def make_www(port, auth_role, secrets, is_dev_env): if is_dev_env: auth = UserPasswordAuth({"user": "******"}) role_matcher = RolesFromUsername(roles=[auth_role], usernames=["user"]) else: auth = GitHubAuth(clientId=secrets["github_client_id"], clientSecret=secrets["github_client_secret"]) role_matcher = RolesFromGroups() return { "auth": auth, "authz": Authz(allowRules=[AnyControlEndpointMatcher(role=auth_role)], roleMatchers=[role_matcher]), "change_hook_dialects": { "github": { "secret": secrets["github_hook_secret"], "strict": True } }, "plugins": { "console_view": True, "grid_view": True, "waterfall_view": True }, "port": port }
def authz(): if not util.env.OAUTH2_CLIENT_ID and not util.env.WWW_PLAIN_LOGIN: return Authz() if util.env.OAUTH2_CLIENT_ID: role_matchers = [RolesFromGroups()] else: util.env.OAUTH2_GROUP = 'admin' role_matchers = [ RolesFromUsername( roles=[util.env.OAUTH2_GROUP], usernames=[util.env.WWW_PLAIN_LOGIN], ) ] return Authz( allowRules=[ DenyRebuildIntermediateBuild(util.env.BOOTSTRAP_BUILDER_NAME, role='*'), AnyEndpointMatcher(role=util.env.OAUTH2_GROUP), ], roleMatchers=role_matchers, )
def setUp(self): authzcfg = authz.Authz( # simple matcher with '*' glob character stringsMatcher=authz.fnmatchStrMatcher, # stringsMatcher = authz.Authz.reStrMatcher, # if you prefer # regular expressions allowRules=[ # admins can do anything, # defaultDeny=False: if user does not have the admin role, we # continue parsing rules AnyEndpointMatcher(role="admins", defaultDeny=False), # rules for viewing builds, builders, step logs # depending on the sourcestamp or buildername ViewBuildsEndpointMatcher(branch="secretbranch", role="agents"), ViewBuildsEndpointMatcher(project="secretproject", role="agents"), ViewBuildsEndpointMatcher(branch="*", role="*"), ViewBuildsEndpointMatcher(project="*", role="*"), StopBuildEndpointMatcher(role="owner"), RebuildBuildEndpointMatcher(role="owner"), # nine-* groups can do stuff on the nine branch BranchEndpointMatcher(branch="nine", role="nine-*"), # eight-* groups can do stuff on the eight branch BranchEndpointMatcher(branch="eight", role="eight-*"), # *-try groups can start "try" builds ForceBuildEndpointMatcher(builder="try", role="*-developers"), # *-mergers groups can start "merge" builds ForceBuildEndpointMatcher(builder="merge", role="*-mergers"), # *-releasers groups can start "release" builds ForceBuildEndpointMatcher(builder="release", role="*-releasers"), ], roleMatchers=[ RolesFromGroups(groupPrefix="buildbot-"), RolesFromEmails(admins=["*****@*****.**"], agents=["*****@*****.**"]), RolesFromOwner(role="owner") ]) self.users = dict(homer=dict(email="*****@*****.**"), bond=dict(email="*****@*****.**"), nineuser=dict(email="*****@*****.**", groups=[ "buildbot-nine-mergers", "buildbot-nine-developers" ]), eightuser=dict(email="*****@*****.**", groups=["buildbot-eight-deverlopers" ])) self.master = self.make_master(url='h:/a/b/', authz=authzcfg) self.authz = self.master.authz self.master.db.insertTestData([ fakedb.Builder(id=77, name="mybuilder"), fakedb.Master(id=88), fakedb.Worker(id=13, name='wrk'), fakedb.Buildset(id=8822), fakedb.BuildsetProperty( buildsetid=8822, property_name='owner', property_value='["*****@*****.**", "force"]'), fakedb.BuildRequest(id=82, buildsetid=8822, builderid=77), fakedb.Build(id=13, builderid=77, masterid=88, workerid=13, buildrequestid=82, number=3), fakedb.Build(id=14, builderid=77, masterid=88, workerid=13, buildrequestid=82, number=4), fakedb.Build(id=15, builderid=77, masterid=88, workerid=13, buildrequestid=82, number=5), ])