Add support for full authorization matrices

Change-Id: I387ea1d006f3d1a053cb7e88afc9fe99ea010a5c
Reviewed-on: https://review.openstack.org/15021
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
This commit is contained in:
Tollef Fog Heen 2012-10-30 12:18:27 +01:00 committed by Jenkins
parent f2e3b038ff
commit e1689c112f
2 changed files with 61 additions and 0 deletions
jenkins_jobs/modules
setup.py

@ -138,6 +138,8 @@ def authenticated_build(parser, xml_parent, data):
Specifies an authorization matrix where only authenticated users
may trigger a build.
DEPRECATED
Example::
properties:
@ -151,6 +153,64 @@ def authenticated_build(parser, xml_parent, data):
'hudson.model.Item.Build:authenticated'
def authorization(parser, xml_parent, data):
"""yaml: authorization
Specifies an authorization matrix
The available rights are:
job-delete
job-configure
job-read
job-discover
job-build
job-workspace
job-cancel
run-delete
run-update
scm-tag
Example::
properties:
- authorization:
admin:
- job-delete
- job-configure
- job-read
- job-discover
- job-build
- job-workspace
- job-cancel
- run-delete
- run-update
- scm-tag
anonymous:
- job-discover
- job-read
"""
mapping = {
'job-delete': 'hudson.model.Item.Delete',
'job-configure': 'hudson.model.Item.Configure',
'job-read': 'hudson.model.Item.Read',
'job-discover': 'hudson.model.Item.Discover',
'job-build': 'hudson.model.Item.Build',
'job-workspace': 'hudson.model.Item.Workspace',
'job-cancel': 'hudson.model.Item.Cancel',
'run-delete': 'hudson.model.Run.Delete',
'run-update': 'hudson.model.Run.Update',
'scm-tag': 'hudson.scm.SCM.Tag'
}
if data:
matrix = XML.SubElement(xml_parent,
'hudson.security.AuthorizationMatrixProperty')
for (username, perms) in data.items():
for perm in perms:
pe = XML.SubElement(matrix, 'permission')
pe.text = "{0}:{1}".format(mapping[perm], username)
class Properties(jenkins_jobs.modules.base.Base):
sequence = 20

@ -47,6 +47,7 @@ setup(name='jenkins_job_builder',
'inject=jenkins_jobs.modules.properties:inject',
'authenticated-build=jenkins_jobs.modules.properties:'
'authenticated_build',
'authorization=jenkins_jobs.modules.properties:authorization',
],
'jenkins_jobs.parameters': [
'string=jenkins_jobs.modules.parameters:string_param',