From: Erik Mackdanz <erikmack@gmail.com>
Date: Thu, 31 Oct 2024 12:42:21 +0000 (+0000)
Subject: add authorization to control endpoints based on REMOTE_USER
X-Git-Url: https://git.humopery.space/?a=commitdiff_plain;h=3a8968251ebbf9aca8f032084288fd38a8f6e3f1;p=private%2Fbuildbot-default.git

add authorization to control endpoints based on REMOTE_USER
---

diff --git a/master.cfg b/master.cfg
index 1a2f923..719d57f 100644
--- a/master.cfg
+++ b/master.cfg
@@ -350,6 +350,20 @@ c['buildbotURL'] = "https://bb.humopery.space/"
 # c['www'] = dict(port=8010,
 #                 plugins=dict(waterfall_view={}, console_view={}, grid_view={}))
 c['www'] = {
+    'auth': util.RemoteUserAuth(
+        # override default which requires an email address with @
+        headerRegex="(?P<username>.*)"
+    ),
+    'authz': util.Authz(
+        allowRules=[
+            # admins can run any control item
+            util.AnyControlEndpointMatcher(role="admins"),
+        ],
+        roleMatchers=[
+            util.RolesFromUsername(roles=["admins"],usernames=["erik"])
+        ],
+        stringsMatcher=util.fnmatchStrMatcher
+    ),
     'port' : 8010,
     'ws_ping_interval': 30
 }