allow_registry:
print(project_path, '- temporarily allowing container registry')
else:
project.container_registry_access_level = 'disabled'
print(project_path, '- disabling container registry')
changed = True
# TODO:
#
# CI/CD access - this needs rethinking, or per-project configuration decisions,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment