hanwen
commented
4 years ago "So, here is what you have to do
-
build a plugin in Gerrit that acts as a HTTP proxy. The plugin should enforce users to be logged in, and forward requests to a Zoekt instance, but also set a
X-Gerrit-AccountId: 1234
header.
-
Update the web server to extract the gerrit account ID from the HTTP request, and set it in the HTTP Context.
-
write a wrapper around zoekt.Searcher
https://github.com/google/zoekt/blob/b1730d8e0cc4aa35d6b2d593b83fef7cb0c81673/api.go#L263
that extracts the Gerrit user from the context. Then it should call back to the Gerrit instance, executing /check.access to verify if the user has access. If not, returon no results.
Then, when deploying, you create a firewall, so only the gerrit server can contact the zoekt server.
Overall, this is not an easy task. Good luck!"
Hi Team, I'm looking for a way to import gerrit ACL's to Zoket, Please let me know the steps to do it or any documentation that I can refer to mirror gerrit ACL's into Zoket. Looking for a way to block the users at the repository level and at the branch level as well in Zoket.