Set permissions on aptly promote to release-engineering and
aptly-promote-users groups
Related PROD: https://mirantis.jira.com/browse/PROD-25213
Change-Id: Iaf650a11ee478eaf75c390e0429bbf7cbd1ec628
diff --git a/aptly-promote-pipeline.groovy b/aptly-promote-pipeline.groovy
index b68bc81..1d12d97 100644
--- a/aptly-promote-pipeline.groovy
+++ b/aptly-promote-pipeline.groovy
@@ -28,22 +28,24 @@
timeout(time: 12, unit: 'HOURS') {
node("docker&&hardware") {
try {
+ if ("testing" in TARGET && !jenkinsUtils.currentUserInGroup(["release-engineering", "aptly-promote-users"])) {
+ insufficientPermissions = true
+ throw new Exception("Only release-engineering or aptly-promote-users can perform promote to testing.")
+ } else if (!jenkinsUtils.currentUserInGroup(["release-engineering"])) {
+ insufficientPermissions = true
+ throw new Exception("Only release-engineering team can perform promote.")
+ }
stage("promote") {
// promote is restricted to users in aptly-promote-users LDAP group
- if (jenkinsUtils.currentUserInGroups(["mcp-cicd-admins", "aptly-promote-users"])) {
- lock("aptly-api") {
- for (storage in storages) {
- if (storage == "local") {
- storage = ""
- }
- retry(2) {
- aptly.promotePublish(APTLY_URL, SOURCE, TARGET, RECREATE, components, packages, DIFF_ONLY, '-d --timeout 600', DUMP_PUBLISH.toBoolean(), storage)
- }
+ lock("aptly-api") {
+ for (storage in storages) {
+ if (storage == "local") {
+ storage = ""
+ }
+ retry(2) {
+ aptly.promotePublish(APTLY_URL, SOURCE, TARGET, RECREATE, components, packages, DIFF_ONLY, '-d --timeout 600', DUMP_PUBLISH.toBoolean(), storage)
}
}
- } else {
- insufficientPermissions = true
- throw new Exception(String.format("You don't have permissions to make aptly promote from source:%s to target:%s! Only CI/CD and QA team can perform aptly promote.", SOURCE, TARGET))
}
}
} catch (Throwable e) {