def set_up_authorization(settings): if bool(settings.do_auth): auth = util.GitHubAuth( clientId=str(settings.github_auth_id), clientSecret=str(settings.github_auth_secret), apiVersion=4, getTeamsMembership=True, ) authz = util.Authz( allowRules=[ # Admins can do anything. util.AnyEndpointMatcher(role="admins", defaultDeny=False), # Allow authors to stop, force or rebuild their own builds, # allow core devs to stop, force or rebuild any build. util.StopBuildEndpointMatcher(role="owner", defaultDeny=False), util.StopBuildEndpointMatcher( role="buildbot-owners", defaultDeny=False ), util.StopBuildEndpointMatcher(role="python-triage", defaultDeny=False), util.StopBuildEndpointMatcher(role="python-core"), util.RebuildBuildEndpointMatcher(role="owner", defaultDeny=False), util.RebuildBuildEndpointMatcher( role="python-triage", defaultDeny=False ), util.RebuildBuildEndpointMatcher( role="buildbot-owners", defaultDeny=False ), util.RebuildBuildEndpointMatcher(role="python-core"), util.ForceBuildEndpointMatcher(role="owner", defaultDeny=False), util.ForceBuildEndpointMatcher(role="python-triage", defaultDeny=False), util.ForceBuildEndpointMatcher(role="python-core"), # Allow release managers to enable/disable schedulers. util.EnableSchedulerEndpointMatcher(role="python-release-managers"), # Future-proof control endpoints. util.AnyControlEndpointMatcher(role="admins"), ], roleMatchers=[ util.RolesFromGroups(groupPrefix="python/"), util.RolesFromOwner(role="owner"), util.RolesFromUsername( roles=["admins"], usernames=[ "zware", "vstinner", "bitdancer", "pitrou", "pablogsal", ], ), ], ) else: log.err("WARNING: Web UI is completely open") # Completely open auth = NoAuth() authz = util.Authz() return auth, authz
def getAuthz(): authz = util.Authz( allowRules=[ # Admins can do anything. # defaultDeny=False: if user does not have the admin role, # we continue parsing rules. util.AnyEndpointMatcher(role="LLVM Lab team", defaultDeny=False), # Allow authors to stop, force or rebuild their own builds, util.StopBuildEndpointMatcher(role="owner", defaultDeny=False), # Allow bot owners to stop, force or rebuild on their own bots, util.StopBuildEndpointMatcher(role="worker-owner"), # allow devs to force or rebuild any build. util.RebuildBuildEndpointMatcher(role="owner", defaultDeny=False), util.RebuildBuildEndpointMatcher(role="worker-owner", defaultDeny=False), util.RebuildBuildEndpointMatcher(role="LLVM Committers"), util.ForceBuildEndpointMatcher(role="owner", defaultDeny=False), util.ForceBuildEndpointMatcher(role="worker-owner", defaultDeny=False), util.ForceBuildEndpointMatcher(role="LLVM Committers"), # Future-proof control endpoints. No parsing rules beyond this. # Allows anonymous to look at build results. util.AnyControlEndpointMatcher(role="LLVM Lab team"), ], roleMatchers=[ util.RolesFromGroups(groupPrefix="llvm/"), util.RolesFromGroups(groupPrefix="llvm/"), # role owner is granted when property owner matches the email of the user util.RolesFromOwner(role="owner"), ], ) return authz
www['authz'] = util.Authz( stringsMatcher=util.fnmatchStrMatcher, # simple matcher with '*' glob character # stringsMatcher = util.reStrMatcher, # if you prefer regular expressions allowRules=[ # admins can do anything, # defaultDeny=False: if user does not have the admin role, we continue parsing rules util.AnyEndpointMatcher(role=config.github_admin_group, defaultDeny=False), # Let owner stop its build util.StopBuildEndpointMatcher(role="owner"), # if future Buildbot implement new control, we are safe with this last rule util.AnyControlEndpointMatcher(role=config.github_admin_group) ], roleMatchers=[ util.RolesFromGroups(groupPrefix="{0}/".format(config.github_organization)), # role owner is granted when property owner matches the email of the user util.RolesFromOwner(role="owner") ] ) try: if len(config.www_port) == 2: www['port'] = "tcp:{1}:interface={0}".format(*config.www_port) elif len(config.www_port) == 1: www['port'] = "tcp:{0}".format(*config.www_port) else: raise Exception("www_port hasn't length 2") except TypeError: www['port'] = "tcp:{0}".format(config.www_port) if hasattr(config, 'irc') and config.irc: # This module will patch IRC reporter to make use of SASL
### Fetch users from json file users = [] admins = [] for user in json.load(open('../users.json')): if user['admin']: admins.append(user['user']) users.append((user['user'], user['pass'])) authz = util.Authz(allowRules=[ util.AnyEndpointMatcher(role='admins', defaultDeny=False), util.StopBuildEndpointMatcher(role='owner'), util.ForceBuildEndpointMatcher(role='users'), util.ForceBuildEndpointMatcher(role='users'), util.ForceBuildEndpointMatcher(role='users'), util.AnyControlEndpointMatcher(role='admins') ], roleMatchers=[ util.RolesFromUsername(roles=['admins'], usernames=admins), util.RolesFromUsername(roles=['users'], usernames=users), util.RolesFromOwner(role='owner') ]) ###################################################################### WWW = dict(port=8010, authz=authz, auth=util.UserPasswordAuth(users), plugins=dict(console_view={}, pullrequests=[opencv, contrib]))