wireproto: add streams to frame-based protocol
Previously, the frame-based protocol was just a series of frames,
with each frame associated with a request ID.
In order to scale the protocol, we'll want to enable the use of
compression. While it is possible to enable compression at the
socket/pipe level, this has its disadvantages. The big one is it
undermines the point of frames being standalone, atomic units that
can be read and written: if you add compression above the framing
protocol, you are back to having a stream-based protocol as opposed
to something frame-based.
So in order to preserve frames, compression needs to occur at
the frame payload level.
Compressing each frame's payload individually will limit compression
ratios because the window size of the compressor will be limited
by the max frame size, which is 32-64kb as currently defined. It
will also add CPU overhead, as it is more efficient for compressors
to operate on fewer, larger blocks of data than more, smaller blocks.
So compressing each frame independently is out.
This means we need to compress each frame's payload as if it is part
of a larger stream.
The simplest approach is to have 1 stream per connection. This
could certainly work. However, it has disadvantages (documented below).
We could also have 1 stream per RPC/command invocation. (This is the
model HTTP/2 goes with.) This also has disadvantages.
The main disadvantage to one global stream is that it has the very
real potential to create CPU bottlenecks doing compression. Networks
are only getting faster and the performance of single CPU cores has
been relatively flat. Newer compression formats like zstandard offer
better CPU cycle efficiency than predecessors like zlib. But it still
all too common to saturate your CPU with compression overhead long
before you saturate the network pipe.
The main disadvantage with streams per request is that you can't
reap the benefits of the compression context for multiple requests.
For example, if you send 1000 RPC requests (or HTTP/2 requests for
that matter), the response to each would have its own compression
context. The overall size of the raw responses would be larger because
compression contexts wouldn't be able to reference data from another
request or response.
The approach for streams as implemented in this commit is to support
N streams per connection and for streams to potentially span requests
and responses. As explained by the added internals docs, this
facilitates servers and clients delegating independent streams and
compression to independent threads / CPU cores. This helps alleviate
the CPU bottleneck of compression. This design also allows compression
contexts to be reused across requests/responses. This can result in
improved compression ratios and less overhead for compressors and
decompressors having to build new contexts.
Another feature that was defined was the ability for individual frames
within a stream to declare whether that individual frame's payload
uses the content encoding (read: compression) defined by the stream.
The idea here is that some servers may serve data from a combination
of caches and dynamic resolution. Data coming from caches may be
pre-compressed. We want to facilitate servers being able to essentially
stream bytes from caches to the wire with minimal overhead. Being
able to mix and match with frames are compressed within a stream
enables these types of advanced server functionality.
This commit defines the new streams mechanism. Basic code for
supporting streams in frames has been added. But that code is
seriously lacking and doesn't fully conform to the defined protocol.
For example, we don't close any streams. And support for content
encoding within streams is not yet implemented. The change was
rather invasive and I didn't think it would be reasonable to implement
the entire feature in a single commit.
For the record, I would have loved to reuse an existing multiplexing
protocol to build the new wire protocol on top of. However, I couldn't
find a protocol that offers the performance and scaling characteristics
that I desired. Namely, it should support multiple compression
contexts to facilitate scaling out to multiple CPU cores and
compression contexts should be able to live longer than single RPC
requests. HTTP/2 *almost* fits the bill. But the semantics of HTTP
message exchange state that streams can only live for a single
request-response. We /could/ tunnel on top of HTTP/2 streams and
frames with HEADER and DATA frames. But there's no guarantee that
HTTP/2 libraries and proxies would allow us to use HTTP/2 streams
and frames without the HTTP message exchange semantics defined in
RFC 7540 Section 8. Other RPC protocols like gRPC tunnel are built
on top of HTTP/2 and thus preserve its semantics of stream per
RPC invocation. Even QUIC does this. We could attempt to invent a
higher-level stream that spans HTTP/2 streams. But this would be
violating HTTP/2 because there is no guarantee that HTTP/2 streams
are routed to the same server. The best we can do - which is what
this protocol does - is shoehorn all request and response data into
a single HTTP message and create streams within. At that point, we've
defined a Content-Type in HTTP parlance. It just so happens our
media type can also work as a standalone, stream-based protocol,
without leaning on HTTP or similar protocol.
Differential Revision: https://phab.mercurial-scm.org/D2907
> do_push()
> {
> user=$1
> shift
> echo "Pushing as user $user"
> echo 'hgrc = """'
> sed -n '/\[[ha]/,$p' b/.hg/hgrc | grep -v fakegroups.py
> echo '"""'
> if test -f acl.config; then
> echo 'acl.config = """'
> cat acl.config
> echo '"""'
> fi
> # On AIX /etc/profile sets LOGNAME read-only. So
> # LOGNAME=$user hg --cws a --debug push ../b
> # fails with "This variable is read only."
> # Use env to work around this.
