Faceless account for Gerrit
585 views
Skip to first unread message
Mei B
Mar 8, 2018, 4:51:15 PM3/8/18
to Repo and Gerrit Discussion
How can i create a faceless account with forge author/commit privileges for mirroring repos?
I have found the command "create-account" but I'm not understand the different arguments.
- Do I need a valid e-mail/password for forging purposes only?
- What does "Non-interactive users" imply? Would forging fall into this category?
- After creation how do I use this account to forge commits/authors?
Thanks
Matthias Sohn
Mar 8, 2018, 6:23:20 PM3/8/18
to Mei B, Repo and Gerrit Discussion
On Thu, Mar 8, 2018 at 10:51 PM, Mei B <lidokaw...@gmail.com> wrote:
How can i create a faceless account with forge author/commit privileges for mirroring repos?
what is a faceless account ? I do not understand this term.
Forge Author, Forge Committer and Forge Server permissions are described in [1]
I have found the command "create-account" but I'm not understand the different arguments.- Do I need a valid e-mail/password for forging purposes only?
AFAIK you can only push commits using a user having a registered email address, if the user can forge
Author/Committer/Server identity depends on the permissions granted to the authenticated user.
- What does "Non-interactive users" imply? Would forging fall into this category?
there are different thread pools for execution commands from interactive/non-interactive users
- After creation how do I use this account to forge commits/authors?
authenticate as this user to push commits which have Author/Committer/Server identity which
does not match a registered email address of the authenticated user which is pushing these commits.
This user can push such commits it it has the required Forge Author/Forge Committer/Forge Server
permission on the refs you are pushing to.
-Matthias
Mei B
Mar 8, 2018, 6:47:44 PM3/8/18
to Repo and Gerrit Discussion
What I mean by faceless account, is that it doesn't belong to a specific user. I'm using LDAP to set up my gerrit server but I do not wish to give everyone or a specific person privileges to forge author/commit. I want to make an account and give only this account the privileges.
So all I have to do is create-account a new account, grant it permissions to forge and that should be able to take care of it?
AFAIK you can only push commits using a user having a registered email address, if the user can forgeAuthor/Committer/Server identity depends on the permissions granted to the authenticated user.
If I'm understanding this correctly, does that mean the new user I created is required to have an e-mail to push and forge commit/author/server? Regardless of whether that e-mail is valid or not/
David Pursehouse
Mar 8, 2018, 9:33:02 PM3/8/18
to Mei B, Repo and Gerrit Discussion
On Fri, Mar 9, 2018 at 8:47 AM Mei B <lidokaw...@gmail.com> wrote:
What I mean by faceless account, is that it doesn't belong to a specific user. I'm using LDAP to set up my gerrit server but I do not wish to give everyone or a specific person privileges to forge author/commit. I want to make an account and give only this account the privileges.
There is a serviceuser plugin that might suit your needs.
So all I have to do is create-account a new account, grant it permissions to forge and that should be able to take care of it?AFAIK you can only push commits using a user having a registered email address, if the user can forgeAuthor/Committer/Server identity depends on the permissions granted to the authenticated user.If I'm understanding this correctly, does that mean the new user I created is required to have an e-mail to push and forge commit/author/server? Regardless of whether that e-mail is valid or not/
--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Matthew Montgomery
Mar 9, 2018, 9:37:04 AM3/9/18
to Mei B, Repo and Gerrit Discussion
This is what I have used in the past to create a machine or service user.
Add a "Non-Interactive" User to Gerrit
cat <public-key> | ssh -p 29418 <host> gerrit create-account --group "'Non-Interactive Users'" --full-name "'Full Name'" --ssh-key - <user>
We generally have Non-Interactive Users for Jenkins or other CI tools that need to interact with Gerrit via the API. Normal uses are authenticated via LDAP. You'd run that command as someone with admin rights on the target Gerrit installation.
Example:
cat ~/.ssh/jenkins_id_rsa.pub | ssh -p 29418 localhost gerrit create-account --group "'Non-Interactive Users'" --ssh-key - jenkins
--
Matthew
Add a "Non-Interactive" User to Gerrit
cat <public-key> | ssh -p 29418 <host> gerrit create-account --group "'Non-Interactive Users'" --full-name "'Full Name'" --ssh-key - <user>
We generally have Non-Interactive Users for Jenkins or other CI tools that need to interact with Gerrit via the API. Normal uses are authenticated via LDAP. You'd run that command as someone with admin rights on the target Gerrit installation.
Example:
cat ~/.ssh/jenkins_id_rsa.pub | ssh -p 29418 localhost gerrit create-account --group "'Non-Interactive Users'" --ssh-key - jenkins
--
Matthew
Mei B
Mar 12, 2018, 6:43:15 PM3/12/18
to Repo and Gerrit Discussion
If I create a user via the create-account command, can I use that account to push changes?
Edwin Kempin
Mar 13, 2018, 3:22:26 AM3/13/18
to lidokaw...@gmail.com, Repo and Gerrit Discussion
On Mon, Mar 12, 2018 at 11:43 PM Mei B <lidokaw...@gmail.com> wrote:
If I create a user via the create-account command, can I use that account to push changes?
Yes, but it needs to have an email address and must have permissions to push.
Reply all
Reply to author
Forward
0 new messages