Merge "Fix 'authorization' property one more time"

jenkins_jobs/modules/properties.py

@@ -527,7 +527,7 @@ def authenticated_build(registry, xml_parent, data):
     ).text = "hudson.model.Item.Build:authenticated"
 
 
-def authorization(registry, xml_parent, data):
+def authorization(registry, xml_parent, data, job_data):
     """yaml: authorization
     Specifies an authorization matrix
 
@@ -564,8 +564,7 @@ def authorization(registry, xml_parent, data):
        :language: yaml
     """
 
-    # check if it's a folder or a job
-    is_a_folder = data.pop("_is_a_folder", None) if data else False
+    is_a_folder = job_data.get("project-type") in ("folder", "multibranch")
 
     credentials = "com.cloudbees.plugins.credentials.CredentialsProvider."
     ownership = "com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin."
@@ -1469,15 +1468,4 @@ class Properties(jenkins_jobs.modules.base.Base):
             properties = XML.SubElement(xml_parent, "properties")
 
         for prop in data.get("properties", []):
-            # Pass a flag for folder permissions to the authorization method
-            if next(iter(prop)) == "authorization":
-                # Only projects are placed in folders
-                if "project-type" in data:
-                    if data["project-type"] in ("folder", "multibranch"):
-                        prop["authorization"]["_is_a_folder"] = True
-                    else:
-                        prop["authorization"]["_is_a_folder"] = False
-                else:
-                    prop["authorization"]["_is_a_folder"] = False
-
-            self.registry.dispatch("property", properties, prop)
+            self.registry.dispatch("property", properties, prop, job_data=data)

jenkins_jobs/registry.py

@@ -15,12 +15,15 @@
 
 # Manage Jenkins plugin module registry.
 
+import inspect
 import logging
 import operator
 import pkg_resources
 import re
 import types
 
+from six import PY2
+
 from jenkins_jobs.errors import JenkinsJobsException
 from jenkins_jobs.formatter import deep_format
 from jenkins_jobs.local_yaml import Jinja2Loader
@@ -29,6 +32,8 @@ __all__ = ["ModuleRegistry"]
 
 logger = logging.getLogger(__name__)
 
+getargspec = inspect.getargspec if PY2 else inspect.getfullargspec
+
 
 class ModuleRegistry(object):
     _entry_points_cache = {}
@@ -87,6 +92,14 @@ class ModuleRegistry(object):
 
         return plugins_info_dict
 
+    @staticmethod
+    def _filter_kwargs(func, **kwargs):
+        arg_spec = getargspec(func)
+        for name in list(kwargs.keys()):
+            if name not in arg_spec.args:
+                del kwargs[name]
+        return kwargs
+
     def get_plugin_info(self, plugin_name):
         """Provide information about plugins within a module's impl of Base.gen_xml.
 
@@ -141,7 +154,9 @@ class ModuleRegistry(object):
 
         return component_list_type
 
-    def dispatch(self, component_type, xml_parent, component, template_data={}):
+    def dispatch(
+        self, component_type, xml_parent, component, template_data={}, job_data=None
+    ):
         """This is a method that you can call from your implementation of
         Base.gen_xml or component.  It allows modules to define a type
         of component, and benefit from extensibility via Python
@@ -151,8 +166,10 @@ class ModuleRegistry(object):
           (e.g., `builder`)
         :arg YAMLParser parser: the global YAML Parser
         :arg Element xml_parent: the parent XML element
+        :arg component: component definition
         :arg dict template_data: values that should be interpolated into
           the component definition
+        :arg dict job_data: full job definition
 
         See :py:class:`jenkins_jobs.modules.base.Base` for how to register
         components of a module.
@@ -173,13 +190,16 @@ class ModuleRegistry(object):
             # The component is a singleton dictionary of name: dict(args)
             name, component_data = next(iter(component.items()))
             if template_data or isinstance(component_data, Jinja2Loader):
+                paramdict = {}
+                paramdict.update(template_data)
+                paramdict.update(job_data or {})
                 # Template data contains values that should be interpolated
                 # into the component definition.  To handle Jinja2 templates
                 # that don't contain any variables, we also deep format those.
                 try:
                     component_data = deep_format(
                         component_data,
-                        template_data,
+                        paramdict,
                         self.jjb_config.yamlparser["allow_empty_variables"],
                     )
                 except Exception:
@@ -280,10 +300,13 @@ class ModuleRegistry(object):
                 # Pass component_data in as template data to this function
                 # so that if the macro is invoked with arguments,
                 # the arguments are interpolated into the real defn.
-                self.dispatch(component_type, xml_parent, b, component_data)
+                self.dispatch(
+                    component_type, xml_parent, b, component_data, job_data=job_data
+                )
         elif name in eps:
             func = eps[name]
-            func(self, xml_parent, component_data)
+            kwargs = self._filter_kwargs(func, job_data=job_data)
+            func(self, xml_parent, component_data, **kwargs)
         else:
             raise JenkinsJobsException(
                 "Unknown entry point or macro '{0}' "

tests/yamlparser/fixtures/project-with-auth-j2-yaml.xml

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<project>
+  <actions/>
+  <description>&lt;!-- Managed by Jenkins Job Builder --&gt;</description>
+  <keepDependencies>false</keepDependencies>
+  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
+  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
+  <concurrentBuild>false</concurrentBuild>
+  <canRoam>true</canRoam>
+  <properties>
+    <hudson.security.AuthorizationMatrixProperty>
+      <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"/>
+      <permission>hudson.model.Item.Build:john</permission>
+      <permission>hudson.model.Item.Cancel:john</permission>
+      <permission>hudson.model.Item.Read:john</permission>
+      <permission>hudson.model.Item.Build:megan</permission>
+      <permission>hudson.model.Item.Cancel:megan</permission>
+      <permission>hudson.model.Item.Read:megan</permission>
+      <permission>hudson.model.Item.Build:steve</permission>
+      <permission>hudson.model.Item.Cancel:steve</permission>
+      <permission>hudson.model.Item.Read:steve</permission>
+    </hudson.security.AuthorizationMatrixProperty>
+  </properties>
+  <scm class="hudson.scm.NullSCM"/>
+  <builders/>
+  <publishers/>
+  <buildWrappers/>
+</project>

tests/yamlparser/fixtures/project-with-auth-j2-yaml.yaml

@@ -0,0 +1,14 @@
+- job:
+    name: test
+    authorized_people:
+    - john
+    - megan
+    - steve
+    properties:
+    - authorization: !j2-yaml: |
+        {% for user in authorized_people %}
+        {{ user }}:
+        - job-build
+        - job-cancel
+        - job-read
+        {% endfor %}

tests/yamlparser/fixtures/project-with-auth-properties.xml

@@ -13,10 +13,10 @@
   <concurrentBuild>false</concurrentBuild>
   <canRoam>true</canRoam>
   <properties>
-    <hudson.security.AuthorizationMatrixProperty>
+    <com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty>
       <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"/>
       <permission>hudson.model.Item.Build:auser</permission>
-    </hudson.security.AuthorizationMatrixProperty>
+    </com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty>
   </properties>
   <scm class="hudson.scm.NullSCM"/>
   <publishers/>