> env LOGNAME=$user hg --cwd a --debug push ../b
> hg --cwd b rollback
> hg --cwd b --quiet tip
> echo
> }
> cat > posixgetuser.py <<'EOF'
> import getpass
> from mercurial import pycompat
> from mercurial.utils import procutil
> def posixgetuser():
> return pycompat.fsencode(getpass.getuser())
> if not pycompat.isposix:
> procutil.getuser = posixgetuser # forcibly trust $LOGNAME
> EOF
> init_config()
> {
> cat > fakegroups.py <<EOF
> from hgext import acl
> def fakegetusers(ui, group):
> try:
> return acl._getusersorig(ui, group)
> except:
> return ["fred", "betty"]
> acl._getusersorig = acl._getusers
> acl._getusers = fakegetusers
> EOF
> rm -f acl.config
> cat > $config <<EOF
> [hooks]
> pretxnchangegroup.acl = python:hgext.acl.hook
> [acl]
> sources = push
> [extensions]
> f=`pwd`/fakegroups.py
> posixgetuser=$TESTTMP/posixgetuser.py
> EOF
> }
$ hg init a
$ cd a
$ mkdir foo foo/Bar quux
$ echo 'in foo' > foo/file.txt
$ echo 'in foo/Bar' > foo/Bar/file.txt
$ echo 'in quux' > quux/file.py
$ hg add -q
$ hg ci -m 'add files' -d '1000000 0'
$ echo >> foo/file.txt
$ hg ci -m 'change foo/file' -d '1000001 0'
$ echo >> foo/Bar/file.txt
$ hg ci -m 'change foo/Bar/file' -d '1000002 0'
$ echo >> quux/file.py
$ hg ci -m 'change quux/file' -d '1000003 0'
$ hg tip --quiet
3:911600dab2ae
$ cd ..
$ hg clone -r 0 a b
adding changesets
adding manifests
adding file changes
added 1 changesets with 3 changes to 3 files
new changesets 6675d58eff77
updating to branch default
3 files updated, 0 files merged, 0 files removed, 0 files unresolved
$ config=b/.hg/hgrc
$ cat >> "$config" <<EOF
> [extensions]
> posixgetuser=$TESTTMP/posixgetuser.py
> EOF
Extension disabled for lack of a hook
$ do_push fred
Pushing as user fred
hgrc = """
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
bundle2-input-part: total payload size 1553
bundle2-input-part: "phase-heads" supported
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
updating the branch cache
bundle2-output-bundle: "HG20", 1 parts total
bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
bundle2-input-bundle: no-transaction
bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
bundle2-input-bundle: 0 parts total
listing keys for "phases"
repository tip rolled back to revision 0 (undo push)
0:6675d58eff77
$ echo '[hooks]' >> $config
$ echo 'pretxnchangegroup.acl = python:hgext.acl.hook' >> $config
Extension disabled for lack of acl.sources
$ do_push fred
Pushing as user fred
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: changes have source "push" - skipping
bundle2-input-part: total payload size 1553
bundle2-input-part: "phase-heads" supported
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
updating the branch cache
bundle2-output-bundle: "HG20", 1 parts total
bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
bundle2-input-bundle: no-transaction
bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
bundle2-input-bundle: 0 parts total
listing keys for "phases"
repository tip rolled back to revision 0 (undo push)
0:6675d58eff77
No [acl.allow]/[acl.deny]
$ echo '[acl]' >> $config
$ echo 'sources = push' >> $config
$ do_push fred
Pushing as user fred
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "fred"
acl: acl.allow.branches not enabled
acl: acl.deny.branches not enabled
acl: acl.allow not enabled
acl: acl.deny not enabled
acl: branch access granted: "ef1ea85a6374" on branch "default"
acl: path access granted: "ef1ea85a6374"
acl: branch access granted: "f9cafe1212c8" on branch "default"
acl: path access granted: "f9cafe1212c8"
acl: branch access granted: "911600dab2ae" on branch "default"
acl: path access granted: "911600dab2ae"
bundle2-input-part: total payload size 1553
bundle2-input-part: "phase-heads" supported
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
updating the branch cache
bundle2-output-bundle: "HG20", 1 parts total
bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
bundle2-input-bundle: no-transaction
bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
bundle2-input-bundle: 0 parts total
listing keys for "phases"
repository tip rolled back to revision 0 (undo push)
0:6675d58eff77
Empty [acl.allow]
$ echo '[acl.allow]' >> $config
$ do_push fred
Pushing as user fred
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[acl.allow]
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "fred"
acl: acl.allow.branches not enabled
acl: acl.deny.branches not enabled
acl: acl.allow enabled, 0 entries for user fred
acl: acl.deny not enabled
acl: branch access granted: "ef1ea85a6374" on branch "default"
error: pretxnchangegroup.acl hook failed: acl: user "fred" not allowed on "foo/file.txt" (changeset "ef1ea85a6374")
bundle2-input-part: total payload size 1553
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
transaction abort!
