Add support for credentials properties in authorization matrix

- Re-organize permissions alphabetically - Add job-status and job-move permissions Change-Id: I8712a367122f6fadcaf62d4b4f144beab981bed8 Co-Authored-By: Thanh Ha <thanh.ha@linuxfoundation.org> Co-Authored-By: Max Kovgan <kovganm@gmail.com> Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
2015-07-08 14:46:13 +02:00 · 2015-07-08 14:46:13 +02:00 · 43b776225b
commit 43b776225b
parent 71449dbed9
3 changed files with 70 additions and 16 deletions
--- a/jenkins_jobs/modules/properties.py
+++ b/jenkins_jobs/modules/properties.py
@ -304,38 +304,55 @@ def authorization(parser, xml_parent, data):
        the list of rights to grant.
       :<name> rights:
-            * **job-delete**
+            * **credentials-create**
-            * **job-configure**
+            * **credentials-delete**
-            * **job-read**
+            * **credentials-manage-domains**
-            * **job-extended-read**
+            * **credentials-update**
-            * **job-discover**
+            * **credentials-view**
            * **job-build**
            * **job-workspace**
            * **job-cancel**
            * **job-configure**
            * **job-delete**
            * **job-discover**
            * **job-extended-read**
            * **job-move**
            * **job-read**
            * **job-status**
            * **job-workspace**
            * **ownership-jobs**
            * **run-delete**
            * **run-update**
            * **scm-tag**
    Example:
-    .. literalinclude::
+    .. literalinclude:: /../../tests/properties/fixtures/authorization.yaml
        /../../tests/properties/fixtures/authorization_matrix.yaml
       :language: yaml
    """
    credentials = 'com.cloudbees.plugins.credentials.CredentialsProvider.'
    ownership = 'com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin.'
    mapping = {
-        'job-delete': 'hudson.model.Item.Delete',
+        'credentials-create': ''.join((credentials, 'Create')),
-        'job-configure': 'hudson.model.Item.Configure',
+        'credentials-delete': ''.join((credentials, 'Delete')),
-        'job-read': 'hudson.model.Item.Read',
+        'credentials-manage-domains': ''.join((credentials, 'ManageDomains')),
-        'job-extended-read': 'hudson.model.Item.ExtendedRead',
+        'credentials-update': ''.join((credentials, 'Update')),
-        'job-discover': 'hudson.model.Item.Discover',
+        'credentials-view': ''.join((credentials, 'View')),
        'job-build': 'hudson.model.Item.Build',
        'job-workspace': 'hudson.model.Item.Workspace',
        'job-cancel': 'hudson.model.Item.Cancel',
        'job-configure': 'hudson.model.Item.Configure',
        'job-delete': 'hudson.model.Item.Delete',
        'job-discover': 'hudson.model.Item.Discover',
        'job-extended-read': 'hudson.model.Item.ExtendedRead',
        'job-move': 'hudson.model.Item.Move',
        'job-read': 'hudson.model.Item.Read',
        'job-status': 'hudson.model.Item.ViewStatus',
        'job-workspace': 'hudson.model.Item.Workspace',
        'ownership-jobs': ''.join((ownership, 'Jobs')),
        'run-delete': 'hudson.model.Run.Delete',
        'run-update': 'hudson.model.Run.Update',
-        'scm-tag': 'hudson.scm.SCM.Tag'
+        'scm-tag': 'hudson.scm.SCM.Tag',
    }
    if data:
--- a/tests/properties/fixtures/authorization.xml
+++ b/tests/properties/fixtures/authorization.xml
@ -2,6 +2,24 @@
 <project>
  <properties>
    <hudson.security.AuthorizationMatrixProperty>
      <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:admin</permission>
      <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:admin</permission>
      <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:admin</permission>
      <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:admin</permission>
      <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:admin</permission>
      <permission>hudson.model.Item.Build:admin</permission>
      <permission>hudson.model.Item.Cancel:admin</permission>
      <permission>hudson.model.Item.Configure:admin</permission>
      <permission>hudson.model.Item.Delete:admin</permission>
      <permission>hudson.model.Item.Discover:admin</permission>
      <permission>hudson.model.Item.Move:admin</permission>
      <permission>hudson.model.Item.Read:admin</permission>
      <permission>hudson.model.Item.ViewStatus:admin</permission>
      <permission>hudson.model.Item.Workspace:admin</permission>
      <permission>com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin.Jobs:admin</permission>
      <permission>hudson.model.Run.Delete:admin</permission>
      <permission>hudson.model.Run.Update:admin</permission>
      <permission>hudson.scm.SCM.Tag:admin</permission>
      <permission>hudson.model.Item.Read:anonymous</permission>
      <permission>hudson.model.Item.ExtendedRead:anonymous</permission>
    </hudson.security.AuthorizationMatrixProperty>
--- a/tests/properties/fixtures/authorization.yaml
+++ b/tests/properties/fixtures/authorization.yaml
@ -1,5 +1,24 @@
 properties:
    - authorization:
        admin:
            - credentials-create
            - credentials-delete
            - credentials-manage-domains
            - credentials-update
            - credentials-view
            - job-build
            - job-cancel
            - job-configure
            - job-delete
            - job-discover
            - job-move
            - job-read
            - job-status
            - job-workspace
            - ownership-jobs
            - run-delete
            - run-update
            - scm-tag
        anonymous:
            - job-read
            - job-extended-read