Configuring Authz as of the latest API.

1 files changed, 15 insertions, 6 deletions

diff --git a/buildbot/master.cfg b/buildbot/master.cfg
index 908ea15..f6699b9 100644
--- a/buildbot/master.cfg
+++ b/buildbot/master.cfg
@@ -455,12 +455,20 @@ c["titleURL"] = "https://taler.net"
 c["buildbotURL"] = "https://buildbot.taler.net/"
 
 from taler_bb_userpass_db import USER_PASSWORD_DB
-from buildbot.www.authz import authz
 
-authz_cfg = authz.Authz(auth=util.UserPasswordAuth(USER_PASSWORD_DB),
-                        forceBuild="auth",
-                        cancelPendingBuild=True,
-                        stopBuild=True)
+authz = util.authz.Authz(
+    allowRules=[
+        # Prevent _any_ action from being taken.
+        util.AnyEndpointMatcher(role="norole",
+                                defaultDeny=False),
+        # Unlock force-builds for admins.
+        util.ForceBuildEndpointMatcher(role=["admins"],
+                                       builder="switcher-builder")],
+    roleMarchers=[
+        util.RolesFromUsername(roles="admins",
+                               usernames=["marcello",
+                                          "florian",
+                                          "christian"])])
 
 # minimalistic config to activate new web UI
 c["www"] = {
@@ -470,7 +478,8 @@ c["www"] = {
         "console_view":{}},
     "allowed_origins": ["https://*.taler.net"],
     "avatar_methods": [],
-    "authz": authz_cfg}
+    "auth": util.UserPasswordAuth(USER_PASSWORD_DB),
+    "authz": authz}
 
 ####### DB URL