Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Oct 15 10:23
    AbhyudayaSharma edited #38
  • Oct 15 10:22
    AbhyudayaSharma edited #38
  • Oct 15 10:20
    AbhyudayaSharma review_requested #38
  • Oct 15 10:19
    AbhyudayaSharma labeled #38
  • Oct 15 10:19
    AbhyudayaSharma assigned #38
  • Oct 15 10:19
    AbhyudayaSharma opened #38
  • Oct 14 15:14

    dependabot-preview[bot] on maven

    (compare)

  • Oct 14 15:14
    dependabot-preview[bot] closed #105
  • Oct 14 15:14
    dependabot-preview[bot] commented #105
  • Oct 14 15:14
    dependabot-preview[bot] review_requested #109
  • Oct 14 15:14
    dependabot-preview[bot] review_requested #109
  • Oct 14 15:13
    dependabot-preview[bot] labeled #109
  • Oct 14 15:13
    dependabot-preview[bot] opened #109
  • Oct 14 15:13

    dependabot-preview[bot] on maven

    Bump configuration-as-code from… (compare)

  • Oct 14 14:12

    dependabot-preview[bot] on maven

    (compare)

  • Oct 14 14:12
    dependabot-preview[bot] closed #35
  • Oct 14 14:12
    dependabot-preview[bot] commented #35
  • Oct 14 14:12
    dependabot-preview[bot] review_requested #37
Oleg Nenashev
@oleg-nenashev
@Rupsa-Sarkar if you try to restrict Build permissions, you need a a Queue Item Authenticaror plugin to be installed, e.g. Authorize Project
Rupsa-Sarkar
@Rupsa-Sarkar
@oleg-nenashev I did use the Authorize Project plugin..
image.png
this is the setup for the job
image.png
this is the Global Security setup
The only other piece of the puzzle is I am using EC2-Plugin for launcing slaves
they are labels properly thoiugh
still it says "user" lacks permission on a slave
Abhyudaya Sharma
@AbhyudayaSharma

@AbhyudayaSharma can I create new roles for agents before the agent actually invoked/created?
I am using an EC2 Plugin and providing static name to agents
so at time init, I can create a agent role e.g "prodslave" in your plugin..and when the actual slave comes up with the name, the rules just applies to it?

@Rupsa-Sarkar Yes, the role would get applied to the agent that gets created as long as the name matches.

To create a role like, the easiest way is to use JCasC. Otherwises, you can either provision a temporary node with the same name and then create the role from the UI. After that, delete the agent - the role will still be there.

Rupsa-Sarkar
@Rupsa-Sarkar

@oleg-nenashev I did use the Authorize Project plugin..

@oleg-nenashev were you able to look into this issue?

Jose Miguel Diaz
@josemdiaza
Is the plugin working fine on Jenkins 2.176.3? I'm not able to see any project after assigning them...
Jose Miguel Diaz
@josemdiaza
Is even working? I've tried in three versions and it didn't worked in any of those.
Jose Miguel Diaz
@josemdiaza
@josemdiaza It's working, but I noticed that it doesn't work in Folders. Is that normal?
Oleg Nenashev
@oleg-nenashev
@josemdiaza it works in folders if regexps are configured properly
Jphyland15
@Jphyland15
Hi, all. I am a relatively new Open Source contributor, and I was hoping that someone may be able to provide some guidance as I try to understand how the code of Role-Strategy works. Specifically, could someone explain where Jenkins stores data about users who are assigned various roles? The reason for this is because I am trying to implement a feature where when a user is assigned a specific role (DevOps Engineer, Cloud Engineer, Trainee, etc.) they would get added to a list that automatically emails members with that specific role details about the status of any jobs/builds that are attached to that role. I feel that it would be relatively simple, if I can access the data, but I cannot figure out where it it stored. I guess the first thing I should ask is if it is even possible.
Jose Miguel Diaz
@josemdiaza
@oleg-nenashev cuold you please give me an example?
Oleg Nenashev
@oleg-nenashev
@josemdiaza For example, FolderA/.* in regexp will make the role apply to all jobs under FolderA in the root. And so on
@Jphyland15 Hi, thanks for the follow-up! The plugin stores its configurations directly in ${JENKINS_HOME}/config.xml. There is a authorizationStrategy section there
Jose Miguel Diaz
@josemdiaza

@josemdiaza For example, FolderA/.* in regexp will make the role apply to all jobs under FolderA in the root. And so on

@oleg-nenashev I've already tried this, and after giving a user the role with FolderA/.* is not able to see Folder A, so what I've noticed today is that you can add a role to match only the FolderA, after that I'm able to see both FolderA and all the jobs under Folder A. I want to know if it's possible to simplify this and make a single RegEx to include the Folder and the Jobs.

