go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/lucicfg/testdata/realms/legacy.star (about) 1 luci.project( 2 name = "proj", 3 buildbucket = "cr-buildbucket-dev.appspot.com", 4 logdog = "luci-logdog-dev.appspot.com", 5 scheduler = "luci-scheduler-dev.appspot.com", 6 swarming = "chromium-swarm-dev.appspot.com", 7 acls = [ 8 acl.entry( 9 roles = [ 10 acl.PROJECT_CONFIGS_READER, 11 acl.BUILDBUCKET_READER, 12 acl.SCHEDULER_READER, 13 ], 14 groups = ["readers1", "readers2"], 15 users = ["r1@example.com", "r2@example.com"], 16 projects = ["pr1", "pr2"], 17 ), 18 acl.entry( 19 roles = [ 20 acl.BUILDBUCKET_TRIGGERER, 21 acl.SCHEDULER_TRIGGERER, 22 ], 23 groups = "triggerers", 24 ), 25 acl.entry( 26 roles = [ 27 acl.BUILDBUCKET_OWNER, 28 acl.SCHEDULER_OWNER, 29 ], 30 groups = "owners", 31 ), 32 acl.entry( 33 roles = [ 34 acl.LOGDOG_READER, 35 acl.LOGDOG_WRITER, 36 ], 37 groups = "logdog", 38 ), 39 acl.entry( 40 roles = acl.CQ_COMMITTER, 41 groups = "committer", 42 ), 43 acl.entry( 44 roles = acl.CQ_DRY_RUNNER, 45 groups = "dry-runner", 46 ), 47 ], 48 ) 49 50 luci.bucket( 51 name = "bucket", 52 acls = [ 53 acl.entry( 54 roles = acl.BUILDBUCKET_OWNER, 55 groups = "bucket-owner", 56 ), 57 ], 58 ) 59 60 luci.builder( 61 name = "builder", 62 bucket = "bucket", 63 executable = luci.recipe( 64 name = "recipe", 65 cipd_package = "recipe/bundles/main", 66 ), 67 service_account = "builder@example.com", 68 ) 69 70 luci.builder( 71 name = "cron", 72 bucket = "bucket", 73 executable = luci.recipe( 74 name = "recipe", 75 cipd_package = "recipe/bundles/main", 76 ), 77 service_account = "builder@example.com", 78 schedule = "with 10s interval", 79 ) 80 81 luci.gitiles_poller( 82 name = "poller", 83 bucket = "bucket", 84 repo = "https://noop.com", 85 refs = ["refs/heads/zzz"], 86 schedule = "with 10s interval", 87 triggers = ["builder"], 88 ) 89 90 # Expect configs: 91 # 92 # === cr-buildbucket-dev.cfg 93 # buckets { 94 # name: "bucket" 95 # acls { 96 # role: WRITER 97 # group: "bucket-owner" 98 # } 99 # acls { 100 # role: WRITER 101 # group: "owners" 102 # } 103 # acls { 104 # identity: "user:r1@example.com" 105 # } 106 # acls { 107 # identity: "user:r2@example.com" 108 # } 109 # acls { 110 # group: "readers1" 111 # } 112 # acls { 113 # group: "readers2" 114 # } 115 # acls { 116 # identity: "project:pr1" 117 # } 118 # acls { 119 # identity: "project:pr2" 120 # } 121 # acls { 122 # role: SCHEDULER 123 # group: "triggerers" 124 # } 125 # swarming { 126 # builders { 127 # name: "builder" 128 # swarming_host: "chromium-swarm-dev.appspot.com" 129 # recipe { 130 # name: "recipe" 131 # cipd_package: "recipe/bundles/main" 132 # cipd_version: "refs/heads/main" 133 # } 134 # service_account: "builder@example.com" 135 # } 136 # builders { 137 # name: "cron" 138 # swarming_host: "chromium-swarm-dev.appspot.com" 139 # recipe { 140 # name: "recipe" 141 # cipd_package: "recipe/bundles/main" 142 # cipd_version: "refs/heads/main" 143 # } 144 # service_account: "builder@example.com" 145 # } 146 # } 147 # } 148 # === 149 # 150 # === luci-scheduler-dev.cfg 151 # job { 152 # id: "builder" 153 # realm: "bucket" 154 # acl_sets: "bucket" 155 # buildbucket { 156 # server: "cr-buildbucket-dev.appspot.com" 157 # bucket: "luci.proj.bucket" 