STORY: 2009856
added support for Matrix Authorization Stategy 3.0+ version Change-Id: I46521033d9fd6f7f4ae59d8784f9fbfdd49958ed
This commit is contained in:
trunov_ms
Max Trunov
parent
24f867fa73
commit
2aec5fc2e6
@ -530,10 +530,24 @@ def authenticated_build(registry, xml_parent, data):
|
|||||||
def authorization(registry, xml_parent, data, job_data):
|
def authorization(registry, xml_parent, data, job_data):
|
||||||
"""yaml: authorization
|
"""yaml: authorization
|
||||||
Specifies an authorization matrix
|
Specifies an authorization matrix
|
||||||
|
In 3.0 version of plugin was added support for explicitly assigning permissions
|
||||||
|
to groups or users with a given name to prevent confusion when names match either.
|
||||||
|
|
||||||
.. _authorization:
|
.. _authorization:
|
||||||
|
|
||||||
|
For *matrix-auth >= 3.0*
|
||||||
|
|
||||||
|
:arg list prefix:<name>:
|
||||||
|
* `prefix`
|
||||||
|
* **GROUP**
|
||||||
|
* **USER**
|
||||||
|
* `<name>` is the name of the group or user, containing
|
||||||
|
|
||||||
|
For *matrix-auth < 3.0*
|
||||||
|
|
||||||
:arg list <name>: `<name>` is the name of the group or user, containing
|
:arg list <name>: `<name>` is the name of the group or user, containing
|
||||||
|
|
||||||
|
|
||||||
the list of rights to grant.
|
the list of rights to grant.
|
||||||
|
|
||||||
:<name> rights:
|
:<name> rights:
|
||||||
@ -610,6 +624,15 @@ def authorization(registry, xml_parent, data, job_data):
|
|||||||
for perm in perms:
|
for perm in perms:
|
||||||
pe = XML.SubElement(matrix, "permission")
|
pe = XML.SubElement(matrix, "permission")
|
||||||
try:
|
try:
|
||||||
|
if username.upper().startswith(
|
||||||
|
"GROUP:"
|
||||||
|
) or username.upper().startswith("USER:"):
|
||||||
|
pe.text = "{0}:{1}:{2}".format(
|
||||||
|
username.split(":")[0].upper(),
|
||||||
|
mapping[perm],
|
||||||
|
username.split(":")[1],
|
||||||
|
)
|
||||||
|
else:
|
||||||
pe.text = "{0}:{1}".format(mapping[perm], username)
|
pe.text = "{0}:{1}".format(mapping[perm], username)
|
||||||
except KeyError:
|
except KeyError:
|
||||||
raise InvalidAttributeError(username, perm, mapping.keys())
|
raise InvalidAttributeError(username, perm, mapping.keys())
|
||||||
|
|||||||
@ -3,27 +3,30 @@
|
|||||||
<properties>
|
<properties>
|
||||||
<hudson.security.AuthorizationMatrixProperty>
|
<hudson.security.AuthorizationMatrixProperty>
|
||||||
<inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"/>
|
<inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"/>
|
||||||
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:admin</permission>
|
<permission>USER:com.cloudbees.plugins.credentials.CredentialsProvider.Create:admin</permission>
|
||||||
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:admin</permission>
|
<permission>USER:com.cloudbees.plugins.credentials.CredentialsProvider.Delete:admin</permission>
|
||||||
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:admin</permission>
|
<permission>USER:com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:admin</permission>
|
||||||
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:admin</permission>
|
<permission>USER:com.cloudbees.plugins.credentials.CredentialsProvider.Update:admin</permission>
|
||||||
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:admin</permission>
|
<permission>USER:com.cloudbees.plugins.credentials.CredentialsProvider.View:admin</permission>
|
||||||
<permission>hudson.model.Item.Build:admin</permission>
|
<permission>USER:hudson.model.Item.Build:admin</permission>
|
||||||
<permission>hudson.model.Item.Cancel:admin</permission>
|
<permission>USER:hudson.model.Item.Cancel:admin</permission>
|
||||||
<permission>hudson.model.Item.Configure:admin</permission>
|
<permission>USER:hudson.model.Item.Configure:admin</permission>
|
||||||
<permission>hudson.model.Item.Delete:admin</permission>
|
<permission>USER:hudson.model.Item.Delete:admin</permission>
|
||||||
<permission>hudson.model.Item.Discover:admin</permission>
|
<permission>USER:hudson.model.Item.Discover:admin</permission>
|
||||||
<permission>hudson.model.Item.Move:admin</permission>
|
<permission>USER:hudson.model.Item.Move:admin</permission>
|
||||||
<permission>hudson.model.Item.Read:admin</permission>
|
<permission>USER:hudson.model.Item.Read:admin</permission>
|
||||||
<permission>hudson.model.Item.ViewStatus:admin</permission>
|
<permission>USER:hudson.model.Item.ViewStatus:admin</permission>
|
||||||
<permission>hudson.model.Item.Workspace:admin</permission>
|
<permission>USER:hudson.model.Item.Workspace:admin</permission>
|
||||||
<permission>com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin.Jobs:admin</permission>
|
<permission>USER:com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin.Jobs:admin</permission>
|
||||||
<permission>hudson.model.Run.Delete:admin</permission>
|
<permission>USER:hudson.model.Run.Delete:admin</permission>
|
