I have been digging trying to figure out the warning I am getting in the pipeline that we have. It was done by a contractor, now gone. I took over the CI/CD tools, Jenkins, GitLab and Chef.
I constantly see a warning message, that user is not found, but sending email anyway. "xxx.xxx#company.com is not a recognized user, but sending mail anyway xxx.xxx#company.com"
Until I really started to dig into this, I didn't realize that this is causing 2 user auto-added entries into Jenkins.
As other threads I have found on stackoverflow, we have our security realm set to Active Directory, we have a 4 digit code, expanding to 8 digits for the user ID, and it does not match our email addresses of first.last#company.com.
I was in the group back in 2017 when we started implementing these tools, so I have multiple Jenkins accounts, one is firstname.lastname and is confirmed as well as the A/D user ID, so when I run the pipeline, it finds me and no warning/error. When someone that is newer than I, only has an A/D account ID, they get the error and the erroneous accounts are created. first.last and firstlast for the names of the accounts.
Is there anyway to look at the user ID, that is the same in GitLab and Jenkins rather than Email address for the pipeline? Or can I have the warning message but not auto-create the users in Jenkins?
Related
I'm struggling with duplicated users in my Jenkins and Not sending mail to unregistered user ... problem.
I installed the plugin as per this answer but cannot configure it properly by reading the plugin documentation.
My jenkins collects data from Active Directory and some users have duplicated entry, e.g.:
john.doe, john.doe#mycompany.com -> duplicated user which is detected by Jenkins
doej, john.doe#mycompany.com -> correct user which is used when logging in
Jenkins after collecting responsible people from git changes in job ends with
Not sending mail to unregistered user john.doe#mycompany.com
I tried adding additional identity to user doej by setting:
Identity: john.doe#mycompany.com
Realm: <empty>
but it doesn't work.
How should I configure correctly the Additional Identities Plugin?
Seems it's not possible to configure the additional identity plugin in Jenkins for merge the duplicate user
As Jenkins is missing a way to ensure users unicity(unique) since they are created from various sources: authentication method (LDAP in my case), code commits (Subversion, Mercurial, Git, ...).
Depending on the way the user is retrieved by Jenkins (from a commit on a given SCM or its authentication), multiple identities are created for the same real user.
As a consequence, some features are not fully or badly working (login, notifications, user's builds, continuous integration game, ...) and configuration of users is a pain as it must be done multiple times for each real user.
Still the required features are:
a merging features. Allow to merge multiple Jenkins users into a single account.
a user pattern per SCM. Allow to choose how to extract a username from a commit for each SCM and how to optionally match existing one instead of creating a new user.
an id pattern per notification type. Allow to define how to generate the default id used for notification from the user data (from his jenkins id, his name, his scm id, ...): for instance, his mail or his jabber id, ...
Reference: [JENKINS-10258] Allow users unicity - Jenkins Jira
Solution is Jenkins 1.480 but this is still in Vulnerabilities state and have bug as well.
Jenkins 1.480 introduces an extension point to resolve jenkins user "canonical" ID when searching for user in Database by id or full name. This plugin uses this extension point to let user configure external identities as user properties.
You can reach out to Jenkins community or Support team to know the status or when they will final release
We have a CI jenkins platform and we want to manage our deployments with an email confirmation. A user send a request to the deployment plan for starting. But in the first step, the plan send an email confirmation to an administrator. If the admin click the request link, deployment will be start, otherwise wont start.
Is there a way to do this with jenkins or any jenkins plugin?
yes there is a way to do that, honestly, more than one way to do that and you can choose by your preferneces. What I will suggest you is to consider the way explained in the issues of Jenkins https://issues.jenkins-ci.org/browse/JENKINS-33793
though it have status Unresolved, but it looks like by my knowledge that it will work even right now , cause it is just an URL.
I've been reading a few articles and watching a few videos on Jenkins. I'm wondering how easy it would be once the master branch has been deployed to a staging server to automatically send an email to the client notifying them of the url to the staging server and also giving them a link to "deploy live". This way the client can see the changes, make sure they're happy with it then deploy it themselves without having to email anyone requesting it to go live.
Anyone got any idea how easy this would be to do with Jenkins? There may be a plugin that does this but so far I've not come across anything.
I saw a talk where a guy does this to notify QA of a new build to test, as well as notify when a build is ready to be published to production.
Basically the last automated job (deploy to staging job) has a post build step to send an email to some address. The body of the email contains a link back to the REST API for the "deploy to production" job, triggering a build.
Email recipient tests things, and if satisfied, clicks the link and Jenkins runs the production job. Obviously this requires that the recipient has some kind of access to (at the very least, the REST API of) the Jenkins instance. That being said, there's no reason you couldn't set up your own system to take limited external requests and forward them to your Jenkins API.
The video link (including time reference of the relevant part) is: https://youtu.be/3HI7mv_791k?t=3169
If you've been watching a few videos you might have already come across it, but it's quite long so you might not have watched it all.
Similar to this question How can we execute Jenkins job using other user credential
I have users who will login to Jenkins using active-directory credentials, and then as part of the job use publish-over-cifs, which must use the same domain credentials they supplied when logging in.
This would require that Jenkins retains the password in memory in order to provide it to the cifs plugin.
How should I do this?
I've added a Jenkins Issue https://issues.jenkins-ci.org/browse/JENKINS-22561?focusedCommentId=198490#comment-198490 sponsored for $25 https://freedomsponsors.org/core/issue/483/publish-over-cifs-should-be-able-to-use-jenkins-session-credentials-including-domain-when-jenkins-active-directory-authentication-is-used?alert=SPONSOR#
I am sorry, I don't know how to answer your question, but here is a completely off-the-wall hypothetical solution.
The AD user, on their own machine, is already logged in and can use the AD shares/SMB with their logged in credentials.
Design a job that asks the user for the IP address of their machine. Then have the job spawn a Jenkins Slave on that machine, and execute the job on that Slave, so that it inherently gets access to AD.
This answer probably deserves a downvote
Is it possible to setup TFS/Test Manager so that it sends out an email after a test fails?
Yes, it is possible but it requires quite a lot of changes/additions to the process template and possibly a custom-made activity.
After tests have run, we check if BuildDetail.BuildPhaseStatus has status failed
We send mail to everyone who has changesets committed to this build, so the build goes through BuildDetail.AssociatedChangesets (you need to have AssociateChangesetsAndWorkItems on) and get the committer username.
Unfortunately for us, there's no good correlation between TFS username and email address at our place, so we had to create a custom activity that looks that up in the AD.
The actual email is sent with the BuildReport action from Community TFS Build Extensions. We modified the xslt, but that's not really necessary. We also wanted to include a listing of the failed tests, and that required modification of the action itself (test data isn't included by default).
Looking at this description and all the work made to get this working, I'm beginning to wonder if it was worth it ;).