158 # builder: "builder" 159 # } 160 # } 161 # job { 162 # id: "cron" 163 # realm: "bucket" 164 # schedule: "with 10s interval" 165 # acl_sets: "bucket" 166 # buildbucket { 167 # server: "cr-buildbucket-dev.appspot.com" 168 # bucket: "luci.proj.bucket" 169 # builder: "cron" 170 # } 171 # } 172 # trigger { 173 # id: "poller" 174 # realm: "bucket" 175 # schedule: "with 10s interval" 176 # acl_sets: "bucket" 177 # triggers: "builder" 178 # gitiles { 179 # repo: "https://noop.com" 180 # refs: "regexp:refs/heads/zzz" 181 # } 182 # } 183 # acl_sets { 184 # name: "bucket" 185 # acls { 186 # role: OWNER 187 # granted_to: "group:owners" 188 # } 189 # acls { 190 # granted_to: "r1@example.com" 191 # } 192 # acls { 193 # granted_to: "r2@example.com" 194 # } 195 # acls { 196 # granted_to: "group:readers1" 197 # } 198 # acls { 199 # granted_to: "group:readers2" 200 # } 201 # acls { 202 # granted_to: "project:pr1" 203 # } 204 # acls { 205 # granted_to: "project:pr2" 206 # } 207 # acls { 208 # role: TRIGGERER 209 # granted_to: "group:triggerers" 210 # } 211 # } 212 # === 213 # 214 # === project.cfg 215 # name: "proj" 216 # access: "user:r1@example.com" 217 # access: "user:r2@example.com" 218 # access: "group:readers1" 219 # access: "group:readers2" 220 # access: "project:pr1" 221 # access: "project:pr2" 222 # === 223 # 224 # === realms.cfg 225 # realms { 226 # name: "@root" 227 # bindings { 228 # role: "role/buildbucket.owner" 229 # principals: "group:owners" 230 # } 231 # bindings { 232 # role: "role/buildbucket.reader" 233 # principals: "group:readers1" 234 # principals: "group:readers2" 235 # principals: "project:pr1" 236 # principals: "project:pr2" 237 # principals: "user:r1@example.com" 238 # principals: "user:r2@example.com" 239 # } 240 # bindings { 241 # role: "role/buildbucket.triggerer" 242 # principals: "group:triggerers" 243 # } 244 # bindings { 245 # role: "role/configs.reader" 246 # principals: "group:readers1" 247 # principals: "group:readers2" 248 # principals: "project:pr1" 249 # principals: "project:pr2" 250 # principals: "user:r1@example.com" 251 # principals: "user:r2@example.com" 252 # } 253 # bindings { 254 # role: "role/cq.committer" 255 # principals: "group:committer" 256 # } 257 # bindings { 258 # role: "role/cq.dryRunner" 259 # principals: "group:dry-runner" 260 # } 261 # bindings { 262 # role: "role/logdog.reader" 263 # principals: "group:logdog" 264 # } 265 # bindings { 266 # role: "role/logdog.writer" 267 # principals: "group:logdog" 268 # } 269 # bindings { 270 # role: "role/scheduler.owner" 271 # principals: "group:owners" 272 # } 273 # bindings { 274 # role: "role/scheduler.reader" 275 # principals: "group:readers1" 276 # principals: "group:readers2" 277 # principals: "project:pr1" 278 # principals: "project:pr2" 279 # principals: "user:r1@example.com" 280 # principals: "user:r2@example.com" 281 # } 282 # bindings { 283 # role: "role/scheduler.triggerer" 284 # principals: "group:triggerers" 285 # } 286 # } 287 # realms { 288 # name: "bucket" 289 # bindings { 290 # role: "role/buildbucket.builderServiceAccount" 291 # principals: "user:builder@example.com" 292 # } 293 # bindings { 294 # role: "role/buildbucket.owner" 295 # principals: "group:bucket-owner" 296 # } 297 # } 298 # ===