commit 606f96ea6429ebdb56dff55a18d6f49d96345896
author Galina Kistanova <gkistanova@gmail.com> Wed Sep 02 16:52:40 2020 -0700
committer Galina Kistanova <gkistanova@gmail.com> Tue Oct 27 00:25:20 2020 -0700
tree f3cb4fde8bc187c1ec1ef1c57d02cd3662c1ec8f
parent 33c85caa0af3b4cba3df54964b4e825a8f443515

We use github authentication to let LLVM users do some extra with the build bot.

buildbot/osuosl/master/config/auth.py

diff --git a/buildbot/osuosl/master/config/auth.py b/buildbot/osuosl/master/config/auth.py
new file mode 100644
index 0000000..da481ff
--- /dev/null
+++ b/buildbot/osuosl/master/config/auth.py
@@ -0,0 +1,55 @@
+from buildbot.plugins import util
+#from twisted.python import log
+
+import config
+
+
+def getAuth():
+    # For test local setup use NoAuth instead.
+    auth = util.GitHubAuth(
+        clientId=str(config.options.get('GitHub Auth', 'clientId')),
+        clientSecret=str(config.options.get('GitHub Auth', 'clientSecret')),
+        apiVersion=4,
+        getTeamsMembership=True,
+        debug=True, # TODO: Turn this to false once validated working.
+    )
+    return auth
+
+
+def getAuthz():
+
+    authz = util.Authz(
+        allowRules=[
+            # Admins can do anything.
+            # defaultDeny=False: if user does not have the admin role,
+            # we continue parsing rules.
+            util.AnyEndpointMatcher(role="LLVM Lab team", defaultDeny=False),
+
+            # Allow authors to stop, force or rebuild their own builds,
+            util.StopBuildEndpointMatcher(role="owner", defaultDeny=False),
+            # Allow bot owners to stop, force or rebuild on their own bots,
+            util.StopBuildEndpointMatcher(role="worker-owner"),
+
+            # allow devs to force or rebuild any build.
+            util.RebuildBuildEndpointMatcher(role="owner", defaultDeny=False),
+            util.RebuildBuildEndpointMatcher(role="worker-owner", defaultDeny=False),
+            util.RebuildBuildEndpointMatcher(role="LLVM Committers"),
+
+            util.ForceBuildEndpointMatcher(role="owner", defaultDeny=False),
+            util.ForceBuildEndpointMatcher(role="worker-owner", defaultDeny=False),
+            util.ForceBuildEndpointMatcher(role="LLVM Committers"),
+
+            # Future-proof control endpoints. No parsing rules beyond this.
+
+            # Allows anonymous to look at build results.
+            util.AnyControlEndpointMatcher(role="LLVM Lab team"),
+        ],
+        roleMatchers=[
+            util.RolesFromGroups(groupPrefix="llvm/"),
+            util.RolesFromGroups(groupPrefix="llvm/"),
+            # role owner is granted when property owner matches the email of the user
+            util.RolesFromOwner(role="owner"),
+        ],
+    )
+
+    return authz