forked from electric-cloud-community/DSL-Samples
-
Notifications
You must be signed in to change notification settings - Fork 0
/
aclEntries.groovy
85 lines (74 loc) · 2.46 KB
/
aclEntries.groovy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
/*
Format: Electric Flow DSL
File: aclEntries.groovy
Description: some examples of aclEntry
Command-line run instructions
-----------------------------
ectool evalDsl --dslFile aclEntries.groovy
Run from Command Step
---------------------
Set shell to: ectool evalDsl --dslFile {0}
*/
// Set Everyone read access to the system object artifacts and repositories
// Note the objectType: 'systemObject'
["artifacts", "repositories"].each { systemObject ->
aclEntry principalName : "Everyone",
principalType : 'group',
objectType: 'systemObject',
systemObjectName : systemObject,
readPrivilege : 'allow',
modifyPrivilege : 'inherit',
executePrivilege : 'inherit',
changePermissionsPrivilege : 'inherit'
}
// support group: full READ access on the top level server object
// Note the objectType: 'server'
aclEntry principalName : "Support",
principalType : 'group',
objectType: 'server',
systemObjectName : 'server',
readPrivilege : 'allow',
modifyPrivilege : 'inherit',
executePrivilege : 'inherit',
changePermissionsPrivilege : 'inherit'
// Give access (RX) to all the workspaces to a list of projects
["projA", "projB"].each { proj->
// Create project if it does not already exist
// so this code can run
project proj
aclEntry principalName : "project: $proj",
principalType : 'user',
objectType: 'systemObject',
systemObjectName : "workspaces",
readPrivilege : 'allow',
modifyPrivilege : 'inherit',
executePrivilege : 'allow',
changePermissionsPrivilege : 'inherit'
}
// create procA so the code can run
project 'projA', {
procedure 'procA'
}
// Give access (RWX) to selected user groups to a project
// and to a specific procedure
['groupA', 'groupB'].each { grp ->
// Create group so the code is valid
group grp
aclEntry principalName : grp,
principalType : 'group',
objectType : 'procedure',
projectName : "projA",
procedureName: "procA",
readPrivilege : 'allow',
modifyPrivilege : 'inherit',
executePrivilege : 'allow',
changePermissionsPrivilege : 'inherit'
aclEntry principalName : grp,
principalType : 'group',
objectType : 'project',
projectName : "projB",
readPrivilege : 'allow',
modifyPrivilege : 'allow',
executePrivilege : 'allow',
changePermissionsPrivilege : 'inherit'
}