Add support for credentials properties in authorization matrix

- Re-organize permissions alphabetically - Add job-status and job-move permissions Change-Id: I8712a367122f6fadcaf62d4b4f144beab981bed8 Co-Authored-By: Thanh Ha <thanh.ha@linuxfoundation.org> Co-Authored-By: Max Kovgan <kovganm@gmail.com> Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
2015-07-08 14:46:13 +02:00 · 2015-07-08 14:46:13 +02:00 · 43b776225b
commit 43b776225b
parent 71449dbed9
3 changed files with 70 additions and 16 deletions
--- a/jenkins_jobs/modules/properties.py
+++ b/jenkins_jobs/modules/properties.py
@ -304,38 +304,55 @@ def authorization(parser, xml_parent, data):
        the list of rights to grant.

       :<name> rights:
-            * **job-delete**
-            * **job-configure**
-            * **job-read**
-            * **job-extended-read**
-            * **job-discover**
+            * **credentials-create**
+            * **credentials-delete**
+            * **credentials-manage-domains**
+            * **credentials-update**
+            * **credentials-view**
            * **job-build**
-            * **job-workspace**
            * **job-cancel**
+            * **job-configure**
+            * **job-delete**
+            * **job-discover**
+            * **job-extended-read**
+            * **job-move**
+            * **job-read**
+            * **job-status**
+            * **job-workspace**
+            * **ownership-jobs**
            * **run-delete**
            * **run-update**
            * **scm-tag**

    Example:

-    .. literalinclude::
-        /../../tests/properties/fixtures/authorization_matrix.yaml
+    .. literalinclude:: /../../tests/properties/fixtures/authorization.yaml
       :language: yaml
-
    """

+    credentials = 'com.cloudbees.plugins.credentials.CredentialsProvider.'
+    ownership = 'com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin.'
+
    mapping = {
-        'job-delete': 'hudson.model.Item.Delete',
-        'job-configure': 'hudson.model.Item.Configure',
-        'job-read': 'hudson.model.Item.Read',
-        'job-extended-read': 'hudson.model.Item.ExtendedRead',
-        'job-discover': 'hudson.model.Item.Discover',
+        'credentials-create': ''.join((credentials, 'Create')),
+        'credentials-delete': ''.join((credentials, 'Delete')),
+        'credentials-manage-domains': ''.join((credentials, 'ManageDomains')),
+        'credentials-update': ''.join((credentials, 'Update')),
+        'credentials-view': ''.join((credentials, 'View')),
        'job-build': 'hudson.model.Item.Build',
-        'job-workspace': 'hudson.model.Item.Workspace',
        'job-cancel': 'hudson.model.Item.Cancel',
+        'job-configure': 'hudson.model.Item.Configure',
+        'job-delete': 'hudson.model.Item.Delete',
+        'job-discover': 'hudson.model.Item.Discover',
+        'job-extended-read': 'hudson.model.Item.ExtendedRead',
+        'job-move': 'hudson.model.Item.Move',
+        'job-read': 'hudson.model.Item.Read',
+        'job-status': 'hudson.model.Item.ViewStatus',
+        'job-workspace': 'hudson.model.Item.Workspace',
+        'ownership-jobs': ''.join((ownership, 'Jobs')),
        'run-delete': 'hudson.model.Run.Delete',
        'run-update': 'hudson.model.Run.Update',
-        'scm-tag': 'hudson.scm.SCM.Tag'
+        'scm-tag': 'hudson.scm.SCM.Tag',
    }

    if data:
--- a/tests/properties/fixtures/authorization.xml
+++ b/tests/properties/fixtures/authorization.xml
@ -2,6 +2,24 @@
 <project>
  <properties>
    <hudson.security.AuthorizationMatrixProperty>
+      <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:admin</permission>
+      <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:admin</permission>
+      <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:admin</permission>
+      <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:admin</permission>
+      <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:admin</permission>
+      <permission>hudson.model.Item.Build:admin</permission>
+      <permission>hudson.model.Item.Cancel:admin</permission>
+      <permission>hudson.model.Item.Configure:admin</permission>
+      <permission>hudson.model.Item.Delete:admin</permission>
+      <permission>hudson.model.Item.Discover:admin</permission>
+      <permission>hudson.model.Item.Move:admin</permission>
+      <permission>hudson.model.Item.Read:admin</permission>
+      <permission>hudson.model.Item.ViewStatus:admin</permission>
+      <permission>hudson.model.Item.Workspace:admin</permission>
+      <permission>com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin.Jobs:admin</permission>
+      <permission>hudson.model.Run.Delete:admin</permission>
+      <permission>hudson.model.Run.Update:admin</permission>
+      <permission>hudson.scm.SCM.Tag:admin</permission>
      <permission>hudson.model.Item.Read:anonymous</permission>
      <permission>hudson.model.Item.ExtendedRead:anonymous</permission>
    </hudson.security.AuthorizationMatrixProperty>
--- a/tests/properties/fixtures/authorization.yaml
+++ b/tests/properties/fixtures/authorization.yaml
@ -1,5 +1,24 @@
 properties:
    - authorization:
+        admin:
+            - credentials-create
+            - credentials-delete
+            - credentials-manage-domains
+            - credentials-update
+            - credentials-view
+            - job-build
+            - job-cancel
+            - job-configure
+            - job-delete
+            - job-discover
+            - job-move
+            - job-read
+            - job-status
+            - job-workspace
+            - ownership-jobs
+            - run-delete
+            - run-update
+            - scm-tag
        anonymous:
            - job-read
            - job-extended-read