Abhyudaya Sharma
@AbhyudayaSharma
@josemdiaza How about FolderA.*? That should match both the folder and the contents inside it.
Oleg Nenashev
@oleg-nenashev
+1
Abhyudaya Sharma
@AbhyudayaSharma
@josemdiaza If you're assigning roles based on Folders, you can also try the new Folder Authorization plugin: https://plugins.jenkins.io/folder-auth
Jose Miguel Diaz
@josemdiaza

@josemdiaza How about FolderA.*? That should match both the folder and the contents inside it.

Ok, I'll try. Thanks :)

@josemdiaza If you're assigning roles based on Folders, you can also try the new Folder Authorization plugin: https://plugins.jenkins.io/folder-auth

I'll take it into account. Thanks @oleg-nenashev & @AbhyudayaSharma ;)!

Jose Miguel Diaz
@josemdiaza
@AbhyudayaSharma patternFolderA.* works as you said. Now, I want to distinguish between -prod and -release jobs. Is this possible?
imagen.png
Jphyland15
@Jphyland15
@oleg-nenashev Thank you! I very much appreciate it!
Oleg Nenashev
@oleg-nenashev
Speaking of Role Strategy, I am about rolling out a new release tomorrow.
Abhyudaya Sharma
@AbhyudayaSharma
@josemdiaza I would say the simplest would be three roles, one for the top-level folder and one for each job inside the folders.
Oleg Nenashev
@oleg-nenashev
Or just .*-release if you want to match jobs in multiple folders
Rupsa-Sarkar
@Rupsa-Sarkar
@oleg-nenashev any clue if you are fixing the Role-Strategy issue with Slaves/Agents that I pointed out?
Oleg Nenashev
@oleg-nenashev
@Rupsa-Sarkar so far there no issue, just a chat conversation. I have not really looked into it after Oct 03, sorry. And I am not able to reproduce it on my instance
@Rupsa-Sarkar if you could submit a ticket with clear repro steps on a clean instance, it would help
Jose Miguel Diaz
@josemdiaza
@oleg-nenashev @AbhyudayaSharma Thanks!!
Jose Miguel Diaz
@josemdiaza

@AbhyudayaSharma patternFolderA.* works as you said. Now, I want to distinguish between -prod and -release jobs. Is this possible?

It works with FolderA(/.*prod)? and the same for release.

Abhyudaya Sharma
@AbhyudayaSharma
@josemdiaza That would work but you will need to remember that FolderA will be covered by two roles. This would a bit confusing in my opinion.
Jose Miguel Diaz
@josemdiaza
@AbhyudayaSharma That's exactly what I need :)
Jose Miguel Diaz
@josemdiaza

@AbhyudayaSharma finally, what I did to match every possible release/prod job and every possible folder or subfolder was:

Dev pattern: (?!.prod)FolderA.*

Rupsa-Sarkar
@Rupsa-Sarkar
image.png
@oleg-nenashev I am using the EC2-Plugin and assigned the slave a label "prodslave".. when I try to provide access to this slave to a specific user this way
image.png
and the user is assgined to this slave role ..
Rupsa-Sarkar
@Rupsa-Sarkar
Now when user2 is trying to deploy a job it shows me "user2 lacks permission to "EC2 (prodslave) **"
Oleg Nenashev
@oleg-nenashev
@Rupsa-Sarkar the display name of the agent seems to be "EC2 (prodslave) **" IIOC, and hence your regexp pattern will not work. Check the agent URL to make sure
Abhyudaya Sharma
@AbhyudayaSharma
@oleg-nenashev Would it make sense to release Folder auth 1.1 with the changes for human readable permissions in configuration export? Or should we continue with 1.0.3 like before?
Oleg Nenashev
@oleg-nenashev
@AbhyudayaSharma sorry for the review delays. I think it would be 1.1 , because it is a new feature
Abhyudaya Sharma
@AbhyudayaSharma
Thanks! I will try to do the release today.
Abhyudaya Sharma
@AbhyudayaSharma
Thanks a lot @casz for your contributions!