tree 5c5f536fee4c294b0edad65b55759053e3233c29
parent 168ad4d8dcd74cf0263476252b2f11ef4b96b20e
author Luca Milanesio <luca.milanesio@gmail.com> 1669388887 +0000
committer Luca Milanesio <luca.milanesio@gmail.com> 1669918724 +0000

Introduce pull-replication user and internal group

Allows to identify the internal user created by the pull-replication
plugin as member of the pullreplication/internal-user and
Anonymous-Users groups.

Use the new pullreplication/internal-user impersonification when
receiving calls using bearer-token authentication, so that all
internal operations would benefit from the new custom identity.

The rationale behind this new internal user definition is
in the implementation of Gerrit's InternalUser, which does not
allow to define any membership and therefore won't be effectively
useful for accessing all the resources that the pull-replication
plugin needs:
- Access to the repositories
- Access to the git-upload-pack

The access to all refs of all repositories is achieved by
subclassing the InternalUser whilst the access to git-upload-pack
is automatically available through the membership to
Anonymous-Users.

Also, should the Gerrit admin decide to restrict who
can run the git-upload-pack, it would be possible to use the
new pullreplication/internal-user group.

Change-Id: I9c03693a3969506b0dbe6acbfba5de8ca8a1b020