go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/lucicfg/testdata/misc/bucket_constraints.star (about) 1 lucicfg.enable_experiment("crbug.com/1338648") 2 3 luci.project( 4 name = "zzz", 5 buildbucket = "cr-buildbucket.appspot.com", 6 swarming = "chromium-swarm.appspot.com", 7 ) 8 luci.bucket(name = "ci") 9 luci.bucket( 10 name = "ci.shadow", 11 shadows = "ci", 12 constraints = luci.bucket_constraints( 13 pools = ["luci.project.shadow"], 14 service_accounts = ["account-1@example.com"], 15 ), 16 ) 17 18 luci.bucket_constraints( 19 bucket = "ci.shadow", 20 service_accounts = ["account-2@example.com"], 21 ) 22 luci.bucket_constraints( 23 bucket = "ci.shadow", 24 pools = ["luci.chromium.ci", "luci.project.shadow"], 25 ) 26 27 luci.recipe( 28 name = "main/recipe", 29 cipd_package = "recipe/bundles/main", 30 ) 31 32 luci.builder( 33 name = "linux ci builder", 34 bucket = "ci", 35 executable = "main/recipe", 36 service_account = "account-3@example.com", 37 dimensions = { 38 "os": "Linux", 39 "pool": "luci.ci.tester", 40 }, 41 shadow_service_account = "shadow_builder@example.com", 42 shadow_pool = "shadow_pool", 43 ) 44 45 luci.builder( 46 name = "linux ci builder 1", 47 bucket = "ci", 48 executable = "main/recipe", 49 service_account = "account-3@example.com", 50 dimensions = { 51 "os": "Linux", 52 "pool": "luci.ci.tester", 53 }, 54 shadow_service_account = "account-1@example.com", 55 shadow_pool = "shadow_pool", 56 ) 57 58 # 59 luci.builder( 60 name = "linux ci builder 2", 61 bucket = "ci", 62 executable = "main/recipe", 63 service_account = "account-3@example.com", 64 dimensions = { 65 "os": "Linux", 66 "pool": "luci.ci.tester", 67 }, 68 shadow_service_account = "a@example.com", 69 shadow_pool = "shadow_pool", 70 ) 71 72 luci.bucket_constraints( 73 bucket = luci.bucket(name = "another"), 74 service_accounts = ["account-4@example.com"], 75 ) 76 77 # Service accounts are actually optional. 78 luci.bucket( 79 name = "one-more", 80 constraints = luci.bucket_constraints(pools = ["luci.chromium.ci"]), 81 ) 82 83 # Expect configs: 84 # 85 # === cr-buildbucket.cfg 86 # buckets { 87 # name: "another" 88 # constraints { 89 # service_accounts: "account-4@example.com" 90 # } 91 # } 92 # buckets { 93 # name: "ci" 94 # swarming { 95 # builders { 96 # name: "linux ci builder" 97 # swarming_host: "chromium-swarm.appspot.com" 98 # dimensions: "os:Linux" 99 # dimensions: "pool:luci.ci.tester" 100 # recipe { 101 # name: "main/recipe" 102 # cipd_package: "recipe/bundles/main" 103 # cipd_version: "refs/heads/main" 104 # } 105 # service_account: "account-3@example.com" 106 # shadow_builder_adjustments { 107 # service_account: "shadow_builder@example.com" 108 # pool: "shadow_pool" 109 # dimensions: "pool:shadow_pool" 110 # } 111 # } 112 # builders { 113 # name: "linux ci builder 1" 114 # swarming_host: "chromium-swarm.appspot.com" 115 # dimensions: "os:Linux" 116 # dimensions: "pool:luci.ci.tester" 117 # recipe { 118 # name: "main/recipe" 119 # cipd_package: "recipe/bundles/main" 120 # cipd_version: "refs/heads/main" 121 # } 122 # service_account: "account-3@example.com" 123 # shadow_builder_adjustments { 124 # service_account: "account-1@example.com" 125 # pool: "shadow_pool" 126 # dimensions: "pool:shadow_pool" 127 # } 128 # } 129 # builders { 130 # name: "linux ci builder 2" 131 # swarming_host: "chromium-swarm.appspot.com" 132 # dimensions: "os:Linux" 133 # dimensions: "pool:luci.ci.tester" 134 # recipe { 135 # name: "main/recipe" 136 # cipd_package: "recipe/bundles/main" 137 # cipd_version: "refs/heads/main" 138 # } 139 # service_account: "account-3@example.com" 140 # shadow_builder_adjustments { 141 # service_account: "a@example.com" 142 # pool: "shadow_pool" 143 # dimensions: "pool:shadow_pool" 144 # } 145 # } 146 # } 147 # shadow: "ci.shadow" 148 # constraints { 149 # pools: "luci.ci.tester" 150 # service_accounts: "account-3@example.com" 151 # } 152 # } 153 # buckets { 154 # name: "ci.shadow" 155 # constraints { 156 # pools: "luci.chromium.ci" 157 # pools: "luci.project.shadow" 158 # pools: "shadow_pool" 159 # service_accounts: "a@example.com" 160 # service_accounts: "account-1@example.com" 161 # service_accounts: "account-2@example.com" 162 # service_accounts: "shadow_builder@example.com" 163 # } 164 # } 165 # buckets { 166 # name: "one-more" 167 # constraints { 168 # pools: "luci.chromium.ci" 169 # } 170 # } 171 # === 172 # 173 # === project.cfg 174 # name: "zzz" 175 # === 176 # 177 # === realms.cfg 178 # realms { 179 # name: "@root" 180 # } 181 # realms { 182 # name: "another" 183 # bindings { 184 # role: "role/buildbucket.builderServiceAccount" 185 # principals: "user:account-4@example.com" 186 # } 187 # } 188 # realms { 189 # name: "ci" 190 # bindings { 191 # role: "role/buildbucket.builderServiceAccount" 192 # principals: "user:account-3@example.com" 193 # } 194 # } 195 # realms { 196 # name: "ci.shadow" 197 # bindings { 198 # role: "role/buildbucket.builderServiceAccount" 199 # principals: "user:a@example.com" 200 # principals: "user:account-1@example.com" 201 # principals: "user:account-2@example.com" 202 # principals: "user:shadow_builder@example.com" 203 # } 204 # } 205 # realms { 206 # name: "one-more" 207 # } 208 # ===