rollback completed
abort: acl: user "fred" not allowed on "foo/file.txt" (changeset "ef1ea85a6374")
no rollback information available
0:6675d58eff77
fred is allowed inside foo/
$ echo 'foo/** = fred' >> $config
$ do_push fred
Pushing as user fred
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[acl.allow]
foo/** = fred
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "fred"
acl: acl.allow.branches not enabled
acl: acl.deny.branches not enabled
acl: acl.allow enabled, 1 entries for user fred
acl: acl.deny not enabled
acl: branch access granted: "ef1ea85a6374" on branch "default"
acl: path access granted: "ef1ea85a6374"
acl: branch access granted: "f9cafe1212c8" on branch "default"
acl: path access granted: "f9cafe1212c8"
acl: branch access granted: "911600dab2ae" on branch "default"
error: pretxnchangegroup.acl hook failed: acl: user "fred" not allowed on "quux/file.py" (changeset "911600dab2ae")
bundle2-input-part: total payload size 1553
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
transaction abort!
rollback completed
abort: acl: user "fred" not allowed on "quux/file.py" (changeset "911600dab2ae")
no rollback information available
0:6675d58eff77
Empty [acl.deny]
$ echo '[acl.deny]' >> $config
$ do_push barney
Pushing as user barney
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[acl.allow]
foo/** = fred
[acl.deny]
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "barney"
acl: acl.allow.branches not enabled
acl: acl.deny.branches not enabled
acl: acl.allow enabled, 0 entries for user barney
acl: acl.deny enabled, 0 entries for user barney
acl: branch access granted: "ef1ea85a6374" on branch "default"
error: pretxnchangegroup.acl hook failed: acl: user "barney" not allowed on "foo/file.txt" (changeset "ef1ea85a6374")
bundle2-input-part: total payload size 1553
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
transaction abort!
rollback completed
abort: acl: user "barney" not allowed on "foo/file.txt" (changeset "ef1ea85a6374")
no rollback information available
0:6675d58eff77
fred is allowed inside foo/, but not foo/bar/ (case matters)
$ echo 'foo/bar/** = fred' >> $config
$ do_push fred
Pushing as user fred
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[acl.allow]
foo/** = fred
[acl.deny]
foo/bar/** = fred
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "fred"
acl: acl.allow.branches not enabled
acl: acl.deny.branches not enabled
acl: acl.allow enabled, 1 entries for user fred
acl: acl.deny enabled, 1 entries for user fred
acl: branch access granted: "ef1ea85a6374" on branch "default"
acl: path access granted: "ef1ea85a6374"
acl: branch access granted: "f9cafe1212c8" on branch "default"
acl: path access granted: "f9cafe1212c8"
acl: branch access granted: "911600dab2ae" on branch "default"
error: pretxnchangegroup.acl hook failed: acl: user "fred" not allowed on "quux/file.py" (changeset "911600dab2ae")
bundle2-input-part: total payload size 1553
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
transaction abort!
rollback completed
abort: acl: user "fred" not allowed on "quux/file.py" (changeset "911600dab2ae")
no rollback information available
0:6675d58eff77
fred is allowed inside foo/, but not foo/Bar/
$ echo 'foo/Bar/** = fred' >> $config
$ do_push fred
Pushing as user fred
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[acl.allow]
foo/** = fred
[acl.deny]
foo/bar/** = fred
foo/Bar/** = fred
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "fred"
acl: acl.allow.branches not enabled
acl: acl.deny.branches not enabled
acl: acl.allow enabled, 1 entries for user fred
acl: acl.deny enabled, 2 entries for user fred
acl: branch access granted: "ef1ea85a6374" on branch "default"
acl: path access granted: "ef1ea85a6374"
acl: branch access granted: "f9cafe1212c8" on branch "default"
error: pretxnchangegroup.acl hook failed: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8")
bundle2-input-part: total payload size 1553
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
transaction abort!
rollback completed
abort: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8")
no rollback information available
0:6675d58eff77
$ echo 'barney is not mentioned => not allowed anywhere'
barney is not mentioned => not allowed anywhere
$ do_push barney
Pushing as user barney
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[acl.allow]
foo/** = fred
[acl.deny]
foo/bar/** = fred
foo/Bar/** = fred
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "barney"
acl: acl.allow.branches not enabled
acl: acl.deny.branches not enabled
acl: acl.allow enabled, 0 entries for user barney
acl: acl.deny enabled, 0 entries for user barney
acl: branch access granted: "ef1ea85a6374" on branch "default"
error: pretxnchangegroup.acl hook failed: acl: user "barney" not allowed on "foo/file.txt" (changeset "ef1ea85a6374")
bundle2-input-part: total payload size 1553
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
transaction abort!
