diff options
author | Jo Rhett <jrhett@netconsonance.com> | 2019-09-20 16:07:26 -0700 |
---|---|---|
committer | Jo Rhett <jrhett@netconsonance.com> | 2019-10-02 12:07:13 -0700 |
commit | 895d8f3f7a8714d13636ff7113db11b764927998 (patch) | |
tree | 673c543741e34897e568e922c44feba26c719c41 | |
parent | fc63f1439816d9022a2d538614b0b7592f96b454 (diff) | |
download | python-jenkins-job-builder-895d8f3f7a8714d13636ff7113db11b764927998.tar.gz python-jenkins-job-builder-895d8f3f7a8714d13636ff7113db11b764927998.tar.xz python-jenkins-job-builder-895d8f3f7a8714d13636ff7113db11b764927998.zip |
Fix Authorization properties for folder and job in Folder
This outputs the correct XML schema for authorization properties for
both a folder, and a job inside a folder.
Story: 2006493
Story: 2006611
Change-Id: I14662855613ce146f74b85f5978a0ed828f4439b
-rw-r--r-- | jenkins_jobs/modules/properties.py | 34 | ||||
-rw-r--r-- | tests/yamlparser/fixtures/project_folder_template003.xml | 25 | ||||
-rw-r--r-- | tests/yamlparser/fixtures/project_folder_template003.yaml | 9 |
3 files changed, 65 insertions, 3 deletions
diff --git a/jenkins_jobs/modules/properties.py b/jenkins_jobs/modules/properties.py index 211f5393..342841f8 100644 --- a/jenkins_jobs/modules/properties.py +++ b/jenkins_jobs/modules/properties.py @@ -509,6 +509,9 @@ def authorization(registry, xml_parent, data): :language: yaml """ + # get the folder name if it exists + in_a_folder = data.pop("_use_folder_perms") + credentials = "com.cloudbees.plugins.credentials.CredentialsProvider." ownership = "com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin." @@ -536,9 +539,23 @@ def authorization(registry, xml_parent, data): } if data: - matrix = XML.SubElement( - xml_parent, "hudson.security.AuthorizationMatrixProperty" - ) + if in_a_folder: + matrix = XML.SubElement( + xml_parent, + "com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty", + ) + XML.SubElement( + matrix, + "inheritanceStrategy", + { + "class": "org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy" + }, + ) + else: + matrix = XML.SubElement( + xml_parent, "hudson.security.AuthorizationMatrixProperty" + ) + for (username, perms) in data.items(): for perm in perms: pe = XML.SubElement(matrix, "permission") @@ -1234,4 +1251,15 @@ class Properties(jenkins_jobs.modules.base.Base): properties = XML.SubElement(xml_parent, "properties") for prop in data.get("properties", []): + # Pass a flag for folder permissions to the authorization method + if next(iter(prop)) == "authorization": + # Only projects are placed in folders + if "project-type" in data: + if data["project-type"] == "folder": + prop["authorization"]["_use_folder_perms"] = True + else: + prop["authorization"]["_use_folder_perms"] = "folder" in data + else: + prop["authorization"]["_use_folder_perms"] = False + self.registry.dispatch("property", properties, prop) diff --git a/tests/yamlparser/fixtures/project_folder_template003.xml b/tests/yamlparser/fixtures/project_folder_template003.xml new file mode 100644 index 00000000..717ab44d --- /dev/null +++ b/tests/yamlparser/fixtures/project_folder_template003.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="utf-8"?> +<com.cloudbees.hudson.plugins.folder.Folder plugin="cloudbees-folder"> + <icon class="com.cloudbees.hudson.plugins.folder.icons.StockFolderIcon"/> + <views/> + <viewsTabBar class="hudson.views.DefaultViewsTabBar"/> + <primaryView>All</primaryView> + <healthMetrics/> + <actions/> + <description>foo bar<!-- Managed by Jenkins Job Builder --></description> + <keepDependencies>false</keepDependencies> + <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding> + <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding> + <concurrentBuild>false</concurrentBuild> + <canRoam>true</canRoam> + <properties> + <com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty> + <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"/> + <permission>hudson.model.Item.Read:foobar</permission> + <permission>hudson.model.Item.ExtendedRead:foobar</permission> + </com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty> + </properties> + <scm class="hudson.scm.NullSCM"/> + <publishers/> + <buildWrappers/> +</com.cloudbees.hudson.plugins.folder.Folder> diff --git a/tests/yamlparser/fixtures/project_folder_template003.yaml b/tests/yamlparser/fixtures/project_folder_template003.yaml new file mode 100644 index 00000000..af214cee --- /dev/null +++ b/tests/yamlparser/fixtures/project_folder_template003.yaml @@ -0,0 +1,9 @@ +- job: + name: folder_with_auth + project-type: folder + description: foo bar + properties: + - authorization: + foobar: + - 'job-read' + - 'job-extended-read' |