fabric-tna: add read permissions for ProntoAccess
Change-Id: I6232abdfad6145045f9c2706d3f32cf6c806d97f
diff --git a/jjb/onf-macros.yaml b/jjb/onf-macros.yaml
index 38e8972..89ffce8 100644
--- a/jjb/onf-macros.yaml
+++ b/jjb/onf-macros.yaml
@@ -91,6 +91,39 @@
<permission>hudson.model.Item.ViewStatus:anonymous</permission>
</hudson.security.AuthorizationMatrixProperty>
+# Sets permissions for job to be visible to ProntoAccess and ONFStaff only.
+- property:
+ name: onf-infra-pronto-private
+ properties:
+ - raw:
+ xml: |
+ <hudson.security.AuthorizationMatrixProperty>
+ <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.NonInheritingStrategy"/>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Build:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Cancel:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Configure:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Delete:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Discover:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.ExtendedRead:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Move:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Read:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Workspace:JenkinsPowerusers</permission>
+ <permission>hudson.model.Run.Delete:JenkinsPowerusers</permission>
+ <permission>hudson.model.Run.Replay:JenkinsPowerusers</permission>
+ <permission>hudson.model.Run.Update:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Discover:ONFStaff</permission>
+ <permission>hudson.model.Item.Discover:ProntoAccess</permission>
+ <permission>hudson.model.Item.Discover:anonymous</permission>
+ <permission>hudson.model.Item.Read:ONFStaff</permission>
+ <permission>hudson.model.Item.Read:ProntoAccess</permission>
+ <permission>hudson.model.Item.ViewStatus:anonymous</permission>
+ </hudson.security.AuthorizationMatrixProperty>
+
# trigger on gerrit patchsets and actions
# docs: https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.gerrit
# Uses a regex based project match
diff --git a/jjb/templates/fabric-tna-jobs.yaml b/jjb/templates/fabric-tna-jobs.yaml
index a11be61..954e156 100644
--- a/jjb/templates/fabric-tna-jobs.yaml
+++ b/jjb/templates/fabric-tna-jobs.yaml
@@ -9,9 +9,9 @@
Created by {id} job-template from ci-management/jjb/templates/fabric-tna-jobs.yaml<br/>
properties:
- # Visibility restricted to ONFStaff because logs contain output from
+ # Visibility restricted to because logs contain output from
# Barefoot toolchain (under NDA).
- - onf-infra-onfstaff-private:
+ - onf-infra-pronto-private:
- onf-infra-properties:
build-days-to-keep: '15'
artifact-num-to-keep: '-1'
@@ -77,9 +77,9 @@
Created by {id} job-template from ci-management/jjb/templates/fabric-tna-jobs.yaml<br/>
properties:
- # Visibility restricted to ONFStaff because logs contain output from
+ # Visibility restricted to because logs contain output from
# Barefoot toolchain (under NDA).
- - onf-infra-onfstaff-private:
+ - onf-infra-pronto-private:
- onf-infra-properties:
build-days-to-keep: '{build-days-to-keep}'
artifact-num-to-keep: '-1'