I have setup a parametrized job to deploy on several environments. Now i want to restrict deployments to some environments based on the LDAP-groups of the current user.
I am using Dynamic Choice Scriptler for the above task but issue i am facing is that User.current() is returning value SYSTEM. Is there any way to find out the current user without triggering the build?
Related
I'm struggling with duplicated users in my Jenkins and Not sending mail to unregistered user ... problem.
I installed the plugin as per this answer but cannot configure it properly by reading the plugin documentation.
My jenkins collects data from Active Directory and some users have duplicated entry, e.g.:
john.doe, john.doe#mycompany.com -> duplicated user which is detected by Jenkins
doej, john.doe#mycompany.com -> correct user which is used when logging in
Jenkins after collecting responsible people from git changes in job ends with
Not sending mail to unregistered user john.doe#mycompany.com
I tried adding additional identity to user doej by setting:
Identity: john.doe#mycompany.com
Realm: <empty>
but it doesn't work.
How should I configure correctly the Additional Identities Plugin?
Seems it's not possible to configure the additional identity plugin in Jenkins for merge the duplicate user
As Jenkins is missing a way to ensure users unicity(unique) since they are created from various sources: authentication method (LDAP in my case), code commits (Subversion, Mercurial, Git, ...).
Depending on the way the user is retrieved by Jenkins (from a commit on a given SCM or its authentication), multiple identities are created for the same real user.
As a consequence, some features are not fully or badly working (login, notifications, user's builds, continuous integration game, ...) and configuration of users is a pain as it must be done multiple times for each real user.
Still the required features are:
a merging features. Allow to merge multiple Jenkins users into a single account.
a user pattern per SCM. Allow to choose how to extract a username from a commit for each SCM and how to optionally match existing one instead of creating a new user.
an id pattern per notification type. Allow to define how to generate the default id used for notification from the user data (from his jenkins id, his name, his scm id, ...): for instance, his mail or his jabber id, ...
Reference: [JENKINS-10258] Allow users unicity - Jenkins Jira
Solution is Jenkins 1.480 but this is still in Vulnerabilities state and have bug as well.
Jenkins 1.480 introduces an extension point to resolve jenkins user "canonical" ID when searching for user in Database by id or full name. This plugin uses this extension point to let user configure external identities as user properties.
You can reach out to Jenkins community or Support team to know the status or when they will final release
I know how to get all builds from a specific job and know how to get the list of builds from the current user in the Jenkins UI by going to https://jenkins.${domain}.com/user/${username}/builds, however, there doesn't seem to be an API for that specific address because if you go to https://jenkins.${domain}.com/user/${username}/builds/api it comes up with a 404.
Is there a way via the api to query all of the builds for a specific user?
I want to create a Groovy script using Pipeline plugin in Jenkins handling the security for only some users can enter to the node.
This would be the example:
node('master') {
//code..... more code
}
node('production') {
//more code.....
}
I want to be able that only some users can run succesful the production node without using the input step that ask for only specific users/groups can approve it.
Is there a configuration option where I can configure the security of a specific Node about what users (or group) can execute scripts on it.
Note: I am using only Jenkisn 1.6 (not Cloudbees which it is with more complex security options)
Edited 04/20/2016 reflecting discussions in comment:
Update: Goal: Preventing unauthorized user from executing jobs on a selection of Jenkins node.
Update: The Job Restrictions Plugin referred by luka5z would be a promising fit for the goal, when using it in conjunction with Role Strategy Plugin.
Give Matrix-based security a try with this plugin Role Strategy Plugin. First, you need to set users/anonymous group global role to have a very minimal access. Then you can set slave roles that only allow users to use node name in staring in a pattern e.g QA_Slave*, and only a small group, say admin, have all permissions on all slaves, which implies Production.
Update: Role Strategy Plugin can prevent user from modifying policy applied to node, but would not protect node from running a job it was tagged to. [unauthorized slave assignment in job configuration] where Job Restrictions Plugin would independently apply restrictions on the node level, without go extreme and taking all job configuration access away.
Is there a way we can control which user can click "Build Now" in Jenkins? Basically we dont want all the users who are logged in Jenkins to trigger a build.
Also is this possible project-wise?
I am relatively new in configuring Jenkins, though I have used Jenkins more as an end user and not an admin, so would really appreciate any helpful inputs. I tried using this : https://wiki.jenkins-ci.org/display/JENKINS/Matrix-based+security and this https://wiki.jenkins-ci.org/display/JENKINS/Standard+Security+Setup, but for some reason its still allowing users to trigger a build.
You can also use RoleStrategyPlugin
This will be more helpful to manage large numbers of user using multiple projects.
The details to use and your doubt in the comment is addressed here
I am using Matrix Authorization Strategy Plugin, it offers matrix-based security authorization strategies, both global and per-project.
Global scope
http://jenkins_server/configureSecurity/--> Authorization-->Project-based Matrix Authorization Strategy
Project scope
I have a project based security enabled for my jobs. And based on user being admin / non-admin would like to show / hide certain build parameters.
Can anyone suggest an approach to tackle this requirements or are there any plugins for this?
Thanks!! Appreciate your help on this.
I don't think there is such a feature directly, but there is a workaround.
Configure "non-admin" job with only the parameters that non-admins should see.
Give that job security so that non-admins can build it.
Configure second "admin" job
Give that second job security so that only admins can build it.
In the Job Configuration of the second "admin" job, you need to:
Define all parameters (admin and non-admin)
Use Parameterized Trigger plugin ("Trigger/call builds on other projects" build action) to trigger "non-admin" job
Configure Add Parameters -> Current build parameters
That's it.
In the Job Configuration of the first "non-admin" job, you need to:
Define just non-admin parameters, making sure their names are exactly same as overlapping parameters from "admin" job
Configure the rest of the job as you normally would.
All parameters, even those that are passed from the triggering "admin" job are available as environment variables (even if they are not explicitly defined in "non-admin" job)