commit 7218d0f304e8d25a43ed05b42b6df645e40a1f23
author Jeremy Leconte <jleconte@google.com> Wed Jul 03 12:33:07 2024
committer WebRTC LUCI CQ <webrtc-scoped@luci-project-accounts.iam.gserviceaccount.com> Wed Jul 03 12:59:25 2024
tree b6e6c9dc9576f2b499d43a1afebe9fb46a936862
parent 55c3600781a98f70b71c50682363a8dc2d5e8494

Add buildbucket.creator role for led users.

Tried 'led' today and it resulted in the below error:
rpc error: code = PermissionDenied desc = user does not have permission "buildbucket.builds.create"

Change-Id: I361859b6f6ee58a67ac08e615cb88761fb39d67e
Bug: None
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/356300
Commit-Queue: Jeremy Leconte <jleconte@google.com>
Reviewed-by: Björn Terelius <terelius@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#42583}

infra/config/config.star

diff --git a/infra/config/config.star b/infra/config/config.star
index 99cff74..fd77183 100755
--- a/infra/config/config.star
+++ b/infra/config/config.star
@@ -218,6 +218,10 @@
 ])
 luci.realm(name = "try", bindings = [
     luci.binding(
+        roles = "role/buildbucket.creator",
+        groups = "project-webrtc-led-users",
+    ),
+    luci.binding(
         roles = "role/swarming.taskTriggerer",
         groups = "project-webrtc-led-users",
     ),
@@ -237,6 +241,10 @@
 ])
 luci.realm(name = "perf", bindings = [
     luci.binding(
+        roles = "role/buildbucket.creator",
+        groups = "project-webrtc-led-users",
+    ),
+    luci.binding(
         roles = "role/swarming.taskTriggerer",
         groups = "project-webrtc-led-users",
     ),
@@ -249,6 +257,10 @@
         groups = "project-webrtc-admins",
     ),
     luci.binding(
+        roles = "role/buildbucket.creator",
+        groups = "project-webrtc-admins",
+    ),
+    luci.binding(
         roles = "role/swarming.taskTriggerer",
         groups = "project-webrtc-admins",
     ),

infra/config/realms.cfg

diff --git a/infra/config/realms.cfg b/infra/config/realms.cfg
index 1716675..409a750 100644
--- a/infra/config/realms.cfg
+++ b/infra/config/realms.cfg
@@ -19,6 +19,10 @@
     principals: "group:all"
   }
   bindings {
+    role: "role/buildbucket.creator"
+    principals: "group:project-webrtc-admins"
+  }
+  bindings {
     role: "role/buildbucket.reader"
     principals: "group:all"
   }
@@ -97,6 +101,10 @@
     principals: "user:webrtc-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
   }
   bindings {
+    role: "role/buildbucket.creator"
+    principals: "group:project-webrtc-led-users"
+  }
+  bindings {
     role: "role/buildbucket.triggerer"
     principals: "group:service-account-chromeperf"
     principals: "user:webrtc-ci-builder@chops-service-accounts.iam.gserviceaccount.com"
@@ -175,6 +183,10 @@
     principals: "user:webrtc-try-builder@chops-service-accounts.iam.gserviceaccount.com"
   }
   bindings {
+    role: "role/buildbucket.creator"
+    principals: "group:project-webrtc-led-users"
+  }
+  bindings {
     role: "role/buildbucket.triggerer"
     principals: "group:project-webrtc-tryjob-access"
     principals: "group:service-account-cq"