Commit 85444f0f authored by Brennen Bearnes's avatar Brennen Bearnes
Browse files

configure-projects: set build_access_level to private

I was going through policy stuff here:

https://www.mediawiki.org/wiki/GitLab/Policy#Permissions

...and noticed we'd written this:

> The "Pipelines" setting in public namespaced projects should be
> set to "Only Project Members". This ensures that only project
> members with Reporter privileges are able to run tests on a
> particular project.

I believe that's what's now under Project -> Settings -> Visibility,
project features, permissions -> CI/CD.  I'm not _totally_ sure what
effect this has, so I guess we'll need to experiment here, and may want
to make it optional on a per-project basis.

This also makes the project settings updates only do a single write per
changed project.

The project configuration stuff should be rolled into the `settings` CLI
elsewhere in this repo, but I'll save that for a later MR.
parent 0c7ce0fe
...@@ -26,18 +26,51 @@ def get_projects(): ...@@ -26,18 +26,51 @@ def get_projects():
return server.projects.list(all=True, as_list=False) return server.projects.list(all=True, as_list=False)
for project in get_projects(): for project in get_projects():
print(f'{project.name} - {project.id}')
changed = False
if project.issues_access_level != 'disabled': if project.issues_access_level != 'disabled':
print('Disabling issue access for ', project.name) print(' Disabling issue access')
project.issues_access_level = 'disabled' project.issues_access_level = 'disabled'
project.save() changed = True
else: else:
print('Issues already disabled for ', project.name) print(' Issues already disabled')
if project.wiki_access_level != 'disabled': if project.wiki_access_level != 'disabled':
print('Disabling wiki access for', project.name) print(' Disabling wiki access')
project.wiki_access_level = 'disabled' project.wiki_access_level = 'disabled'
project.save() changed = True
else:
print(' Wiki already disabled')
# CI/CD access - this may need rethinking, or per-project configuration decisions,
# depending on what this setting actually does:
#
# https://www.mediawiki.org/wiki/GitLab/Policy#Permissions
#
# > The "Pipelines" setting in public namespaced projects should be set to
# > "Only Project Members". This ensures that only project members with
# > Reporter privileges are able to run tests on a particular project.
if project.builds_access_level != 'private':
print(' Setting CI/CD permissions to project members')
project.builds_access_level = 'private'
changed = True
else: else:
print('Wiki already disabled for', project.name) print(' CI/CD access already set to project members')
if changed:
print (' Saving new settings')
project.save()
time.sleep(.5) time.sleep(.5)
# TODO:
# https://www.mediawiki.org/wiki/GitLab/Policy#Permissions
# To ensure everyone can contribute, projects should allow "Everyone with
# Access" to create merge requests. This is a setting for each repository
# under "Settings" > "General" > "Visibility, project features,
# permissions" > "Repository". This will allow all users to create merge
# requests for a project.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment