Add VOLTHADevs group permissions on jobs

- bump JJB version to 4.1.0

Change-Id: I7baeaf10c9c32f3f9f0da196c65d80ffd7b0a451
diff --git a/Makefile b/Makefile
index 1071410..cd0ef9d 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@
 
 SHELL = bash -e -o pipefail
 VENV_DIR      ?= venv-jjb
-JJB_VERSION   ?= 3.2.0
+JJB_VERSION   ?= 4.1.0
 JOBCONFIG_DIR ?= job-configs
 
 $(VENV_DIR):
diff --git a/jjb/cord-macros.yaml b/jjb/cord-macros.yaml
index ff6c309..39517ab 100644
--- a/jjb/cord-macros.yaml
+++ b/jjb/cord-macros.yaml
@@ -161,39 +161,7 @@
               target: '$HOME/.config/pip/pip.conf'
 
 
-# Sets permissions for job to be visible to AetherAccess only
-# (for Aether member-only repos).
-- property:
-    name: cord-infra-aether-private
-    properties:
-      - raw:
-          xml: |
-              <hudson.security.AuthorizationMatrixProperty>
-                <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.NonInheritingStrategy"/>
-                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:JenkinsPowerusers</permission>
-                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:JenkinsPowerusers</permission>
-                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:JenkinsPowerusers</permission>
-                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:JenkinsPowerusers</permission>
-                <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:JenkinsPowerusers</permission>
-                <permission>hudson.model.Item.Build:JenkinsPowerusers</permission>
-                <permission>hudson.model.Item.Cancel:JenkinsPowerusers</permission>
-                <permission>hudson.model.Item.Configure:JenkinsPowerusers</permission>
-                <permission>hudson.model.Item.Delete:JenkinsPowerusers</permission>
-                <permission>hudson.model.Item.Discover:JenkinsPowerusers</permission>
-                <permission>hudson.model.Item.ExtendedRead:JenkinsPowerusers</permission>
-                <permission>hudson.model.Item.Move:JenkinsPowerusers</permission>
-                <permission>hudson.model.Item.Read:JenkinsPowerusers</permission>
-                <permission>hudson.model.Item.Workspace:JenkinsPowerusers</permission>
-                <permission>hudson.model.Run.Delete:JenkinsPowerusers</permission>
-                <permission>hudson.model.Run.Replay:JenkinsPowerusers</permission>
-                <permission>hudson.model.Run.Update:JenkinsPowerusers</permission>
-                <permission>hudson.model.Item.Discover:AetherAccess</permission>
-                <permission>hudson.model.Item.Discover:anonymous</permission>
-                <permission>hudson.model.Item.Discover:ONFStaff</permission>
-                <permission>hudson.model.Item.Read:AetherAccess</permission>
-                <permission>hudson.model.Item.Read:ONFStaff</permission>
-                <permission>hudson.model.Item.ViewStatus:anonymous</permission>
-              </hudson.security.AuthorizationMatrixProperty>
+
 
 ################## NEW and CONVERGED MACROS ###################
 # Name matches macro in ONOS/Aether JJB, for future unification
@@ -207,6 +175,27 @@
           days-to-keep: '{build-days-to-keep}'
           artifact-num-to-keep: '{artifact-num-to-keep}'
 
+# Permissions specific to VOLTHA jobs
+# JJB supports this, but not the GROUP annotation which causes warnings
+# https://jenkins-job-builder.readthedocs.io/en/latest/properties.html?highlight=matrix#properties.authorization
+- property:
+    name: onf-infra-volthadevs-permissions
+    properties:
+      - raw:
+          xml: |
+            <hudson.security.AuthorizationMatrixProperty>
+              <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"/>
+              <permission>GROUP:hudson.model.Item.Build:VOLTHADevs</permission>
+              <permission>GROUP:hudson.model.Item.Cancel:VOLTHADevs</permission>
+              <permission>GROUP:hudson.model.Item.Configure:VOLTHADevs</permission>
+              <permission>GROUP:hudson.model.Item.Discover:VOLTHADevs</permission>
+              <permission>GROUP:hudson.model.Item.ExtendedRead:VOLTHADevs</permission>
+              <permission>GROUP:hudson.model.Item.Read:VOLTHADevs</permission>
+              <permission>GROUP:hudson.model.Item.Workspace:VOLTHADevs</permission>
+              <permission>GROUP:hudson.model.Run.Replay:VOLTHADevs</permission>
+              <permission>GROUP:hudson.model.Run.Update:VOLTHADevs</permission>
+            </hudson.security.AuthorizationMatrixProperty>
+
 # wrapper to provide SSH key and fill in ~/.ssh/known_hosts file for use with rsync
 - wrapper:
     name: onf-infra-rsync-wrappers