buildbot

Buildbot configurations
git clone git://git.danielmoch.com/buildbot.git
Log | Files | Refs

commit 6bd130e1d0d8c8a477875be3709d042c6277349b
parent aa1bb8380f8bfe19e6bf431ba4823319d7a3aba6
Author: Daniel Moch <daniel@danielmoch.com>
Date:   Sun,  9 Dec 2018 22:37:37 -0500

Add authentication roles/rules

Diffstat:
Mserver/master.cfg | 35+++++++++++++++++++++++++----------
1 file changed, 25 insertions(+), 10 deletions(-)

diff --git a/server/master.cfg b/server/master.cfg @@ -7,15 +7,6 @@ import pam from buildbot.plugins import * -# Use PAM for authentication -class PamAuth(util.CustomAuth): - def check_credentials(self, username, passwd): - if username in grp.getgrnam('buildbot').gr_mem: - p = pam.pam() - return pam.authenticate(username, passwd) - else: - return False - # This is the dictionary that the buildmaster pays attention to. We also use # a shorter alias to save typing. c = BuildmasterConfig = {} @@ -113,6 +104,29 @@ c['builders'].append( c['services'] = [] +####### AUTHENTICATION + +# Use PAM for authentication +class PamAuth(util.CustomAuth): + def check_credentials(self, user, password): + username = user.decode('utf-8') + passwd = password.decode('utf-8') + if username in grp.getgrnam('buildbot').gr_mem: + print('checking password for {}'.format(username)) + p = pam.pam() + return pam.authenticate(username, passwd) + else: + print('{} not in buildbot group'.format(username)) + return False +authz = util.Authz( + allowRules=[ + util.AnyControlEndpointMatcher(role="admins"), + ], + roleMatchers=[ + util.RolesFromUsername(admins=["djmoch"]) + ] + ) + ####### PROJECT IDENTITY # the 'title' string will appear at the top of this buildbot installation's @@ -132,7 +146,8 @@ c['buildbotURL'] = "https://builds.danielmoch.com/" c['www'] = dict(port=8010, plugins=dict(waterfall_view={}, console_view={}, grid_view={}, badges={"style": "flat"}), - auth=PamAuth()) + auth=PamAuth(), + authz=authz) ####### DB URL