I want to save and use the allure report from amazon S3 (not in-home workspace), so used S3 publisher plugin
target/allure-results and allure-report folders with files were published into amazon S3, but I can't take allure form S3
How I can do that?
If you really want to enable public access to your Allure reports from within S3, you can follow the official guide. In this case, a custom domain name is used. However, you can do the same w/o it just by enabling website hosting and relaxing bucket restrictions.
Note that it's not a secured way to access your reports, as they become visible to the outside world. Even if you use a CloudFront to restrict access to your bucket, it won't solve the visibility problem. It's a critical security issue, as you usually expose different URLs and credentials in test reports.
On one of my projects, there was a GitLab, and we created a simple html page with links to build logs and Allure / Swagger coverage reports. This page was registered to a customer's subdomain and accessible by authorized GitLab users only. Everything else (results aggregation, report generation, copying history, etc.) was handled from within GitLab pipeline.
I'd recommend talking to your DevOps and explain what you are trying to achieve considering all the security concerns. It's basically a one-day job for them.
Related
I am using Folder plugin and AD groups to control access to folder. This morning a team can't access their project anymore and later I found the AD group assignment in Assign Roles has been changed to wrong groups. Is there a way to find out which id did it? We only have a few admin ids.
Jenkins does not appear to keep an audit trail by default, as stated in this post on cloudbees.com, the folks that develop Jenkins.
The relevant lines:
Many Jenkins users look for a recommend a strategy for keeping an audit trail. This article is supposed to be a gap filler until more comprehensive compliance capabilities in JE/JOC are developed.
There are two open source plugins that enable you to track “WHO did WHAT?” in Jenkins:
...
The first plugin listed is Audit Trail Plugin which looks to provide exactly what you are seeking.
The description from the plugins page:
Keep a log of who performed particular Jenkins operations, such as configuring jobs.
This plugin adds an Audit Trail section in the main Jenkins configuration page. Here you can configure log location and settings (file size and number of rotating log files), and a URI pattern for requests to be logged. The default options select most actions with significant effect such as creating/configuring/deleting jobs and views or delete/save-forever/start a build. The log is written to disk as configured and recent entries can also be viewed in the Manage / System Log section.
I spent a few minutes looking through Jenkins various xml and log files, but could not find a log that contained something useful (username and/or timestamp). In this case it seems user auditing isn't built into Jenkins as of yet. Unfortunately it appears that you might not be able to determine who made those changes after the fact.
As part of automating my jenkins setup I need to add credentials for use with any svn configuration in my build jobs.
Manually you would add a domain to here
http://< your server >:8080/credential-store/
Then add credentials here:
http://< your server >:8080/credential-store/domain/< your domain >/newCredentials
Has anyone managed to automate this? There doesn't seem to be a usable api and the xml files contain hashed passwords which stops me from just copying
files around (plus i worry about security with this)
I have multiple users on a Jenkins server, each with their own credentials for external secured servers needed to run their builds. I am using the credentials plugin to manage the stored credentials. Currently, when a user configures a project, they can use anyones credentials for doing external jobs. I need to make it so that each user only sees the credentials they own when they configure jobs on the jenkins server. How would I do this?
The Folders plugin allows to limit the scope of credentials to a specific folder.
If you're fine with restricting access of different users to different folders (e.g., with the Role Strategy plugin), then this could be a solution.
Just create the folder, enter the folder, then select the "Credentials" link on the sidebar. A new link should appear called "Folder" click that and then define your credentials. Jobs in other folders will not be able to use those.
We use Jenkins and Active Directory plugin for authentication.
For some reason, I need to add a specific account in Jenkins but not in Active Directory.
Is it possible to use both Active Directory and internal user ?
If it's impossible, I think I can modify the plugin to add an account in it.
I know it's not a good idea, but we need this function.
I think it's in ActiveDirectoryAuthenticationProvider.java's retrieveUser() function.
If you have Jenkins deployed to an app server and the app server supports your use case, you can use the "Delegate to servlet container" option in the Security Realm.
You might be able to utilize the Script Security Realm Plugin
I am creating files with a custom version number during the build that I want to be publicly available through http.
Assuming I am building the project "MyTestApp", I want the version number text file I created to be available at a location like http://jenkins.company/job/MyTestApp/revision.txt
Any idea how to achieve this?
David, this depends on what you mean by "publicly available". If your Jenkins instance is secured (jenkins.company/configureSecurity/), then access to artifacts requires that your http session be authenticated. If all users who need access have accounts on the Jenkins server, then you just need to use the post-build action "archive the artifacts", and your text file would be available here:
jenkins.company/job/MyTestApp/jobnumber/artifact/revision.txt
Or here:
jenkins.company/job/MyTestApp/lastSuccessfulBuild/artifact/revision.txt
See this screenshot: http://note.io/17oiykI
If you need unauthenticated access, you could publish your artifacts to another web server on the same or a different host. Or you could upload them to an Amazon S3 bucket.