Add VOLTHADevs group permissions on jobs
- bump JJB version to 4.1.0
Change-Id: I7baeaf10c9c32f3f9f0da196c65d80ffd7b0a451
diff --git a/Makefile b/Makefile
index 1071410..cd0ef9d 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@
SHELL = bash -e -o pipefail
VENV_DIR ?= venv-jjb
-JJB_VERSION ?= 3.2.0
+JJB_VERSION ?= 4.1.0
JOBCONFIG_DIR ?= job-configs
$(VENV_DIR):
diff --git a/jjb/cord-macros.yaml b/jjb/cord-macros.yaml
index ff6c309..39517ab 100644
--- a/jjb/cord-macros.yaml
+++ b/jjb/cord-macros.yaml
@@ -161,39 +161,7 @@
target: '$HOME/.config/pip/pip.conf'
-# Sets permissions for job to be visible to AetherAccess only
-# (for Aether member-only repos).
-- property:
- name: cord-infra-aether-private
- properties:
- - raw:
- xml: |
- <hudson.security.AuthorizationMatrixProperty>
- <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.NonInheritingStrategy"/>
- <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:JenkinsPowerusers</permission>
- <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:JenkinsPowerusers</permission>
- <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:JenkinsPowerusers</permission>
- <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:JenkinsPowerusers</permission>
- <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Build:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Cancel:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Configure:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Delete:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Discover:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.ExtendedRead:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Move:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Read:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Workspace:JenkinsPowerusers</permission>
- <permission>hudson.model.Run.Delete:JenkinsPowerusers</permission>
- <permission>hudson.model.Run.Replay:JenkinsPowerusers</permission>
- <permission>hudson.model.Run.Update:JenkinsPowerusers</permission>
- <permission>hudson.model.Item.Discover:AetherAccess</permission>
- <permission>hudson.model.Item.Discover:anonymous</permission>
- <permission>hudson.model.Item.Discover:ONFStaff</permission>
- <permission>hudson.model.Item.Read:AetherAccess</permission>
- <permission>hudson.model.Item.Read:ONFStaff</permission>
- <permission>hudson.model.Item.ViewStatus:anonymous</permission>
- </hudson.security.AuthorizationMatrixProperty>
+
################## NEW and CONVERGED MACROS ###################
# Name matches macro in ONOS/Aether JJB, for future unification
@@ -207,6 +175,27 @@
days-to-keep: '{build-days-to-keep}'
artifact-num-to-keep: '{artifact-num-to-keep}'
+# Permissions specific to VOLTHA jobs
+# JJB supports this, but not the GROUP annotation which causes warnings
+# https://jenkins-job-builder.readthedocs.io/en/latest/properties.html?highlight=matrix#properties.authorization
+- property:
+ name: onf-infra-volthadevs-permissions
+ properties:
+ - raw:
+ xml: |
+ <hudson.security.AuthorizationMatrixProperty>
+ <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"/>
+ <permission>GROUP:hudson.model.Item.Build:VOLTHADevs</permission>
+ <permission>GROUP:hudson.model.Item.Cancel:VOLTHADevs</permission>
+ <permission>GROUP:hudson.model.Item.Configure:VOLTHADevs</permission>
+ <permission>GROUP:hudson.model.Item.Discover:VOLTHADevs</permission>
+ <permission>GROUP:hudson.model.Item.ExtendedRead:VOLTHADevs</permission>
+ <permission>GROUP:hudson.model.Item.Read:VOLTHADevs</permission>
+ <permission>GROUP:hudson.model.Item.Workspace:VOLTHADevs</permission>
+ <permission>GROUP:hudson.model.Run.Replay:VOLTHADevs</permission>
+ <permission>GROUP:hudson.model.Run.Update:VOLTHADevs</permission>
+ </hudson.security.AuthorizationMatrixProperty>
+
# wrapper to provide SSH key and fill in ~/.ssh/known_hosts file for use with rsync
- wrapper:
name: onf-infra-rsync-wrappers