Commit a3cd6327 authored by Tomeu Vizoso's avatar Tomeu Vizoso
Browse files

MinIO/OPA: Allow my jobs to read from mesa-tracie-private

So I can test my modifications without having to assign to Marge (which
was bothering people).

See mesa/mesa!6441 (comment 851137)

Signed-off-by: Tomeu Vizoso's avatarTomeu Vizoso <tomeu.vizoso@collabora.com>
parent 0821c972
......@@ -87,6 +87,11 @@ read_repos := {
""
}
tracie_private_users := {
"marge-bot",
"tomeu",
}
# keep fetch for everyone on fetch_repos
allow = true {
input.owner == false
......@@ -146,11 +151,11 @@ allow = true {
write_only_operations[input.action]
}
# Mesa CI: Tracie private trace files can be read from jobs triggered by marge-bot user
# Mesa CI: Tracie private trace files can be read from jobs triggered by an authorized user
allow = true {
input.owner == false
input.bucket == "mesa-tracie-private"
input.claims.user_login == "marge-bot"
tracie_private_users[input.claims.user_login]
read_operations[input.action]
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment