For each Gerrit git repository, you can specify two groups of users:
The contributors can only submit changes to Gerrit.
The project owners can review those changes and merge them to the integration branch. Of course, project owners can also submit changes to Gerrit.
Project owners can also directly push changes into the different branches of the repositories.
A flowchart of the review and merge process is found below.
During the inital setup, it does add too much overhead to my taste. I recommend to start using the workflow after the first production nodes are managed. In the mean time, you can just push into the branches of the main repo.
Also, for the custom git repos in the Puppetfile I use the 'integration' branch as the reference.
$ git flow feature submit
init: Need to be root
fatal: bad revision '^origin/develop'
fatal: Not a valid object name origin/develop
Current branch did NOT initially branch from 'origin/develop'
$ git checkout develop
$ git pull origin
$ git flow feature rebase [featurename]