diff options
author | Adam Romanek <romanek.adam@gmail.com> | 2020-07-15 13:11:33 +0200 |
---|---|---|
committer | Adam Romanek <romanek.adam@gmail.com> | 2020-07-15 13:11:33 +0200 |
commit | 703a76650f746bad713fef55389a616f0067255a (patch) | |
tree | 5786b501c02ea1ced86019d4ea0163a913c524e7 /jenkins_jobs/modules/properties.py | |
parent | 28e43831e9facb5bdd1169f3af845aad5bf0c717 (diff) | |
download | python-jenkins-job-builder-703a76650f746bad713fef55389a616f0067255a.tar.gz python-jenkins-job-builder-703a76650f746bad713fef55389a616f0067255a.tar.xz python-jenkins-job-builder-703a76650f746bad713fef55389a616f0067255a.zip |
Fix Authorization Matrix property - inheritance strategy
Up until now <inheritanceStrategy> tag was only added to jobs-in-a-folder
and folder configs. In JJB the tag's class is always set to
"InheritParentStrategy" which according to the docs means the "item will
inherit its parent items permissions". Apparently <inheritanceStrategy>
tag needs to be present on top-level jobs also. For top-level jobs
setting the tag's class value to "InheritParentStrategy" means the job
"will inherit the global security security settings" and this is the
default behavior.
The code has simplified a bit - if it's a folder then we use a different
property name for authorization matrix property, other than that the
code is the same for all three "variants": folder, job-in-a-folder and
job-outside-a-folder (top-level job).
Also this change fixes the missing <inheritanceStrategy> tag for
job-in-a-folder, where the folder name was specified as part of the
"name" key instead of the standalone "folder" key. With this change we
no longer check if a job is in a folder or not, so it's implicitly
fixed. Added a test case to catch potential regressions in the future.
The copyright notice reflects this and the previous contribution in this
module.
Change-Id: I84b22c09c8a107aab2b4eca20feffc9b61675a92
Diffstat (limited to 'jenkins_jobs/modules/properties.py')
-rw-r--r-- | jenkins_jobs/modules/properties.py | 34 |
1 files changed, 12 insertions, 22 deletions
diff --git a/jenkins_jobs/modules/properties.py b/jenkins_jobs/modules/properties.py index 41db1c03..67a14f51 100644 --- a/jenkins_jobs/modules/properties.py +++ b/jenkins_jobs/modules/properties.py @@ -1,4 +1,5 @@ # Copyright 2012 Hewlett-Packard Development Company, L.P. +# Copyright 2020 Liberty Global B.V. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -518,9 +519,6 @@ def authorization(registry, xml_parent, data): :language: yaml """ - # get the folder name if it exists - in_a_folder = data.pop("_use_folder_perms", None) if data else None - # check if it's a folder or a job is_a_folder = data.pop("_is_a_folder", None) if data else False @@ -551,23 +549,18 @@ def authorization(registry, xml_parent, data): } if data: - if in_a_folder: - if is_a_folder: - element_name = "com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty" - else: - element_name = "hudson.security.AuthorizationMatrixProperty" - matrix = XML.SubElement(xml_parent, element_name) - XML.SubElement( - matrix, - "inheritanceStrategy", - { - "class": "org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy" - }, - ) + if is_a_folder: + element_name = "com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty" else: - matrix = XML.SubElement( - xml_parent, "hudson.security.AuthorizationMatrixProperty" - ) + element_name = "hudson.security.AuthorizationMatrixProperty" + matrix = XML.SubElement(xml_parent, element_name) + XML.SubElement( + matrix, + "inheritanceStrategy", + { + "class": "org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy" + }, + ) for (username, perms) in data.items(): for perm in perms: @@ -1271,13 +1264,10 @@ class Properties(jenkins_jobs.modules.base.Base): # Only projects are placed in folders if "project-type" in data: if data["project-type"] in ("folder", "multibranch"): - prop["authorization"]["_use_folder_perms"] = True prop["authorization"]["_is_a_folder"] = True else: - prop["authorization"]["_use_folder_perms"] = "folder" in data prop["authorization"]["_is_a_folder"] = False else: - prop["authorization"]["_use_folder_perms"] = False prop["authorization"]["_is_a_folder"] = False self.registry.dispatch("property", properties, prop) |