| |
@@ -9,6 +9,8 @@
|
| |
def call(Map args=[:]) {
|
| |
String[] projectAdminUsers = []
|
| |
String[] projectAdminGroups = []
|
| |
+ String[] projectEditUsers = []
|
| |
+ String[] projectEditGroups = []
|
| |
String[] projectViewUsers = []
|
| |
String[] projectViewGroups = []
|
| |
Instant projectExpirationInstant;
|
| |
@@ -77,6 +79,14 @@
|
| |
validateUserNames(projectAdminGroups)
|
| |
echo "Project admin groups: $projectAdminGroups"
|
| |
|
| |
+ projectEditUsers = env.EDIT_USERS ? env.EDIT_USERS.split(',') : []
|
| |
+ validateUserNames(projectEditUsers)
|
| |
+ echo "Project edit users: $projectEditUsers"
|
| |
+
|
| |
+ projectEditGroups = env.EDIT_GROUPS ? env.EDIT_GROUPS.split(',') : []
|
| |
+ validateUserNames(projectEditGroups)
|
| |
+ echo "Project edit groups: $projectEditGroups"
|
| |
+
|
| |
projectViewUsers = env.VIEW_USERS ? env.VIEW_USERS.split(',') : []
|
| |
validateUserNames(projectViewUsers)
|
| |
echo "Project view users: $projectViewUsers"
|
| |
@@ -130,6 +140,7 @@
|
| |
openshift.withCluster() {
|
| |
openshift.withProject(env.PROJECT_NAME) {
|
| |
assignRole('admin', projectAdminUsers, projectAdminGroups)
|
| |
+ assignRole('edit', projectEditUsers, projectEditGroups)
|
| |
assignRole('view', projectViewUsers, projectViewGroups)
|
| |
}
|
| |
}
|
| |
This change also moves the "system:authenticated" group from the "view" to the "edit" role.
This allows all users to access the pod console and view secrets, which helps when debugging test
failures.