add authorization to control endpoints based on REMOTE_USER

author Erik Mackdanz <erikmack@gmail.com>

Thu, 31 Oct 2024 12:42:21 +0000 (12:42 +0000)

committer Erik Mackdanz <erikmack@gmail.com>

Thu, 31 Oct 2024 12:42:21 +0000 (12:42 +0000)
author Erik Mackdanz <erikmack@gmail.com>
Thu, 31 Oct 2024 12:42:21 +0000 (12:42 +0000)
committer Erik Mackdanz <erikmack@gmail.com>
Thu, 31 Oct 2024 12:42:21 +0000 (12:42 +0000)
diff --git a/master.cfg b/master.cfg

index 1a2f923dfa2c30b16ae2fd8fb7b5af236500583f..719d57ffde99ac9734e4551489ce3c83d08fd62b 100644 (file)
--- a/master.cfg
+++ b/master.cfg
@@ -350,6 +350,20 @@ c['buildbotURL'] = "https://bb.humopery.space/"
  # c['www'] = dict(port=8010,
  #                 plugins=dict(waterfall_view={}, console_view={}, grid_view={}))
  c['www'] = {
+    'auth': util.RemoteUserAuth(
+        # override default which requires an email address with @
+        headerRegex="(?P<username>.*)"
+    ),
+    'authz': util.Authz(
+        allowRules=[
+            # admins can run any control item
+            util.AnyControlEndpointMatcher(role="admins"),
+        ],
+        roleMatchers=[
+            util.RolesFromUsername(roles=["admins"],usernames=["erik"])
+        ],
+        stringsMatcher=util.fnmatchStrMatcher
+    ),
      'port' : 8010,
      'ws_ping_interval': 30
  }
author	Erik Mackdanz <erikmack@gmail.com>
	Thu, 31 Oct 2024 12:42:21 +0000 (12:42 +0000)
committer	Erik Mackdanz <erikmack@gmail.com>
	Thu, 31 Oct 2024 12:42:21 +0000 (12:42 +0000)