Create a group gerrit-flows with runAs+viewAllAccounts permission Following go/gob/users/gerrit-flows#onboarding step 5/6, except that says to grant the *user* permission but the Gerrit UI doesn't allow me to do that, so I created a group and added the user instead. Group: https://dawn-review.git.corp.google.com/admin/groups/e6a605e72c494a2fbf0c51f14cd0f24fb7ae1e50,members User: https://dawn-review.git.corp.google.com/dashboard/4718297 Bug: 493938721 Change-Id: I7da16e9bc47043d78f2f6ffcaef80df544d4205b
diff --git a/groups b/groups index 0a7cf3c..85c4ea4 100644 --- a/groups +++ b/groups
@@ -1,17 +1,18 @@ # UUID Group Name # -090e2829b3a2ff324d5c288f4c7bb82d3389fa8e owners-override -5bfa1e6d0fc0cd988605571affca89e60a7aa1a1 bot-commit-bots -b8e19f14ecb618ea6c5d3dca892a7d80105ed6af gerrit-submit-requirements-admins -cria:project-dawn-committers cria/project-dawn-committers -d88594eff8d639cb82d00cdda77f3ec69a8463a0 dawn-scoped@luci-project-accounts.iam.gserviceaccount.com -e8a7a6ec5578b7b3fb664b063b34b1278f7409e2 tint-scoped@luci-project-accounts.iam.gserviceaccount.com -global:Anonymous-Users Anonymous Users -global:Project-Owners Project Owners -global:Registered-Users Registered Users +090e2829b3a2ff324d5c288f4c7bb82d3389fa8e owners-override +5bfa1e6d0fc0cd988605571affca89e60a7aa1a1 bot-commit-bots +b8e19f14ecb618ea6c5d3dca892a7d80105ed6af gerrit-submit-requirements-admins +cria:project-dawn-committers cria/project-dawn-committers +d88594eff8d639cb82d00cdda77f3ec69a8463a0 dawn-scoped@luci-project-accounts.iam.gserviceaccount.com +e6a605e72c494a2fbf0c51f14cd0f24fb7ae1e50 gerrit-flows +e8a7a6ec5578b7b3fb664b063b34b1278f7409e2 tint-scoped@luci-project-accounts.iam.gserviceaccount.com +global:Anonymous-Users Anonymous Users +global:Project-Owners Project Owners +global:Registered-Users Registered Users google:AI2Pq9r_ksT_hfUOny8swsG8krQwPL5eOM0hGHf4QWGOPdy9igqsdhs google/google-union:signcla -mdb:chrome-git-admins mdb/chrome-git-admins -mdb:copybara-git-readers mdb/copybara-git-readers -mdb:google-cla-gerrit-robot-accounts mdb/google-cla-gerrit-robot-accounts -mdb:webgpu-dawn-admin mdb/webgpu-dawn-admin -mdb:webgpu-tint-admin mdb/webgpu-tint-admin +mdb:chrome-git-admins mdb/chrome-git-admins +mdb:copybara-git-readers mdb/copybara-git-readers +mdb:google-cla-gerrit-robot-accounts mdb/google-cla-gerrit-robot-accounts +mdb:webgpu-dawn-admin mdb/webgpu-dawn-admin +mdb:webgpu-tint-admin mdb/webgpu-tint-admin
diff --git a/project.config b/project.config index b20662b..44ce4eb 100644 --- a/project.config +++ b/project.config
@@ -5,13 +5,6 @@ requireSignedOffBy = false requireChangeId = true enableSignedPush = false -[accounts] - sameGroupVisibility = deny group google/google-union:signcla -[contributor-agreement "Google CLA"] - description = Google Contributor License Agreement - agreementUrl = static/cla.html - accepted = group google/google-union:signcla - accepted = group mdb/google-cla-gerrit-robot-accounts [submit] mergeContent = true [access "refs/*"] @@ -90,11 +83,20 @@ [access "refs/for/refs/meta/config"] push = group gerrit-submit-requirements-admins read = group gerrit-submit-requirements-admins +[accounts] + sameGroupVisibility = deny group google/google-union:signcla +[contributor-agreement "Google CLA"] + description = Google Contributor License Agreement + agreementUrl = static/cla.html + accepted = group google/google-union:signcla + accepted = group mdb/google-cla-gerrit-robot-accounts [capability] administrateServer = group mdb/chrome-git-admins administrateServer = group mdb/webgpu-dawn-admin gerrit-google-manageUsersGet = group mdb/copybara-git-readers + runAs = group gerrit-flows viewAllAccounts = group dawn-scoped@luci-project-accounts.iam.gserviceaccount.com + viewAllAccounts = group gerrit-flows viewAllAccounts = group mdb/copybara-git-readers viewAllAccounts = group tint-scoped@luci-project-accounts.iam.gserviceaccount.com [plugin "jwtservice"]