rollback completed
abort: acl: user "barney" not allowed on "foo/file.txt" (changeset "ef1ea85a6374")
no rollback information available
0:6675d58eff77
barney is allowed everywhere
$ echo '[acl.allow]' >> $config
$ echo '** = barney' >> $config
$ do_push barney
Pushing as user barney
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[acl.allow]
foo/** = fred
[acl.deny]
foo/bar/** = fred
foo/Bar/** = fred
[acl.allow]
** = barney
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "barney"
acl: acl.allow.branches not enabled
acl: acl.deny.branches not enabled
acl: acl.allow enabled, 1 entries for user barney
acl: acl.deny enabled, 0 entries for user barney
acl: branch access granted: "ef1ea85a6374" on branch "default"
acl: path access granted: "ef1ea85a6374"
acl: branch access granted: "f9cafe1212c8" on branch "default"
acl: path access granted: "f9cafe1212c8"
acl: branch access granted: "911600dab2ae" on branch "default"
acl: path access granted: "911600dab2ae"
bundle2-input-part: total payload size 1553
bundle2-input-part: "phase-heads" supported
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
updating the branch cache
bundle2-output-bundle: "HG20", 1 parts total
bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
bundle2-input-bundle: no-transaction
bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
bundle2-input-bundle: 0 parts total
listing keys for "phases"
repository tip rolled back to revision 0 (undo push)
0:6675d58eff77
wilma can change files with a .txt extension
$ echo '**/*.txt = wilma' >> $config
$ do_push wilma
Pushing as user wilma
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[acl.allow]
foo/** = fred
[acl.deny]
foo/bar/** = fred
foo/Bar/** = fred
[acl.allow]
** = barney
**/*.txt = wilma
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "wilma"
acl: acl.allow.branches not enabled
acl: acl.deny.branches not enabled
acl: acl.allow enabled, 1 entries for user wilma
acl: acl.deny enabled, 0 entries for user wilma
acl: branch access granted: "ef1ea85a6374" on branch "default"
acl: path access granted: "ef1ea85a6374"
acl: branch access granted: "f9cafe1212c8" on branch "default"
acl: path access granted: "f9cafe1212c8"
acl: branch access granted: "911600dab2ae" on branch "default"
error: pretxnchangegroup.acl hook failed: acl: user "wilma" not allowed on "quux/file.py" (changeset "911600dab2ae")
bundle2-input-part: total payload size 1553
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
transaction abort!
rollback completed
abort: acl: user "wilma" not allowed on "quux/file.py" (changeset "911600dab2ae")
no rollback information available
0:6675d58eff77
file specified by acl.config does not exist
$ echo '[acl]' >> $config
$ echo 'config = ../acl.config' >> $config
$ do_push barney
Pushing as user barney
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[acl.allow]
foo/** = fred
[acl.deny]
foo/bar/** = fred
foo/Bar/** = fred
[acl.allow]
** = barney
**/*.txt = wilma
[acl]
config = ../acl.config
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "barney"
error: pretxnchangegroup.acl hook raised an exception: [Errno *] * (glob)
bundle2-input-part: total payload size 1553
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
transaction abort!
rollback completed
abort: $ENOENT$: ../acl.config
no rollback information available
0:6675d58eff77
betty is allowed inside foo/ by a acl.config file
$ echo '[acl.allow]' >> acl.config
$ echo 'foo/** = betty' >> acl.config
$ do_push betty
Pushing as user betty
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[acl.allow]
foo/** = fred
[acl.deny]
foo/bar/** = fred
foo/Bar/** = fred
[acl.allow]
** = barney
**/*.txt = wilma
[acl]
config = ../acl.config
"""
acl.config = """
[acl.allow]
foo/** = betty
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "betty"
acl: acl.allow.branches not enabled
acl: acl.deny.branches not enabled
acl: acl.allow enabled, 1 entries for user betty
acl: acl.deny enabled, 0 entries for user betty
acl: branch access granted: "ef1ea85a6374" on branch "default"
acl: path access granted: "ef1ea85a6374"
acl: branch access granted: "f9cafe1212c8" on branch "default"
acl: path access granted: "f9cafe1212c8"
acl: branch access granted: "911600dab2ae" on branch "default"
error: pretxnchangegroup.acl hook failed: acl: user "betty" not allowed on "quux/file.py" (changeset "911600dab2ae")
bundle2-input-part: total payload size 1553
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
transaction abort!
