[ews-build] Cancel build and similar operations should have authentication
[WebKit-https.git] / Tools / BuildSlaveSupport / ews-build / master.cfg
index d6a89d3..924aa21 100644 (file)
@@ -1,5 +1,8 @@
 import os
 import socket
+import sys
+
+from buildbot.plugins import util
 
 import loadConfig
 from events import Events
@@ -16,6 +19,21 @@ c['www']['ui_default_config'] = {
     'Workers.showWorkerBuilders': True,
 }
 
+if not is_test_mode_enabled:
+    admin_username = os.getenv('EWS_ADMIN_USERNAME')
+    admin_password = os.getenv('EWS_ADMIN_PASSWORD')
+    if not admin_username or not admin_password:
+        print('Environment variables for admin username/password not found. Please ensure these variables are set.')
+        sys.exit(1)
+    # See https://docs.buildbot.net/current/manual/configuration/www.html#example-configs
+    authz = util.Authz(
+        allowRules=[util.AnyControlEndpointMatcher(role="admin")],
+        roleMatchers=[util.RolesFromEmails(admin=[admin_username])]
+    )
+    auth = util.UserPasswordAuth({admin_username: admin_password})
+    c['www']['auth'] = auth
+    c['www']['authz'] = authz
+
 c['protocols'] = {'pb': {'port': 17000}}
 
 c['projectName'] = 'WebKit EWS'