fabric-tna: add read permissions for ProntoAccess
Change-Id: I6232abdfad6145045f9c2706d3f32cf6c806d97f
diff --git a/jjb/onf-macros.yaml b/jjb/onf-macros.yaml
index 38e8972..89ffce8 100644
--- a/jjb/onf-macros.yaml
+++ b/jjb/onf-macros.yaml
@@ -91,6 +91,39 @@
<permission>hudson.model.Item.ViewStatus:anonymous</permission>
</hudson.security.AuthorizationMatrixProperty>
+# Sets permissions for job to be visible to ProntoAccess and ONFStaff only.
+- property:
+ name: onf-infra-pronto-private
+ properties:
+ - raw:
+ xml: |
+ <hudson.security.AuthorizationMatrixProperty>
+ <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.NonInheritingStrategy"/>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:JenkinsPowerusers</permission>
+ <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Build:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Cancel:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Configure:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Delete:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Discover:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.ExtendedRead:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Move:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Read:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Workspace:JenkinsPowerusers</permission>
+ <permission>hudson.model.Run.Delete:JenkinsPowerusers</permission>
+ <permission>hudson.model.Run.Replay:JenkinsPowerusers</permission>
+ <permission>hudson.model.Run.Update:JenkinsPowerusers</permission>
+ <permission>hudson.model.Item.Discover:ONFStaff</permission>
+ <permission>hudson.model.Item.Discover:ProntoAccess</permission>
+ <permission>hudson.model.Item.Discover:anonymous</permission>
+ <permission>hudson.model.Item.Read:ONFStaff</permission>
+ <permission>hudson.model.Item.Read:ProntoAccess</permission>
+ <permission>hudson.model.Item.ViewStatus:anonymous</permission>
+ </hudson.security.AuthorizationMatrixProperty>
+
# trigger on gerrit patchsets and actions
# docs: https://docs.openstack.org/infra/jenkins-job-builder/triggers.html#triggers.gerrit
# Uses a regex based project match