rollback completed
abort: acl: user "betty" not allowed on "quux/file.py" (changeset "911600dab2ae")
no rollback information available
0:6675d58eff77
acl.config can set only [acl.allow]/[acl.deny]
$ echo '[hooks]' >> acl.config
$ echo 'changegroup.acl = false' >> acl.config
$ do_push barney
Pushing as user barney
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[acl.allow]
foo/** = fred
[acl.deny]
foo/bar/** = fred
foo/Bar/** = fred
[acl.allow]
** = barney
**/*.txt = wilma
[acl]
config = ../acl.config
"""
acl.config = """
[acl.allow]
foo/** = betty
[hooks]
changegroup.acl = false
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "barney"
acl: acl.allow.branches not enabled
acl: acl.deny.branches not enabled
acl: acl.allow enabled, 1 entries for user barney
acl: acl.deny enabled, 0 entries for user barney
acl: branch access granted: "ef1ea85a6374" on branch "default"
acl: path access granted: "ef1ea85a6374"
acl: branch access granted: "f9cafe1212c8" on branch "default"
acl: path access granted: "f9cafe1212c8"
acl: branch access granted: "911600dab2ae" on branch "default"
acl: path access granted: "911600dab2ae"
bundle2-input-part: total payload size 1553
bundle2-input-part: "phase-heads" supported
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
updating the branch cache
bundle2-output-bundle: "HG20", 1 parts total
bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
bundle2-input-bundle: no-transaction
bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
bundle2-input-bundle: 0 parts total
listing keys for "phases"
repository tip rolled back to revision 0 (undo push)
0:6675d58eff77
asterisk
$ init_config
asterisk test
$ echo '[acl.allow]' >> $config
$ echo "** = fred" >> $config
fred is always allowed
$ do_push fred
Pushing as user fred
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[extensions]
posixgetuser=$TESTTMP/posixgetuser.py
[acl.allow]
** = fred
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "fred"
acl: acl.allow.branches not enabled
acl: acl.deny.branches not enabled
acl: acl.allow enabled, 1 entries for user fred
acl: acl.deny not enabled
acl: branch access granted: "ef1ea85a6374" on branch "default"
acl: path access granted: "ef1ea85a6374"
acl: branch access granted: "f9cafe1212c8" on branch "default"
acl: path access granted: "f9cafe1212c8"
acl: branch access granted: "911600dab2ae" on branch "default"
acl: path access granted: "911600dab2ae"
bundle2-input-part: total payload size 1553
bundle2-input-part: "phase-heads" supported
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
updating the branch cache
bundle2-output-bundle: "HG20", 1 parts total
bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
bundle2-input-bundle: no-transaction
bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
bundle2-input-bundle: 0 parts total
listing keys for "phases"
repository tip rolled back to revision 0 (undo push)
0:6675d58eff77
$ echo '[acl.deny]' >> $config
$ echo "foo/Bar/** = *" >> $config
no one is allowed inside foo/Bar/
$ do_push fred
Pushing as user fred
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[extensions]
posixgetuser=$TESTTMP/posixgetuser.py
[acl.allow]
** = fred
[acl.deny]
foo/Bar/** = *
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "fred"
acl: acl.allow.branches not enabled
acl: acl.deny.branches not enabled
acl: acl.allow enabled, 1 entries for user fred
acl: acl.deny enabled, 1 entries for user fred
acl: branch access granted: "ef1ea85a6374" on branch "default"
acl: path access granted: "ef1ea85a6374"
acl: branch access granted: "f9cafe1212c8" on branch "default"
error: pretxnchangegroup.acl hook failed: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8")
bundle2-input-part: total payload size 1553
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
transaction abort!
rollback completed
abort: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8")
no rollback information available
0:6675d58eff77
Groups
$ init_config
OS-level groups
$ echo '[acl.allow]' >> $config
$ echo "** = @group1" >> $config
@group1 is always allowed
$ do_push fred
Pushing as user fred
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[extensions]
posixgetuser=$TESTTMP/posixgetuser.py
[acl.allow]
** = @group1
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "fred"
acl: acl.allow.branches not enabled
acl: acl.deny.branches not enabled
acl: "group1" not defined in [acl.groups]
acl: acl.allow enabled, 1 entries for user fred
acl: acl.deny not enabled
acl: branch access granted: "ef1ea85a6374" on branch "default"
acl: path access granted: "ef1ea85a6374"
acl: branch access granted: "f9cafe1212c8" on branch "default"
acl: path access granted: "f9cafe1212c8"
acl: branch access granted: "911600dab2ae" on branch "default"
acl: path access granted: "911600dab2ae"
bundle2-input-part: total payload size 1553
bundle2-input-part: "phase-heads" supported
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
updating the branch cache
bundle2-output-bundle: "HG20", 1 parts total
bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
bundle2-input-bundle: no-transaction
bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
bundle2-input-bundle: 0 parts total
listing keys for "phases"
repository tip rolled back to revision 0 (undo push)
0:6675d58eff77
$ echo '[acl.deny]' >> $config
$ echo "foo/Bar/** = @group1" >> $config
@group is allowed inside anything but foo/Bar/
$ do_push fred
Pushing as user fred
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[extensions]
posixgetuser=$TESTTMP/posixgetuser.py
[acl.allow]
** = @group1
[acl.deny]
foo/Bar/** = @group1
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
3 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 24 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 24 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 24
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
adding manifests
adding file changes
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 3 changesets with 3 changes to 3 files
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "fred"
acl: acl.allow.branches not enabled
acl: acl.deny.branches not enabled
acl: "group1" not defined in [acl.groups]
acl: acl.allow enabled, 1 entries for user fred
acl: "group1" not defined in [acl.groups]
acl: acl.deny enabled, 1 entries for user fred
acl: branch access granted: "ef1ea85a6374" on branch "default"
acl: path access granted: "ef1ea85a6374"
acl: branch access granted: "f9cafe1212c8" on branch "default"
error: pretxnchangegroup.acl hook failed: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8")
bundle2-input-part: total payload size 1553
bundle2-input-part: total payload size 24
bundle2-input-bundle: 4 parts total
transaction abort!
