admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add buildbucket.creator role for led users.

Browse Source 
Tried 'led' today and it resulted in the below error:
rpc error: code = PermissionDenied desc = user does not have permission "buildbucket.builds.create"

Change-Id: I361859b6f6ee58a67ac08e615cb88761fb39d67e
Bug: None
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/356300
Commit-Queue: Jeremy Leconte <jleconte@google.com>
Reviewed-by: Björn Terelius <terelius@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#42583}
This commit is contained in:
Jeremy Leconte 2024-07-03 14:33:07 +02:00 committed by WebRTC LUCI CQ
parent 55c3600781
commit 7218d0f304
2 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
infra/config/config.star
View File

@ -217,6 +217,10 @@ luci.realm(name = "pools/try-tests", bindings = [
), ),
]) ])
luci.realm(name = "try", bindings = [ luci.realm(name = "try", bindings = [
luci.binding(
roles = "role/buildbucket.creator",
groups = "project-webrtc-led-users",
),
luci.binding( luci.binding(
roles = "role/swarming.taskTriggerer", roles = "role/swarming.taskTriggerer",
groups = "project-webrtc-led-users", groups = "project-webrtc-led-users",
@ -236,6 +240,10 @@ luci.realm(name = "pools/perf", bindings = [
), ),
]) ])
luci.realm(name = "perf", bindings = [ luci.realm(name = "perf", bindings = [
luci.binding(
roles = "role/buildbucket.creator",
groups = "project-webrtc-led-users",
),
luci.binding( luci.binding(
roles = "role/swarming.taskTriggerer", roles = "role/swarming.taskTriggerer",
groups = "project-webrtc-led-users", groups = "project-webrtc-led-users",
@ -248,6 +256,10 @@ luci.realm(name = "@root", bindings = [
roles = "role/swarming.poolUser", roles = "role/swarming.poolUser",
groups = "project-webrtc-admins", groups = "project-webrtc-admins",
), ),
luci.binding(
roles = "role/buildbucket.creator",
groups = "project-webrtc-admins",
),
luci.binding( luci.binding(
roles = "role/swarming.taskTriggerer", roles = "role/swarming.taskTriggerer",
groups = "project-webrtc-admins", groups = "project-webrtc-admins",

12
infra/config/realms.cfg
View File

@ -18,6 +18,10 @@ realms {
role: "role/analysis.reader" role: "role/analysis.reader"
principals: "group:all" principals: "group:all"
} }
bindings {
role: "role/buildbucket.creator"
principals: "group:project-webrtc-admins"
}
bindings { bindings {
role: "role/buildbucket.reader" role: "role/buildbucket.reader"
principals: "group:all" principals: "group:all"
@ -96,6 +100,10 @@ realms {
role: "role/buildbucket.builderServiceAccount" role: "role/buildbucket.builderServiceAccount"
principals: "user:webrtc-ci-builder@chops-service-accounts.iam.gserviceaccount.com" principals: "user:webrtc-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
} }
bindings {
role: "role/buildbucket.creator"
principals: "group:project-webrtc-led-users"
}
bindings { bindings {
role: "role/buildbucket.triggerer" role: "role/buildbucket.triggerer"
principals: "group:service-account-chromeperf" principals: "group:service-account-chromeperf"
@ -174,6 +182,10 @@ realms {
role: "role/buildbucket.builderServiceAccount" role: "role/buildbucket.builderServiceAccount"
principals: "user:webrtc-try-builder@chops-service-accounts.iam.gserviceaccount.com" principals: "user:webrtc-try-builder@chops-service-accounts.iam.gserviceaccount.com"
} }
bindings {
role: "role/buildbucket.creator"
principals: "group:project-webrtc-led-users"
}
bindings { bindings {
role: "role/buildbucket.triggerer" role: "role/buildbucket.triggerer"
principals: "group:project-webrtc-tryjob-access" principals: "group:project-webrtc-tryjob-access"