Grant mdb/golang-luci-admin more admin permissions.
R=heschi@google.com
CC=carlos@golang.org
Change-Id: Id40bc4b1750d06e7c27e82ef29440613ad834e5b
Reviewed-on: https://go-review.googlesource.com/c/build/+/458675
TryBot-Bypass: Heschi Kreinick <heschi@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
diff --git a/generated/realms.cfg b/generated/realms.cfg
index 20a6db2..7d90503 100644
--- a/generated/realms.cfg
+++ b/generated/realms.cfg
@@ -7,6 +7,10 @@
realms {
name: "@root"
bindings {
+ role: "role/buildbucket.owner"
+ principals: "group:mdb/golang-luci-admin"
+ }
+ bindings {
role: "role/buildbucket.reader"
principals: "group:googlers"
}
@@ -19,6 +23,10 @@
principals: "group:googlers"
}
bindings {
+ role: "role/scheduler.owner"
+ principals: "group:mdb/golang-luci-admin"
+ }
+ bindings {
role: "role/swarming.poolOwner"
principals: "group:mdb/golang-luci-admin"
}
diff --git a/main.star b/main.star
index 204fa93..aa1ebfc 100755
--- a/main.star
+++ b/main.star
@@ -19,12 +19,17 @@
swarming = "chromium-swarm.appspot.com",
tricium = "tricium-prod.appspot.com",
bindings = [
- # Allow owners to submit any task in any pool.
+ # Admin permissions.
luci.binding(
roles = [
+ # Allow owners to submit any task in any pool.
"role/swarming.poolOwner",
"role/swarming.poolUser",
"role/swarming.taskTriggerer",
+ # Allow owners to trigger and cancel LUCI Scheduler jobs.
+ "role/scheduler.owner",
+ # Allow owners to trigger and cancel any build.
+ "role/buildbucket.owner",
],
groups = "mdb/golang-luci-admin",
),
