Copyright 2017 OpenStack Foundation

This work is licensed under a Creative Commons Attribution 3.0
Unported License.

Gerrit ContactStore Removal!/story/2001094

The time has come to stop relying on the ContactStore implementation in Gerrit to limit code contributions to Foundation Individual Members.

Problem Description

According to the Bylaws of the OpenStack Foundation Appendix 4 Technical Committee Member Policy §3.b along with the OpenStack Technical Committee Charter definitions for APC and ATC, we limit the voter rolls for technical elections to Foundation Individual Members. In order to comply with this requirement, we currently require all contributors to CLA-enforced Git repositories to submit contact info to the Gerrit contact store which in turn pings a simple API in the foundation member system to confirm the preferred E-mail address in Gerrit matches the primary E-mail address of an existing OpenStack Foundation Individual Member.

This has a number of drawbacks:

  1. It forces contributors to join the OpenStack Foundation even if they have no interest in voting in technical elections or participating in other member benefits.

  2. Our interpretation of the meaning of contributor for these purposes has been unnaturally limited to change owners in Gerrit, in part because commit authors and co-authors aren’t constrained by the contact store process and so might not be members; manual listing as extra ATCs in the governance repo has been the sole workaround, and requires cumbersome manual verification of foundation membership for each addition.

  3. The model is inherently flawed since it’s been possible for a couple years now for a member to officially resign or allow their membership to lapse, but contact store submission is only ever enforced once when the account is first set up and so we may be incorrectly allowing lapsed or resigned members to vote in technical elections.

  4. The implementation is brittle and process confusing, resulting in opaque errors which often confound new contributors and overall inhibit onboarding.

  5. Because the protocol only submits a single E-mail address and backend implementation in the current member system only queries against a single address field, it unnecessarily causes users to have the same primary/preferred address in both systems (at least initially).

  6. Gerrit has removed contact store functionality upstream after 2.11, and we’d like to be able to upgrade to a newer Gerrit release.

Proposed Change

Very recently the OpenStackID Resources system has introduced a member directory API which is public and anonymous. Integrating this into the change owners script we use for generating electoral rolls will allow us to expressly filter out non-member contributors.

Side effect benefits include:

  • it can help further identify duplicate contributors where there may be multiple E-mail addresses in the member system for a single membership, yet corresponding to multiple accounts in Gerrit with those different addresses

  • it will also properly limit voting rights for extra ATCs who have not joined the foundation, eliminating any need for the current cumbersome vetting process

  • it would even enable us (should we choose) to more easily expand the interpreted definition of ATC to include a variety of other types of verifiable contribution tied to a known E-mail address including commit authors and co-authors


We could live with the terrible terribleness, continue to hold easily disputed elections, scare away new contributors and run an outdated Gerrit. Not much of an alternative if you ask me.



Primary assignee:


Gerrit Topic

Use Gerrit topic “gerrit-contactstore-removal” for all patches related to this spec.

git-review -t gerrit-contactstore-removal

Work Items

  1. Update to use the new member directory API.

  2. Notify election officials of the change in behavior.

  3. Remove the contact store implementation from Gerrit configuration templates and manifests in puppet-gerrit and system-config repos.

  4. Update the account setup steps documented in the infra-manual repo to indicate that foundation membership is optional (but encouraged).

  5. Notify the developer community at large by posting an announcement of the new contributor onboarding behavior change/simplification.

  6. Make sure the Upstream Institute volunteers are aware so they can update their training materials accordingly.


No new git repositories need to be created.


No new servers need to be created. The and servers will have configuration changes via Puppet and need gerrit service restarts for this to take effect. The necessary outage will be brief, so a restart at a reasonably convenient time for the community should not require advance notification nor planning.

DNS Entries

No DNS entries need to be created or updated.


As mentioned in the Work Items section, the Infra Manual will require updates to reflect the new onboarding workflow.


This does not introduce any additional known security risks, and there are no identified security-related considerations which need discussing.


Manual testing of the script change should be performed against official contributor data, comparing output between runs of the old and new versions for any unintended changes in behavior.


There are no other specs, libraries or new Puppet modules on which this specification depends.