rollback completed
abort: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8")
no rollback information available
0:6675d58eff77
Invalid group
Disable the fakegroups trick to get real failures
$ grep -v fakegroups $config > config.tmp
$ mv config.tmp $config
$ echo '[acl.allow]' >> $config
$ echo "** = @unlikelytoexist" >> $config
$ do_push fred 2>&1 | grep unlikelytoexist
** = @unlikelytoexist
acl: "unlikelytoexist" not defined in [acl.groups]
error: pretxnchangegroup.acl hook failed: group 'unlikelytoexist' is undefined
abort: group 'unlikelytoexist' is undefined
Branch acl tests setup
$ init_config
$ cd b
$ hg up
0 files updated, 0 files merged, 0 files removed, 0 files unresolved
$ hg branch foobar
marked working directory as branch foobar
(branches are permanent and global, did you want a bookmark?)
$ hg commit -m 'create foobar'
$ echo 'foo contents' > abc.txt
$ hg add abc.txt
$ hg commit -m 'foobar contents'
$ cd ..
$ hg --cwd a pull ../b
pulling from ../b
searching for changes
adding changesets
adding manifests
adding file changes
added 2 changesets with 1 changes to 1 files (+1 heads)
new changesets 81fbf4469322:fb35475503ef
(run 'hg heads' to see heads)
Create additional changeset on foobar branch
$ cd a
$ hg up -C foobar
4 files updated, 0 files merged, 0 files removed, 0 files unresolved
$ echo 'foo contents2' > abc.txt
$ hg commit -m 'foobar contents2'
$ cd ..
No branch acls specified
$ do_push astro
Pushing as user astro
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[extensions]
posixgetuser=$TESTTMP/posixgetuser.py
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
4 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 48 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 48 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 48
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
add changeset e8fc755d4d82
adding manifests
adding file changes
adding abc.txt revisions
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 4 changesets with 4 changes to 4 files (+1 heads)
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "astro"
acl: acl.allow.branches not enabled
acl: acl.deny.branches not enabled
acl: acl.allow not enabled
acl: acl.deny not enabled
acl: branch access granted: "ef1ea85a6374" on branch "default"
acl: path access granted: "ef1ea85a6374"
acl: branch access granted: "f9cafe1212c8" on branch "default"
acl: path access granted: "f9cafe1212c8"
acl: branch access granted: "911600dab2ae" on branch "default"
acl: path access granted: "911600dab2ae"
acl: branch access granted: "e8fc755d4d82" on branch "foobar"
acl: path access granted: "e8fc755d4d82"
bundle2-input-part: total payload size 2068
bundle2-input-part: "phase-heads" supported
bundle2-input-part: total payload size 48
bundle2-input-bundle: 4 parts total
updating the branch cache
bundle2-output-bundle: "HG20", 1 parts total
bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
bundle2-input-bundle: no-transaction
bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
bundle2-input-bundle: 0 parts total
listing keys for "phases"
repository tip rolled back to revision 2 (undo push)
2:fb35475503ef
Branch acl deny test
$ echo "[acl.deny.branches]" >> $config
$ echo "foobar = *" >> $config
$ do_push astro
Pushing as user astro
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[extensions]
posixgetuser=$TESTTMP/posixgetuser.py
[acl.deny.branches]
foobar = *
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
4 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 48 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 48 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 48
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
add changeset e8fc755d4d82
adding manifests
adding file changes
adding abc.txt revisions
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 4 changesets with 4 changes to 4 files (+1 heads)
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "astro"
acl: acl.allow.branches not enabled
acl: acl.deny.branches enabled, 1 entries for user astro
acl: acl.allow not enabled
acl: acl.deny not enabled
acl: branch access granted: "ef1ea85a6374" on branch "default"
acl: path access granted: "ef1ea85a6374"
acl: branch access granted: "f9cafe1212c8" on branch "default"
acl: path access granted: "f9cafe1212c8"
acl: branch access granted: "911600dab2ae" on branch "default"
acl: path access granted: "911600dab2ae"
error: pretxnchangegroup.acl hook failed: acl: user "astro" denied on branch "foobar" (changeset "e8fc755d4d82")
bundle2-input-part: total payload size 2068
bundle2-input-part: total payload size 48
bundle2-input-bundle: 4 parts total
transaction abort!
rollback completed
abort: acl: user "astro" denied on branch "foobar" (changeset "e8fc755d4d82")
no rollback information available
2:fb35475503ef
Branch acl empty allow test
$ init_config
$ echo "[acl.allow.branches]" >> $config
$ do_push astro
Pushing as user astro
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[extensions]
posixgetuser=$TESTTMP/posixgetuser.py
[acl.allow.branches]
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
4 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 48 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 48 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 48
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
add changeset e8fc755d4d82
adding manifests
adding file changes
adding abc.txt revisions
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 4 changesets with 4 changes to 4 files (+1 heads)
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "astro"
acl: acl.allow.branches enabled, 0 entries for user astro
acl: acl.deny.branches not enabled
acl: acl.allow not enabled
acl: acl.deny not enabled
error: pretxnchangegroup.acl hook failed: acl: user "astro" not allowed on branch "default" (changeset "ef1ea85a6374")
bundle2-input-part: total payload size 2068
bundle2-input-part: total payload size 48
bundle2-input-bundle: 4 parts total
transaction abort!
