I need to add some permissions (Read, Build, View, cancel etc) to multiple users at the same time.
def users = [user1, user2]
for(user in users){
String userID = user;
jobDsl scriptText: """
folder('example') {
properties {
authorizationMatrixProperty {
inheritanceStrategy {
inheritingGlobal()
}
permissions(['hudson.model.Item.Read:authenticated',
'hudson.model.View.Read:authenticated',
'hudson.model.Item.Build:${user}',
'hudson.model.Item.Read:${user}'
.
.
.
])
}
}
}
"""
}
When running this, it first adds user1, then for the second time removes user1 and overwrites user2. How can I add permission access to both the users at once?
Related
I'm struggling with understanding how I can allow users to create new records in the list, but only allow creators to update their own posts.
E.g. the following structure:
post {
post1: {
author: "user1"
text: "Some text"
}
post2: {
author: "user2"
text: "Some text 2"
}
}
Here, I want both users to be able to create new posts. But also protect, say, post2 from being edited by user1. Thus, only user1 can edit post1 and only user2 can edit post2.
You'd want to do something like this:
{"rules": {
"post": {
"$id": {
".write": "auth !== null && (!data.exists() || data.child('author').val() === auth.uid)"
}
}
}}
Here you're only allowing write if the user is logged in and a) the node attempting to be written is empty or b) the node attempting to be written was authored by the current user.
Looking at the documentation I am unable to find a data source which gives me
the current user (preferably the email) logged in to az when using the azurerm provider in terraform.
This information is available when I run az ad signed-in-user and I would like to use it to tag the resources created by terraform in azure.
Is this not possible right now?
You can use azurerm_client_config to get the AD object ID for the current user and then look up the returned object id with azuread_user to get the user principal name (UPN). Then, the UPN can be assigned to a tag. In the code below, outputs are not necessary but are helpful for validation because their values appear in the plan.
data "azurerm_client_config" "current" { }
data "azuread_user" "current_user" {
object_id = data.azurerm_client_config.current.object_id
}
resource "azurerm_resource_group" "example-rg" {
name = "example-rg"
location = "westus"
tags = {
userCreated = data.azuread_user.current_user.user_principal_name
}
}
output "object_id" {
value = data.azurerm_client_config.current.object_id
}
output "user_principal_name" {
value = data.azuread_user.current_user.user_principal_name
}
I need to set two or more credentials to a job, my plan is to use it separately like below, so that it can be used in multiple jobs
static void _artifactoryCredentialBinding(Job job) {
job.with {
wrappers {
credentialsBinding {
usernamePassword('USERNAME', 'PASSWORD', 'xxxxx')
}
}
}
}
static void _jasyptCredentialBinding(Job job) {
return job.with {
wrappers {
credentialsBinding {
usernamePassword('', 'PASSWORD', 'jasypt-credentials')
}
}
}
}
When I do this the first credential is getting over ridden by the second credential.
I will be calling these two methods as a helper method in where ever necessary in my groovy file.
I would require to add multiple credentials in few jobs and only one credential in a job.
Adding the credentials under one wrapper will work - multiple-credentials, but I will not be able to reuse if I add multiple under the same.
I tried returning the Job in the above methods and used the same methods to set the creds but getting the error while building -
ERROR: (CredentialBindingUtil.groovy, line 28) No signature of method: xxxx.CredentialBindingUtil$__pfJasyptCredentialBinding_closure3.wrappers() is applicable for argument types: (xxx.CredentialBindingUtil$__pfJasyptCredentialBinding_closure3$_closure9) values: [xxxx.CredentialBindingUtil$__pfJasyptCredentialBinding_closure3$_closure9#11b4d391]
[Office365connector] No webhooks to notify
How do I make the credentials to be appended with the existing ones ?
As discussed in the comments, it's possible to achieve this through the Configure Block.
static void _artifactoryCredentialBinding(def job) {
job.with {
configure { node ->
node / 'buildWrappers' / 'org.jenkinsci.plugins.credentialsbinding.impl.SecretBuildWrapper' / 'bindings' << 'org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding' {
usernameVariable 'some-credential-id'
credentialsId PASS1
passwordVariable USER1
}
}
}
}
static void _jasyptCredentialBinding(def job) {
job.with {
configure { node ->
node / 'buildWrappers' / 'org.jenkinsci.plugins.credentialsbinding.impl.SecretBuildWrapper' / 'bindings' << 'org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding' {
usernameVariable 'some-credential-id'
credentialsId PASS2
passwordVariable USER2
}
}
}
}
def a_job = job('a-temporaryjob')
_artifactoryCredentialBinding(a_job)
_jasyptCredentialBinding(a_job)
To understand how the Configure Block works I highly suggest reading the wiki page and an older blog post which explains step by step how to configure an unsupported plugin.
I am trying to write groovy script which should send an email notification to the approver for deleting a pipeline job in Jenkins.
I am able to send email and get the approvers input, but I am confused on how to retrieve the input(Proceed or Abort).If input is Proceed, I should delete the job and if it is Abort, job shouldn't be deleted.
I looked at some reference and used "approveReceivedEvent" , but it is not working. Is there any way for retrieving user input?
Below is my code snippet
stage ('DELETE')
build job: 'JOBNAME', wait: true
mail to: 'xxx#xxx', subject: "Please approve #${env.JOB_NAME} to delete",
body: <p>Job '${env.JOB_NAME}" + environment + "[${env.BUILD_NUMBER}]' NEEDS APPROVAL</p><p>Please approve at "<a href='${env.JOB_URL}'>${env.JOB_NAME} [${env.BUILD_NUMBER}]</a>"</p>"
try {
input id: 'Proceed', message: "\nDo you want to proceed to delete job?"
} catch (err) {
//approveReceivedEvent(id: id, approved: false)
throw err
}
//approveReceivedEvent(id: id, approved: true)
}
job(env.JOB_NAME) {
steps {
dsl {
removeAction('DELETE')
}
}
}
Modified the code.Below is the code snippet which worked.
def userInput = input (message: 'Approve Delete', submitterParameter: 'isApproved')
echo ("userInput was: " + userInput)
if(userInput.equals("Yes"))
{
job(env.JOB_NAME) {
steps {
dsl {
removeAction('DELETE')
}
}
}
}
else
{
echo("No Approval received to delete Job")
}
What you can try is , make a separate job (lets call it 'J') with the above mentioned code snippet and make it have the same parameters as input which are required by your code like :
JOB_NAME , BUILD_NUMBER , APPROVED etc.
Now in your original job when you send the mail you can give links for APPROVED = YES or 1 and APPROVED = NO or 0 . In those links you can remotely trigger your job 'J' with the parameters you sent in the mail and APPROVED parameter as 1 or 0 for the two links .
Is there a way to retrieve a list of individuals who broke the build in Jenkins Pipeline, just like the mailer plugin apparently does to send out a mail to those involved?
I've found one possible way, though it is somewhat limited to the amount of builds that are being kept. By iterating over the previousBuild hierarchy and their change logs, this may be a solution:
def getAuthors(def build) {
def userIds = []
build.changeSets.each { hudson.scm.SubversionChangeLogSet changeLogSet ->
userIds += changeLogSet.collect { it.author.id }
}
userIds.unique()
}
def getIndividualsWhoBrokeTheBuild() {
def userIds = []
for(def build = currentBuild; build.result != 'SUCCESS'; build = build.previousBuild) {
userIds += getAuthors(build)
}
userIds.unique()
}
Suppose a job keeps only five builds, this won't return the original felon, if it was broken more than five builds before.