||||||
<permission>hudson.model.Run.Replay:admin</permission>
|
<permission>USER:hudson.model.Run.Replay:admin</permission>
|
||||||
<permission>hudson.model.Run.Update:admin</permission>
|
<permission>USER:hudson.model.Run.Update:admin</permission>
|
||||||
<permission>hudson.scm.SCM.Tag:admin</permission>
|
<permission>USER:hudson.scm.SCM.Tag:admin</permission>
|
||||||
<permission>hudson.model.Item.Read:anonymous</permission>
|
<permission>GROUP:hudson.model.Item.Read:anonymous</permission>
|
||||||
<permission>hudson.model.Item.ExtendedRead:anonymous</permission>
|
<permission>GROUP:hudson.model.Item.ExtendedRead:anonymous</permission>
|
||||||
|
<permission>hudson.model.Item.Read:authenticated</permission>
|
||||||
|
<permission>hudson.model.Item.Discover:authenticated</permission>
|
||||||
|
<permission>hudson.model.Item.ExtendedRead:authenticated</permission>
|
||||||
</hudson.security.AuthorizationMatrixProperty>
|
</hudson.security.AuthorizationMatrixProperty>
|
||||||
</properties>
|
</properties>
|
||||||
</project>
|
</project>
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
properties:
|
properties:
|
||||||
- authorization:
|
- authorization:
|
||||||
admin:
|
USER:admin:
|
||||||
- credentials-create
|
- credentials-create
|
||||||
- credentials-delete
|
- credentials-delete
|
||||||
- credentials-manage-domains
|
- credentials-manage-domains
|
||||||
@ -20,6 +20,10 @@ properties:
|
|||||||
- run-replay
|
- run-replay
|
||||||
- run-update
|
- run-update
|
||||||
- scm-tag
|
- scm-tag
|
||||||
anonymous:
|
GROUP:anonymous:
|
||||||
- job-read
|
- job-read
|
||||||
- job-extended-read
|
- job-extended-read
|
||||||
|
authenticated:
|
||||||
|
- job-read
|
||||||
|
- job-discover
|
||||||
|
- job-extended-read
|
||||||
|
|||||||
@ -3,20 +3,22 @@
|
|||||||
<properties>
|
<properties>
|
||||||
<hudson.security.AuthorizationMatrixProperty>
|
<hudson.security.AuthorizationMatrixProperty>
|
||||||
<inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"/>
|
<inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"/>
|
||||||
<permission>hudson.model.Item.Delete:admin</permission>
|
<permission>USER:hudson.model.Item.Delete:admin</permission>
|
||||||
<permission>hudson.model.Item.Configure:admin</permission>
|
<permission>USER:hudson.model.Item.Configure:admin</permission>
|
||||||
<permission>hudson.model.Item.Read:admin</permission>
|
<permission>USER:hudson.model.Item.Read:admin</permission>
|
||||||
<permission>hudson.model.Item.Discover:admin</permission>
|
<permission>USER:hudson.model.Item.Discover:admin</permission>
|
||||||
<permission>hudson.model.Item.Build:admin</permission>
|
<permission>USER:hudson.model.Item.Build:admin</permission>
|
||||||
<permission>hudson.model.Item.Workspace:admin</permission>
|
<permission>USER:hudson.model.Item.Workspace:admin</permission>
|
||||||
<permission>hudson.model.Item.Cancel:admin</permission>
|
<permission>USER:hudson.model.Item.Cancel:admin</permission>
|
||||||
<permission>hudson.model.Run.Delete:admin</permission>
|
<permission>USER:hudson.model.Run.Delete:admin</permission>
|
||||||
<permission>hudson.model.Run.Replay:admin</permission>
|
<permission>USER:hudson.model.Run.Replay:admin</permission>
|
||||||
<permission>hudson.model.Run.Update:admin</permission>
|
<permission>USER:hudson.model.Run.Update:admin</permission>
|
||||||
<permission>hudson.scm.SCM.Tag:admin</permission>
|
<permission>USER:hudson.scm.SCM.Tag:admin</permission>
|
||||||
<permission>hudson.model.Item.Discover:anonymous</permission>
|
<permission>GROUP:hudson.model.Item.Discover:anonymous</permission>
|
||||||
<permission>hudson.model.Item.Read:anonymous</permission>
|
<permission>GROUP:hudson.model.Item.Read:anonymous</permission>
|
||||||
<permission>hudson.model.Item.ExtendedRead:anonymous</permission>
|
<permission>GROUP:hudson.model.Item.ExtendedRead:anonymous</permission>
|
||||||
|
<permission>hudson.model.Item.Discover:authenticated</permission>
|
||||||
|
<permission>hudson.model.Item.Read:authenticated</permission>
|
||||||
</hudson.security.AuthorizationMatrixProperty>
|
</hudson.security.AuthorizationMatrixProperty>
|
||||||
</properties>
|
</properties>
|
||||||
</project>
|
</project>
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
properties:
|
properties:
|
||||||
- authorization:
|
- authorization:
|
||||||
admin:
|
USER:admin:
|
||||||
- job-delete
|
- job-delete
|
||||||
- job-configure
|
- job-configure
|
||||||
- job-read
|
- job-read
|
||||||
@ -12,7 +12,10 @@ properties:
|
|||||||
- run-replay
|
- run-replay
|
||||||
- run-update
|
- run-update
|
||||||
- scm-tag
|
- scm-tag
|
||||||
anonymous:
|
GROUP:anonymous:
|
||||||
- job-discover
|
- job-discover
|
||||||
- job-read
|
- job-read
|
||||||
- job-extended-read
|
- job-extended-read
|
||||||
|
authenticated:
|
||||||
|
- job-discover
|
||||||
|
- job-read
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user