Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add per-project authorization for CI builds #737

Merged
merged 4 commits into from
Feb 5, 2020
Merged

Add per-project authorization for CI builds #737

merged 4 commits into from
Feb 5, 2020

Conversation

nuclearsandwich
Copy link
Contributor

Adds the ability to specify per-job (per-project in Jenkins parlance) XML configuration for access control.

I've added config field project_authorization_xml to the base BuildFile class but only wired it through for CI jobs where we currently want it.

In order for this configuration to be honored Jenkins Authorization must be configured to use the Project-based Matrix Authorization Strategy whereas the current buildfarm deployment default is Matrix-based security without per-project settings.

@nuclearsandwich
Add project_authorization_xml to build file.
2f7985b 
This config field expects a string of XML that is valid when nested
within a `<hudson.security.AuthorizationMatrixProperty>`.
@nuclearsandwich
Add project_authorization_xml property to CI jobs.
79a785a
@nuclearsandwich nuclearsandwich self-assigned this Feb 4, 2020
@nuclearsandwich nuclearsandwich mentioned this pull request Feb 4, 2020
Merged
@dirk-thomas
Copy link
Member

Please add the new config option to the docs.

@nuclearsandwich
Copy link
Contributor Author

Please add the new config option to the docs.

Added the documentation. I could see the logic in moving the block for this option into the CI build files section but I started with it in the general options since it's defined in the base build file.

@nuclearsandwich nuclearsandwich merged commit c5c80e4 into master Feb 5, 2020
@nuclearsandwich nuclearsandwich deleted the project-authorization branch February 5, 2020 05:51
gavanderhoorn
gavanderhoorn reviewed Feb 5, 2020
View reviewed changes
doc/configuration_options.rst
@@ -76,6 +76,13 @@ A set of options which can be used in any build file.
Note that yaml will turn bare words like ``yes`` into boolean values so it
is recommended to quote values to avoid interpretation.

* ``project_authorization_xml``: an XML blob which will be nested within a
``<hudson.security.AuthorizationMatrixProperty>`` in job builds.
This property is definied for all build files but as of `#737`_ is only
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This property is definied for all build files but as of `#737`_ is only
This property is defined for all build files but as of `#737`_ is only

@nuclearsandwich nuclearsandwich mentioned this pull request Feb 5, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gavanderhoorn gavanderhoorn gavanderhoorn left review comments

@dirk-thomas dirk-thomas dirk-thomas approved these changes

Assignees

@nuclearsandwich nuclearsandwich

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nuclearsandwich @dirk-thomas @gavanderhoorn