コード例 #1
0
ファイル: www.py プロジェクト: wjp/scummvm-docker
def make_www(port, auth_role, secrets, is_dev_env):
    if is_dev_env:
        auth = UserPasswordAuth({"user": "******"})
        role_matcher = RolesFromUsername(roles=[auth_role], usernames=["user"])
    else:
        auth = GitHubAuth(clientId=secrets["github_client_id"],
                          clientSecret=secrets["github_client_secret"])
        role_matcher = RolesFromGroups()

    return {
        "auth":
        auth,
        "authz":
        Authz(allowRules=[AnyControlEndpointMatcher(role=auth_role)],
              roleMatchers=[role_matcher]),
        "change_hook_dialects": {
            "github": {
                "secret": secrets["github_hook_secret"],
                "strict": True
            }
        },
        "plugins": {
            "console_view": True,
            "grid_view": True,
            "waterfall_view": True
        },
        "port":
        port
    }
コード例 #2
0
ファイル: www.py プロジェクト: scality/eve
def authz():
    if not util.env.OAUTH2_CLIENT_ID and not util.env.WWW_PLAIN_LOGIN:
        return Authz()

    if util.env.OAUTH2_CLIENT_ID:
        role_matchers = [RolesFromGroups()]
    else:
        util.env.OAUTH2_GROUP = 'admin'
        role_matchers = [
            RolesFromUsername(
                roles=[util.env.OAUTH2_GROUP],
                usernames=[util.env.WWW_PLAIN_LOGIN],
            )
        ]
    return Authz(
        allowRules=[
            DenyRebuildIntermediateBuild(util.env.BOOTSTRAP_BUILDER_NAME,
                                         role='*'),
            AnyEndpointMatcher(role=util.env.OAUTH2_GROUP),
        ],
        roleMatchers=role_matchers,
    )
コード例 #3
0
    def setUp(self):
        authzcfg = authz.Authz(
            # simple matcher with '*' glob character
            stringsMatcher=authz.fnmatchStrMatcher,
            # stringsMatcher = authz.Authz.reStrMatcher,  # if you prefer
            # regular expressions
            allowRules=[
                # admins can do anything,
                # defaultDeny=False: if user does not have the admin role, we
                # continue parsing rules
                AnyEndpointMatcher(role="admins", defaultDeny=False),

                # rules for viewing builds, builders, step logs
                # depending on the sourcestamp or buildername
                ViewBuildsEndpointMatcher(branch="secretbranch",
                                          role="agents"),
                ViewBuildsEndpointMatcher(project="secretproject",
                                          role="agents"),
                ViewBuildsEndpointMatcher(branch="*", role="*"),
                ViewBuildsEndpointMatcher(project="*", role="*"),
                StopBuildEndpointMatcher(role="owner"),
                RebuildBuildEndpointMatcher(role="owner"),

                # nine-* groups can do stuff on the nine branch
                BranchEndpointMatcher(branch="nine", role="nine-*"),
                # eight-* groups can do stuff on the eight branch
                BranchEndpointMatcher(branch="eight", role="eight-*"),

                # *-try groups can start "try" builds
                ForceBuildEndpointMatcher(builder="try", role="*-developers"),
                # *-mergers groups can start "merge" builds
                ForceBuildEndpointMatcher(builder="merge", role="*-mergers"),
                # *-releasers groups can start "release" builds
                ForceBuildEndpointMatcher(builder="release",
                                          role="*-releasers"),
            ],
            roleMatchers=[
                RolesFromGroups(groupPrefix="buildbot-"),
                RolesFromEmails(admins=["*****@*****.**"],
                                agents=["*****@*****.**"]),
                RolesFromOwner(role="owner")
            ])
        self.users = dict(homer=dict(email="*****@*****.**"),
                          bond=dict(email="*****@*****.**"),
                          nineuser=dict(email="*****@*****.**",
                                        groups=[
                                            "buildbot-nine-mergers",
                                            "buildbot-nine-developers"
                                        ]),
                          eightuser=dict(email="*****@*****.**",
                                         groups=["buildbot-eight-deverlopers"
                                                 ]))
        self.master = self.make_master(url='h:/a/b/', authz=authzcfg)
        self.authz = self.master.authz
        self.master.db.insertTestData([
            fakedb.Builder(id=77, name="mybuilder"),
            fakedb.Master(id=88),
            fakedb.Worker(id=13, name='wrk'),
            fakedb.Buildset(id=8822),
            fakedb.BuildsetProperty(
                buildsetid=8822,
                property_name='owner',
                property_value='["*****@*****.**", "force"]'),
            fakedb.BuildRequest(id=82, buildsetid=8822, builderid=77),
            fakedb.Build(id=13,
                         builderid=77,
                         masterid=88,
                         workerid=13,
                         buildrequestid=82,
                         number=3),
            fakedb.Build(id=14,
                         builderid=77,
                         masterid=88,
                         workerid=13,
                         buildrequestid=82,
                         number=4),
            fakedb.Build(id=15,
                         builderid=77,
                         masterid=88,
                         workerid=13,
                         buildrequestid=82,
                         number=5),
        ])