rollback completed
abort: acl: user "astro" not allowed on branch "default" (changeset "ef1ea85a6374")
no rollback information available
2:fb35475503ef
Branch acl allow other
$ init_config
$ echo "[acl.allow.branches]" >> $config
$ echo "* = george" >> $config
$ do_push astro
Pushing as user astro
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[extensions]
posixgetuser=$TESTTMP/posixgetuser.py
[acl.allow.branches]
* = george
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
4 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 48 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 48 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 48
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
add changeset e8fc755d4d82
adding manifests
adding file changes
adding abc.txt revisions
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 4 changesets with 4 changes to 4 files (+1 heads)
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "astro"
acl: acl.allow.branches enabled, 0 entries for user astro
acl: acl.deny.branches not enabled
acl: acl.allow not enabled
acl: acl.deny not enabled
error: pretxnchangegroup.acl hook failed: acl: user "astro" not allowed on branch "default" (changeset "ef1ea85a6374")
bundle2-input-part: total payload size 2068
bundle2-input-part: total payload size 48
bundle2-input-bundle: 4 parts total
transaction abort!
rollback completed
abort: acl: user "astro" not allowed on branch "default" (changeset "ef1ea85a6374")
no rollback information available
2:fb35475503ef
$ do_push george
Pushing as user george
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[extensions]
posixgetuser=$TESTTMP/posixgetuser.py
[acl.allow.branches]
* = george
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
4 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 48 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 48 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 48
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
add changeset e8fc755d4d82
adding manifests
adding file changes
adding abc.txt revisions
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 4 changesets with 4 changes to 4 files (+1 heads)
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "george"
acl: acl.allow.branches enabled, 1 entries for user george
acl: acl.deny.branches not enabled
acl: acl.allow not enabled
acl: acl.deny not enabled
acl: branch access granted: "ef1ea85a6374" on branch "default"
acl: path access granted: "ef1ea85a6374"
acl: branch access granted: "f9cafe1212c8" on branch "default"
acl: path access granted: "f9cafe1212c8"
acl: branch access granted: "911600dab2ae" on branch "default"
acl: path access granted: "911600dab2ae"
acl: branch access granted: "e8fc755d4d82" on branch "foobar"
acl: path access granted: "e8fc755d4d82"
bundle2-input-part: total payload size 2068
bundle2-input-part: "phase-heads" supported
bundle2-input-part: total payload size 48
bundle2-input-bundle: 4 parts total
updating the branch cache
bundle2-output-bundle: "HG20", 1 parts total
bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
bundle2-input-bundle: no-transaction
bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
bundle2-input-bundle: 0 parts total
listing keys for "phases"
repository tip rolled back to revision 2 (undo push)
2:fb35475503ef
Branch acl conflicting allow
asterisk ends up applying to all branches and allowing george to
push foobar into the remote
$ init_config
$ echo "[acl.allow.branches]" >> $config
$ echo "foobar = astro" >> $config
$ echo "* = george" >> $config
$ do_push george
Pushing as user george
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[extensions]
posixgetuser=$TESTTMP/posixgetuser.py
[acl.allow.branches]
foobar = astro
* = george
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
4 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 48 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 48 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 48
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
add changeset e8fc755d4d82
adding manifests
adding file changes
adding abc.txt revisions
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 4 changesets with 4 changes to 4 files (+1 heads)
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "george"
acl: acl.allow.branches enabled, 1 entries for user george
acl: acl.deny.branches not enabled
acl: acl.allow not enabled
acl: acl.deny not enabled
acl: branch access granted: "ef1ea85a6374" on branch "default"
acl: path access granted: "ef1ea85a6374"
acl: branch access granted: "f9cafe1212c8" on branch "default"
acl: path access granted: "f9cafe1212c8"
acl: branch access granted: "911600dab2ae" on branch "default"
acl: path access granted: "911600dab2ae"
acl: branch access granted: "e8fc755d4d82" on branch "foobar"
acl: path access granted: "e8fc755d4d82"
bundle2-input-part: total payload size 2068
bundle2-input-part: "phase-heads" supported
bundle2-input-part: total payload size 48
bundle2-input-bundle: 4 parts total
updating the branch cache
bundle2-output-bundle: "HG20", 1 parts total
bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
bundle2-input-bundle: no-transaction
bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
bundle2-input-bundle: 0 parts total
listing keys for "phases"
repository tip rolled back to revision 2 (undo push)
2:fb35475503ef
Branch acl conflicting deny
$ init_config
$ echo "[acl.deny.branches]" >> $config
$ echo "foobar = astro" >> $config
$ echo "default = astro" >> $config
$ echo "* = george" >> $config
$ do_push george
Pushing as user george
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[extensions]
posixgetuser=$TESTTMP/posixgetuser.py
[acl.deny.branches]
foobar = astro
default = astro
* = george
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
4 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 48 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 48 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 48
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
add changeset e8fc755d4d82
adding manifests
adding file changes
adding abc.txt revisions
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 4 changesets with 4 changes to 4 files (+1 heads)
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "george"
acl: acl.allow.branches not enabled
acl: acl.deny.branches enabled, 1 entries for user george
acl: acl.allow not enabled
acl: acl.deny not enabled
error: pretxnchangegroup.acl hook failed: acl: user "george" denied on branch "default" (changeset "ef1ea85a6374")
bundle2-input-part: total payload size 2068
bundle2-input-part: total payload size 48
bundle2-input-bundle: 4 parts total
transaction abort!
