commit f2ed994ed9b81f219c67579cecf6288ec37150ef
parent 29ba2c951366744ebea5afca9808e1a149670a0f
Author: Marcello Stanisci <stanisci.m@gmail.com>
Date: Tue, 4 Dec 2018 12:36:33 +0100
Configuring Authz as of the latest API.
Diffstat:
1 file changed, 15 insertions(+), 6 deletions(-)
diff --git a/buildbot/master.cfg b/buildbot/master.cfg
@@ -455,12 +455,20 @@ c["titleURL"] = "https://taler.net"
c["buildbotURL"] = "https://buildbot.taler.net/"
from taler_bb_userpass_db import USER_PASSWORD_DB
-from buildbot.www.authz import authz
-authz_cfg = authz.Authz(auth=util.UserPasswordAuth(USER_PASSWORD_DB),
- forceBuild="auth",
- cancelPendingBuild=True,
- stopBuild=True)
+authz = util.authz.Authz(
+ allowRules=[
+ # Prevent _any_ action from being taken.
+ util.AnyEndpointMatcher(role="norole",
+ defaultDeny=False),
+ # Unlock force-builds for admins.
+ util.ForceBuildEndpointMatcher(role=["admins"],
+ builder="switcher-builder")],
+ roleMarchers=[
+ util.RolesFromUsername(roles="admins",
+ usernames=["marcello",
+ "florian",
+ "christian"])])
# minimalistic config to activate new web UI
c["www"] = {
@@ -470,7 +478,8 @@ c["www"] = {
"console_view":{}},
"allowed_origins": ["https://*.taler.net"],
"avatar_methods": [],
- "authz": authz_cfg}
+ "auth": util.UserPasswordAuth(USER_PASSWORD_DB),
+ "authz": authz}
####### DB URL
