We would like to get a list of all jobs that a user has access to in Jenkins. This would probably be via a System Groovy Script but I am open to other methods.
We want to be able to test that all security is setup correctly and as admins we see everything so a script like this would be helpful.
This would have the same functionally as the "My View" tab in views.
Scott
Related
real simple question today.
Does Jenkins have a feature like credentials that is for non-secret information?
My use case is that I want to specify some values in jenkins to make them easily available to all of my pipelines. (e.g. an Azure subscription id) I tried to just use 'secret text' type credentials, but the magic that jenkins does to protect those credentials make it difficult to work with them.
I imagine it would be called something like global environment variables, or named values, but I haven't been able to find anything with my googling.
Thanks!
The following steps will help you setup global environment variables which can be used within various builds and pipelines. The steps may be slightly different based on the version of Jenkins installed. The steps noted below are based on version 2.7.4:
Navigate to Manage Jenkins on the left side menu
Click "Configure System"
Scroll down to find "Global properties"
Check "Environment variables"
Click "Add"
Add the name and value in correct input area (Example: arg_name & arg_value)
Click "Save" at the bottom of the page
To use this global environment variable, navigate to an input area within a build definition and use: ${arg_name}
I can see in job page it shows the stories,bug fixes etc in changes tab. Is there a way to extract them and sen over email for each job?
You can use the email-ext-plugin. It has the most customisation possibilities
of the mail plugins as far as I know, but it will require you to write some scripts.
If you go to Add Post Build Action and select Editable Email Notification, you will be able to configure the content of the email in details.
The default content can be configured in the advanced tab. You'll have to create a Groovy script to retrieve the information you want to put in the email. Groovy scripts are powerful in that you can hook into the Jenkins API itself to get any information you want or need. For more details refer to the doc of the plugin.
There are various templates to retrieve commonly used fields such as Changes. If the fields you want to extract are parts of external plugins, there is probably no example for them but they are available to Jenkins' Groovy as well.
I've set up a new Jenkins server earlier today.
When I open localhost:8080/jenkins, it prompts me for a username and password.
I enter mine in, and from there I can view my dashboard, including the projects I've set up, and their artifacts.
However, I would like people to be able to download the artifacts of my projects, without an account.
But that's the only thing I would like to allow them to do. View my artifacts, and nothing else, unless they have an account.
So, how do I set this up?
The answer is actually pretty simple.
Go to Manage Jenkins, then Configure Global Security.
Then check:
Enable security
Jenkins' own user database (in Access Control -> Security Realm)
Logged-in users can do anything (as well as Allow anonymous read access) [both are in Access Control -> Authorization]
Once that's done, other people should be able to view your artifacts.
We are currently attempting to setup an instance of Jenkins as our build system for our code base. We have multiple jobs setup (all using the same depot) to build different sections of the code.
We would now like to show the submits from all users pertaining to this depot on the main Jenkins screen rather than being able to view the change lists involved with a certain build (e.g. by selecting a certain job and then the link leading to the build information, etc...). I've looked into possible plugins and the closest one I was able to find was the "All Changes Plugin". This is exactly what we would like, but this is only visible when viewing the details of a build (e.g. which CLs were used to create the build), but would it be possible to show this type of information on the main Jenkins page instead?
Thank you in advance for your help.
You could write an extension for the Dashboard View plugin to provide a portlet containing an aggregated list of changes from perforce, though if you aren't experienced with writing plugins then you might be better off using a separate repository browser such as Fisheye or P4Web to display your changes.
I don't know why "logged in users can do anything" means Jenkins will happily allow non-authenticated users to view project details and access artifacts... Regardless, I need to know how to get Jenkins to allow logged in users to to anything AND hide EVERYTHING for users who AREN'T logged in. Help please?
This can be done with the Role-Strategy plugin.
Install the plugin, add a new group called "Anonymous" and uncheck everything. Then you want to add another group called "authenticated" and check everything. Add your existing users to this group. Jenkins will immediately prompt you for a login this way.
You can use https://wiki.jenkins-ci.org/display/JENKINS/Role+Strategy+Plugin
it allows to specify to define roles and assign roles to users, users with no roles won't even see the jenkins ui.
Answer to an old question but I came searching here as I am trying to auto spin up a Jenkins instance on Docker and found the same issue.
Good chance this option wasn't available when the question was asked. As of this moment (v2.222.3 but not sure how far back), it turns out you can do this without installing any additional plugins.
Manually
Navigate to Global Security (Jenkins > Manage Jenkins > Global Security)
Update the Authorization section to "Logged-in users can do anything".
UNCHECK Allow anonymous read access
Any unauthenticated access will redirect to login now.
I would note that if you setup Jenkins through the setup wizard then anonymous read access is disabled by default. If you want this behaviour AND want to configure jenkins automatically, read on.
Automated with Docker
My situation is that I wanted to check out my repo, run my compose file and have all my config/users/plugins etc ready to go. Great post here with more detail if interested.
In a nutshell:
Dockerfile
FROM jenkins/jenkins:lts-alpine
# Disable setup wizard since security.groovy creates our user
ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false"
COPY security.groovy /usr/share/jenkins/ref/init.groovy.d/security.groovy
security.groovy
#!groovy
import jenkins.model.*
import hudson.security.*
def instance = Jenkins.getInstance()
// Create Admin User
def hudsonRealm = new HudsonPrivateSecurityRealm(false)
hudsonRealm.createAccount("admin", "admin") // Dont do this. This is bad
instance.setSecurityRealm(hudsonRealm)
// Set Auth to Full Control Once Logged In and prevent read-only access
def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
strategy.setAllowAnonymousRead(false)
instance.setAuthorizationStrategy(strategy)
instance.save()
In particular, strategy.setAllowAnonymousRead(false) is what's needed
Additionally, if you use GitHub as your version control system -- you can use the GitHub OAuth plugin. Once the "Anonymous" reach your page, they will be redirected to GitHub automatically.