Add support for job allowed-projects In order to allow users to create jobs which are only available to run on certain projects, add an 'allowed-projects' attribute to jobs. This is especially useful for jobs with secrets. For example, consider a job which performs external API testing with credentials. The user defining that job may well want to restrict its use to a single project. Change-Id: I4457842ea293baf20b83f7b8b86fba2b7d26d2be

commit: b3f5db1de3ec3359594c570ba6b4850ca4c4b57e [log] [tgz]
author: James E. Blair <jeblair@redhat.com> Fri Mar 17 12:57:39 2017 -0700
committer: James E. Blair <jeblair@redhat.com> Wed Mar 29 12:44:46 2017 -0700
tree: d388a07fe5c879edc21cec504e36f20dcdda17b6
parent: 717e8e928d21211fb40fa564b1288dc3b44854cb [diff] [blame]
diff --git a/zuul/model.py b/zuul/model.py
index 47f20ef..846463b 100644
--- a/zuul/model.py
+++ b/zuul/model.py

@@ -764,6 +764,7 @@
             final=False,
             roles=frozenset(),
             repos=frozenset(),
+            allowed_projects=None,
         )
 
         # These are generally internal attributes which are not
@@ -2355,6 +2356,10 @@
                 # A change must match at least one project pipeline
                 # job variant.
                 continue
+            if (frozen_job.allowed_projects and
+                change.project.name not in frozen_job.allowed_projects):
+                raise Exception("Project %s is not allowed to run job %s" %
+                                (change.project.name, frozen_job.name))
             job_graph.addJob(frozen_job)
 
     def createJobGraph(self, item):
commit	b3f5db1de3ec3359594c570ba6b4850ca4c4b57e	[log] [tgz]
author	James E. Blair <jeblair@redhat.com>	Fri Mar 17 12:57:39 2017 -0700
committer	James E. Blair <jeblair@redhat.com>	Wed Mar 29 12:44:46 2017 -0700
tree	d388a07fe5c879edc21cec504e36f20dcdda17b6
parent	717e8e928d21211fb40fa564b1288dc3b44854cb [diff] [blame]