#33 support granting the "edit" role to users and groups
Merged 5 years ago by mikeb. Opened 5 years ago by mikeb.
mikeb/c3i-library edit-roles  into  master

@@ -57,10 +57,14 @@ 

            value: ""

          - name: ADMIN_GROUPS

            value: ""

+         - name: EDIT_USERS

+           value: ""

+         - name: EDIT_GROUPS

+           value: "system:authenticated"

          - name: VIEW_USERS

            value: ""

          - name: VIEW_GROUPS

-           value: "system:authenticated"

+           value: ""

          - name: LIFETIME_IN_MINUTES

            value: "30"

          jenkinsfile: |-

@@ -9,6 +9,8 @@ 

  def call(Map args=[:]) {

    String[] projectAdminUsers = []

    String[] projectAdminGroups = []

+   String[] projectEditUsers = []

+   String[] projectEditGroups = []

    String[] projectViewUsers = []

    String[] projectViewGroups = []

    Instant projectExpirationInstant;
@@ -77,6 +79,14 @@ 

              validateUserNames(projectAdminGroups)

              echo "Project admin groups: $projectAdminGroups"

  

+             projectEditUsers = env.EDIT_USERS ? env.EDIT_USERS.split(',') : []

+             validateUserNames(projectEditUsers)

+             echo "Project edit users: $projectEditUsers"

+ 

+             projectEditGroups = env.EDIT_GROUPS ? env.EDIT_GROUPS.split(',') : []

+             validateUserNames(projectEditGroups)

+             echo "Project edit groups: $projectEditGroups"

+ 

              projectViewUsers = env.VIEW_USERS ? env.VIEW_USERS.split(',') : []

              validateUserNames(projectViewUsers)

              echo "Project view users: $projectViewUsers"
@@ -130,6 +140,7 @@ 

              openshift.withCluster() {

                openshift.withProject(env.PROJECT_NAME) {

                  assignRole('admin', projectAdminUsers, projectAdminGroups)

+                 assignRole('edit', projectEditUsers, projectEditGroups)

                  assignRole('view', projectViewUsers, projectViewGroups)

                }

              }

This change also moves the "system:authenticated" group from the "view" to the "edit" role.
This allows all users to access the pod console and view secrets, which helps when debugging test
failures.

Pull-Request has been merged by mikeb

5 years ago