diff --git a/buildbot/config/conf/auth.py b/buildbot/config/conf/auth.py index 30cb268..3026b4c 100644 --- a/buildbot/config/conf/auth.py +++ b/buildbot/config/conf/auth.py @@ -119,4 +119,17 @@ def fetch_authorization(environment: str): roleMatchers=file_based_group_username_role_matchers, ) + # my_authz = buildbot.plugins.util.Authz( + # allowRules=[ + # buildbot.plugins.util.AnyControlEndpointMatcher( + # role="Developers" + # ), # Organization teams + # ], + # roleMatchers=[ + # buildbot.plugins.util.RolesFromGroups( + # groupPrefix="test-org/" + # ) # Gitea organization + # ], + # ) + return my_authz diff --git a/buildbot/config/conf/local/auth.py b/buildbot/config/conf/local/auth.py index 30eb7c2..33e611b 100644 --- a/buildbot/config/conf/local/auth.py +++ b/buildbot/config/conf/local/auth.py @@ -2,9 +2,9 @@ # SPDX-FileCopyrightText: 2011-2024 Blender Authors # -# import buildbot.plugins import os from buildbot.www.oauth2 import OAuth2Auth +import buildbot.plugins from urllib.parse import urljoin # Buildbot admin with access to everything. @@ -29,8 +29,8 @@ gitea_client_secret = os.environ.get("GITEA_CLIENT_SECRET", default="") def get_authentication(environment: str): class GiteaAuth(OAuth2Auth): - name = "projects.blender.org" - faIcon = "fa-cogs" + name = "Gitea" + faIcon = "fa-gitea" AUTH_URL = "login/oauth/authorize" TOKEN_URL = "login/oauth/access_token" @@ -42,10 +42,32 @@ def get_authentication(environment: str): self.tokenUri = urljoin(endpoint, self.TOKEN_URL) def getUserInfoFromOAuthClient(self, c): - return self.get(c, "/api/v1/user") + user_info = self.get(c, "/api/v1/user") - # class LocalEnvAuth(buildbot.plugins.util.CustomAuth): - # def check_credentials(self, user, password): - # return user.decode() == "admin" and password.decode() == "admin" + orgs = self.get(c, "/api/v1/user/orgs") + org_groups = [org["username"] for org in orgs] - return GiteaAuth(gitea_endpoint, gitea_client_id, gitea_client_secret) + teams = self.get(c, "/api/v1/user/teams") + team_groups = [ + f"{team['organization']['username']}/{team['name']}" for team in teams + ] # Format: org/team + + groups = org_groups + team_groups + + user_data = { + "full_name": user_info.get("full_name", user_info.get("username")), + "email": user_info.get("email"), + "username": user_info.get("username"), + "groups": groups, + } + + return user_data + + class LocalEnvAuth(buildbot.plugins.util.CustomAuth): + def check_credentials(self, user, password): + return user.decode() == "admin" and password.decode() == "admin" + + if gitea_endpoint and gitea_client_id and gitea_client_secret: + return GiteaAuth(gitea_endpoint, gitea_client_id, gitea_client_secret) + else: + return LocalEnvAuth() diff --git a/buildbot/config/setup.py b/buildbot/config/setup.py index 7d73acf..2aefd08 100644 --- a/buildbot/config/setup.py +++ b/buildbot/config/setup.py @@ -130,19 +130,7 @@ def setup() -> Dict[str, Any]: c["www"]["auth"] = conf.auth.fetch_authentication(environment) # Authorization - # c["www"]["authz"] = conf.auth.fetch_authorization(environment) - c["www"]["authz"] = buildbot.plugins.util.Authz( - allowRules=[ - buildbot.plugins.util.AnyControlEndpointMatcher( - role="Admins" - ), # Organization teams - ], - roleMatchers=[ - buildbot.plugins.util.RolesFromGroups( - groupPrefix="test-org/" - ) # Gitea organization - ], - ) + c["www"]["authz"] = conf.auth.fetch_authorization(environment) # Disable UI - does not work c["www"]["plugins"] = {