rollback completed
abort: acl: user "george" denied on branch "default" (changeset "ef1ea85a6374")
no rollback information available
2:fb35475503ef
User 'astro' must not be denied
$ init_config
$ echo "[acl.deny.branches]" >> $config
$ echo "default = !astro" >> $config
$ do_push astro
Pushing as user astro
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[extensions]
posixgetuser=$TESTTMP/posixgetuser.py
[acl.deny.branches]
default = !astro
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
4 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 48 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 48 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 48
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
add changeset e8fc755d4d82
adding manifests
adding file changes
adding abc.txt revisions
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 4 changesets with 4 changes to 4 files (+1 heads)
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "astro"
acl: acl.allow.branches not enabled
acl: acl.deny.branches enabled, 0 entries for user astro
acl: acl.allow not enabled
acl: acl.deny not enabled
acl: branch access granted: "ef1ea85a6374" on branch "default"
acl: path access granted: "ef1ea85a6374"
acl: branch access granted: "f9cafe1212c8" on branch "default"
acl: path access granted: "f9cafe1212c8"
acl: branch access granted: "911600dab2ae" on branch "default"
acl: path access granted: "911600dab2ae"
acl: branch access granted: "e8fc755d4d82" on branch "foobar"
acl: path access granted: "e8fc755d4d82"
bundle2-input-part: total payload size 2068
bundle2-input-part: "phase-heads" supported
bundle2-input-part: total payload size 48
bundle2-input-bundle: 4 parts total
updating the branch cache
bundle2-output-bundle: "HG20", 1 parts total
bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
bundle2-input-bundle: no-transaction
bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
bundle2-input-bundle: 0 parts total
listing keys for "phases"
repository tip rolled back to revision 2 (undo push)
2:fb35475503ef
Non-astro users must be denied
$ do_push george
Pushing as user george
hgrc = """
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[extensions]
posixgetuser=$TESTTMP/posixgetuser.py
[acl.deny.branches]
default = !astro
"""
pushing to ../b
query 1; heads
searching for changes
all remote heads known locally
listing keys for "phases"
checking for updated bookmarks
listing keys for "bookmarks"
listing keys for "bookmarks"
4 changesets found
list of changesets:
ef1ea85a6374b77d6da9dcda9541f498f2d17df7
f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
911600dab2ae7a9baff75958b84fe606851ce955
e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
bundle2-output-bundle: "HG20", 5 parts total
bundle2-output-part: "replycaps" 205 bytes payload
bundle2-output-part: "check:phases" 48 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "phase-heads" 48 bytes payload
bundle2-input-bundle: with-transaction
bundle2-input-part: "replycaps" supported
bundle2-input-part: total payload size 205
bundle2-input-part: "check:phases" supported
bundle2-input-part: total payload size 48
bundle2-input-part: "check:heads" supported
bundle2-input-part: total payload size 20
bundle2-input-part: "changegroup" (params: 1 mandatory) supported
adding changesets
add changeset ef1ea85a6374
add changeset f9cafe1212c8
add changeset 911600dab2ae
add changeset e8fc755d4d82
adding manifests
adding file changes
adding abc.txt revisions
adding foo/Bar/file.txt revisions
adding foo/file.txt revisions
adding quux/file.py revisions
added 4 changesets with 4 changes to 4 files (+1 heads)
calling hook pretxnchangegroup.acl: hgext.acl.hook
acl: checking access for user "george"
acl: acl.allow.branches not enabled
acl: acl.deny.branches enabled, 1 entries for user george
acl: acl.allow not enabled
acl: acl.deny not enabled
error: pretxnchangegroup.acl hook failed: acl: user "george" denied on branch "default" (changeset "ef1ea85a6374")
bundle2-input-part: total payload size 2068
bundle2-input-part: total payload size 48
bundle2-input-bundle: 4 parts total
transaction abort!
rollback completed
abort: acl: user "george" denied on branch "default" (changeset "ef1ea85a6374")
no rollback information available
2:fb35475503ef