Add authentication rules to the BuildBot

buildbot/master.cfg

@@ -366,7 +366,7 @@ c['www'] = dict(port=MASTER_WWW_PORT,
                 change_hook_auth=[strcred.makeChecker("file:changehook.passwd")],
                 )
 
-c['www']['ui_default_config'] = { 
+c['www']['ui_default_config'] = {
     'Waterfall.scaling_waterfall': 0.058527663465935076,
     'Waterfall.min_column_width_waterfall': 35,
     'Waterfall.lazy_limit_waterfall': 50,
@@ -378,18 +378,23 @@ c['www']['ui_default_config'] = {
     'Workers.show_old_workers': True,
 }
 
+# Authentication required for anything beyond viewing
+authz = util.Authz(
+    stringsMatcher=util.fnmatchStrMatcher,  # simple matcher with '*' glob character
+    allowRules=[
+        util.AnyEndpointMatcher(role="admins", defaultDeny=False),
+        util.StopBuildEndpointMatcher(role="admins"),
+        util.ForceBuildEndpointMatcher(builder="*", role="admins"),
+        util.AnyControlEndpointMatcher(role='admins'),
+    ],
+    roleMatchers=[
+        util.RolesFromUsername(roles=['admins'], usernames=['robin'])
+    ]
+)
+auth=util.UserPasswordAuth(bbpasswd.ADMIN_USERS)
+c['www']['auth'] = auth
+c['www']['authz'] = authz
 
-# TODO: Fix the security/auth stuff!!
-# Add security so only admins can start builds, etc.
-# c['www']['authz'] = util.Authz(
-#         allowRules = [
-#             util.AnyEndpointMatcher(role="admins", defaultDeny=False)
-#         ],
-#         roleMatchers = [
-#             util.RolesFromUsername(roles=['admins'], usernames=['robin'])
-#         ]
-# )
-# c['www']['auth'] = util.UserPasswordAuth(bbpasswd.ADMIN_USERS)
 
 
 ##---------------------------------------------------------------------------