Google Git
Sign in
gerrit / gerrit / 3c288deadca0ac6e78cd1f39ac42cfd35a5d4d6a
commit3c288deadca0ac6e78cd1f39ac42cfd35a5d4d6a[log] [tgz]
authorEdwin Kempin <ekempin@google.com>Tue Aug 27 14:21:39 2024 +0000
committerEdwin Kempin <ekempin@google.com>Wed Aug 28 14:33:14 2024 +0000
treeb428af232bd7314ba24d966bf5349fde47001f0f
parent8099b47ddf343e1060b17dd0e60ada4d660bdd27 [diff]
Add REST endpoint to retrieve the account state with a single request

The new REST endpoint retrieves the superset of all information related
to an account. This information is useful to inspect issues with the
account and its permissions.

For now we return the account details, the account capabilities, the
groups that contain the user as a member and the account external IDs.

This is the information that we ask users for when there is an issue
with the account or the account permissions. All this information is
already available via REST, but collecting it requires multiple calls
and having a dedicated REST endpoint that collects all relevant data at
once makes it simpler to ask the user for this information.

Also, in a follow-up change we intend to include further data into the
response, a key-value map that is retrieved from an extension point.
This way at Google we can extend the account state with custom
information (e.g. whether the user is a Googler, whether the user has
read access on host level and whether a trusted device is used). A part
of this information is computed from the user's session and cannot be
computed onbehalf of another user (not because it's fundamentally
infeasible, but because our current APIs don't support it). This is why
for now it's only possible to retrieve the own account state, but not
the account state of other users (even not for admins). Once we fix our
internal APIs it would be desireable to allow admins to get the account
state for other users. This way we would no longer need to ask the user
to provide us this information when investigating account issues, but
we could just retrieve this information ourselves.

Having the new REST endpoint will greatly simplify investigating account
and permission issues:
1. Ask the user for their account state information (single REST call,
   we may offer a screen for it that allows the user to copy&paste this
   information)
2. Check the account consistency (admin check)
3. Investigate permission issues with the Check Access REST endpoint

Without the new REST endpoint 1. requires the affected user to run
multiple commands to collect the information which often results into
multiple roundtrips, slowing down the investigation. Even worse, some of
the required information currently cannot be provided by external users
(e.g. checking whether the user has read access on host level requires
the user to run an internal-only command). Having the new REST endpoint
this is something that we can address, once we add an extension point in
a follow-up change that allows plugins to provide further account state
data.

Bug: Google b/330836100
Release-Notes: Added a REST endpoint to retrieve the account state
Change-Id: Id8928cdbd9c5117db166c618eece499eff3ecba1
Signed-off-by: Edwin Kempin <ekempin@google.com>
9 files changed
tree: b428af232bd7314ba24d966bf5349fde47001f0f
  1. .github/
  2. .settings/
  3. .ts-out/
  4. antlr3/
  5. contrib/
  6. Documentation/
  7. e2e-tests/
  8. java/
  9. javatests/
  10. lib/
  11. modules/
  12. plugins/
  13. polygerrit-ui/
  14. prolog/
  15. prologtests/
  16. proto/
  17. resources/
  18. tools/
  19. webapp/
  20. polymer-bridges
  21. .bazelignore
  22. .bazelproject
  23. .bazelrc
  24. .bazelversion
  25. .editorconfig
  26. .git-blame-ignore-revs
  27. .gitignore
  28. .gitmodules
  29. .gitreview
  30. .mailmap
  31. .pydevproject
  32. .zuul.yaml
  33. BUILD
  34. COPYING
  35. INSTALL
  36. Jenkinsfile
  37. MODULE.bazel
  38. package.json
  39. README.md
  40. SUBMITTING_PATCHES
  41. version.bzl
  42. web-dev-server.config.mjs
  43. WORKSPACE
  44. yarn.lock
README.md

Gerrit Code Review

Gerrit is a code review and project management tool for Git based projects.

Build Status Maven Central

Objective

Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.

Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.

Documentation

For information about how to install and use Gerrit, refer to the documentation.

Source

Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.

Reporting bugs

Please report bugs on the issue tracker.

Contribute

Gerrit is the work of hundreds of contributors. We appreciate your help!

Please read the contribution guidelines.

Note that we do not accept Pull Requests via the Github mirror.

Getting in contact

The Developer Mailing list is repo-discuss on Google Groups.

License

Gerrit is provided under the Apache License 2.0.

Build

Install Bazel and run the following:

    git clone --recurse-submodules https://gerrit.googlesource.com/gerrit
    cd gerrit && bazel build release

Install binary packages (Deb/Rpm)

The instruction how to configure GerritForge/BinTray repositories is here

On Debian/Ubuntu run:

    apt-get update && apt-get install gerrit=<version>-<release>

NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.

On CentOS/RedHat run:

    yum clean all && yum install gerrit-<version>[-<release>]

On Fedora run:

    dnf clean all && dnf install gerrit-<version>[-<release>]

Use pre-built Gerrit images on Docker

Docker images of Gerrit are available on DockerHub

To run a CentOS 8 based Gerrit image:

    docker run -p 8080:8080 gerritcodereview/gerrit[:version]-centos8

To run a Ubuntu 20.04 based Gerrit image:

    docker run -p 8080:8080 gerritcodereview/gerrit[:version]-ubuntu20

NOTE: release is optional. Last released package of the version is installed if the release number is omitted.