Introduce pull-replication user and internal group
Allows to identify the internal user created by the pull-replication
plugin as member of the pullreplication/internal-user and
Anonymous-Users groups.
Use the new pullreplication/internal-user impersonification when
receiving calls using bearer-token authentication, so that all
internal operations would benefit from the new custom identity.
The rationale behind this new internal user definition is
in the implementation of Gerrit's InternalUser, which does not
allow to define any membership and therefore won't be effectively
useful for accessing all the resources that the pull-replication
plugin needs:
- Access to the repositories
- Access to the git-upload-pack
The access to all refs of all repositories is achieved by
subclassing the InternalUser whilst the access to git-upload-pack
is automatically available through the membership to
Anonymous-Users.
Also, should the Gerrit admin decide to restrict who
can run the git-upload-pack, it would be possible to use the
new pullreplication/internal-user group.
Change-Id: I9c03693a3969506b0dbe6acbfba5de8ca8a1b020
7 files changed
