Description
This article describes how to control CloudBees CD (CloudBees Flow) object permissions automatically, based on the time of day. The solution uses Access Control List Entries (ACE’s) and schedules.
For example, if you have team members who are in different parts of the world and in different time zones, you might have your core team in time zone A. During business hours in time zone A, you may want those people to have ++exclusive++ control to start builds. During the off-hours in time zone A, you can grant access to another group in time zone B. In this way, team members in time zone A do not need to be awakened in the middle of the night to start a build.
Solution
Create a procedure that runs once each hour. When this procedure runs, it checks the time of day. Based on the time, it sets the "execute" permission for an CloudBees CD (CloudBees Flow) group to "allow" or "deny" execution privileges for a group named "Remote SCM".
Examples
Create a procedure to calculate and set the ACE
This procedure is called TimedAccess , and uses Perl to determine the time of day and decide whether to allow or grant permission. The procedure sets the permission for a group called Remote SCM on a project named CB Testing. Next, it sets the read privilege to "allow", the modify and change privileges to "deny", and the execute privilege to "allow" or "deny", based on the time of day.
Shell:
ec-perl
Command:
# allow access anytime outside the hours of 9AM to 5PM, local time
my ($sec, $min, $hour, $mday, $mon, $day, $year, $wday, $yday, $isdst) = localtime(time);
my $executePermission = ($hour < 9 || $hour >= 17) ? "allow" : "deny";
# delete any existing ACL Entry and create a new one
`ectool deleteAclEntry group "Remote SCM" --projectName "CB Testing"`;
my $cmd = 'ectool createAclEntry group "Remote SCM" --projectName "CB Testing" ' .
'--readPrivilege allow ' .
'--modifyPrivilege deny ' .
'--changePermissionsPrivilege deny ' .
'--executePrivilege ' . $executePermission;
my $response = `$cmd`;
print $response if $?