Restrict aptly promote pipeline with whatever source and target
Change-Id: If015e6443c124b8d3f098bfdb8ba304659ef371d
diff --git a/aptly-promote-pipeline.groovy b/aptly-promote-pipeline.groovy
index 5d1dd0e..461abcf 100644
--- a/aptly-promote-pipeline.groovy
+++ b/aptly-promote-pipeline.groovy
@@ -1,6 +1,6 @@
def common = new com.mirantis.mk.Common()
def aptly = new com.mirantis.mk.Aptly()
-
+def jenkinsUtils = new com.mirantis.mk.JenkinsUtils()
def packages
try {
@@ -26,7 +26,8 @@
node() {
try{
stage("promote") {
- if(_userCanRunPromote(SOURCE, TARGET)){
+ // promote is restricted to users in aptly-promote-users LDAP group
+ if(jenkinsUtils.currentUserInGroups(["mcp-cicd-admins", "aptly-promote-users"])){
lock("aptly-api") {
for (storage in storages) {
if (storage == "local") {
@@ -36,7 +37,7 @@
}
}
}else{
- throw new Exception(String.format("You don't have permissions to make aptly promote from source:%s to target:%s ", SOURCE, TARGET))
+ throw new Exception(String.format("You don't have permissions to make aptly promote from source:%s to target:%s! Only CI/CD and QA team can perform aptly promote.", SOURCE, TARGET))
}
}
} catch (Throwable e) {
@@ -52,12 +53,3 @@
}
}
-def _userCanRunPromote(source, target){
- if(source.contains("stable") || target.contains("stable")){
- // promote from or to stable is restricted to users in aptly-promote-users LDAP group
- def jenkinsUtils = new com.mirantis.mk.JenkinsUtils()
- return jenkinsUtils.currentUserInGroups(["mcp-cicd-admins", "aptly-promote-stable-users"])
- }
- // other types of promote are allowed to everyone
- return true;
-}