def test_rebuildBuild(self):
# admin can rebuild
yield self.assertUserAllowed("builds/13", "rebuild", {}, "homer")
# owner can always rebuild
yield self.assertUserAllowed("builds/13", "rebuild", {}, "nineuser")
# not owner cannot rebuild
yield self.assertUserForbidden("builds/13", "rebuild", {}, "eightuser")
# can rebuild build with matching builder
allow_rules = [
RebuildBuildEndpointMatcher(role="eight-*", builder="mybuilder"),
AnyEndpointMatcher(role="admins"),
]
self.setAllowRules(allow_rules)
yield self.assertUserAllowed("builds/13", "rebuild", {}, "eightuser")
yield self.assertUserForbidden("builds/999", "rebuild", {},
"eightuser")
# cannot rebuild build with non-matching builder
allow_rules = [
RebuildBuildEndpointMatcher(role="eight-*", builder="foo"),
AnyEndpointMatcher(role="admins"),
]
self.setAllowRules(allow_rules)
yield self.assertUserForbidden("builds/13", "rebuild", {}, "eightuser")
def setUp(self):
authzcfg = authz.Authz(
# simple matcher with '*' glob character
stringsMatcher=authz.fnmatchStrMatcher,
# stringsMatcher = authz.Authz.reStrMatcher, # if you prefer
# regular expressions
allowRules=[
# admins can do anything,
# defaultDeny=False: if user does not have the admin role, we
# continue parsing rules
AnyEndpointMatcher(role="admins", defaultDeny=False),
# rules for viewing builds, builders, step logs
# depending on the sourcestamp or buildername
ViewBuildsEndpointMatcher(branch="secretbranch",
role="agents"),
ViewBuildsEndpointMatcher(project="secretproject",
role="agents"),
ViewBuildsEndpointMatcher(branch="*", role="*"),
ViewBuildsEndpointMatcher(project="*", role="*"),
StopBuildEndpointMatcher(role="owner"),
RebuildBuildEndpointMatcher(role="owner"),
# nine-* groups can do stuff on the nine branch
BranchEndpointMatcher(branch="nine", role="nine-*"),
# eight-* groups can do stuff on the eight branch
BranchEndpointMatcher(branch="eight", role="eight-*"),
# *-try groups can start "try" builds
ForceBuildEndpointMatcher(builder="try", role="*-developers"),
# *-mergers groups can start "merge" builds
ForceBuildEndpointMatcher(builder="merge", role="*-mergers"),
# *-releasers groups can start "release" builds
ForceBuildEndpointMatcher(builder="release",
role="*-releasers"),
],
roleMatchers=[
RolesFromGroups(groupPrefix="buildbot-"),
RolesFromEmails(admins=["*****@*****.**"],
agents=["*****@*****.**"]),
RolesFromOwner(role="owner")
])
self.users = dict(homer=dict(email="*****@*****.**"),
bond=dict(email="*****@*****.**"),
nineuser=dict(email="*****@*****.**",
groups=[
"buildbot-nine-mergers",
"buildbot-nine-developers"
]),
eightuser=dict(email="*****@*****.**",
groups=["buildbot-eight-deverlopers"
]))
self.master = self.make_master(url='h:/a/b/', authz=authzcfg)
self.authz = self.master.authz
self.master.db.insertTestData([
fakedb.Builder(id=77, name="mybuilder"),
fakedb.Master(id=88),
fakedb.Worker(id=13, name='wrk'),
fakedb.Buildset(id=8822),
fakedb.BuildsetProperty(
buildsetid=8822,
property_name='owner',
property_value='["*****@*****.**", "force"]'),
fakedb.BuildRequest(id=82, buildsetid=8822, builderid=77),
fakedb.Build(id=13,
builderid=77,
masterid=88,
workerid=13,
buildrequestid=82,
number=3),
fakedb.Build(id=14,
builderid=77,
masterid=88,
workerid=13,
buildrequestid=82,
number=4),
fakedb.Build(id=15,
builderid=77,
masterid=88,
workerid=13,
buildrequestid=82,
number=5),
])