Currently in order to enable or disable a job, a user must have Job Configure permissions in the Matrix-based security configuration.We would like to be able to manage the enable / disable job permission independently from the job configure permission.
There are some nightly jobs that we want every user to be able to enable and disable the project without touching/breaking the configuration.
Thanks
Provide a script for the users that will do this using the credentials of 'root' user and set only the execute bit on the script so that no one can read/copy it.
At least 3 ways to make a script:
HTTP POST request:
1.
curl -X POST http(s)://<your_jenkins_url>/jenkins/job/<nightly-build_job_name>/disable
2.
Use python JenkinsAPI.
Documentation is very good, easy to understand much like the API.
3.
The third one can be a script which will use jenkins-cli: accepted answer describes this well .
The Job Configure permission is bounded to the disable/enable function in each job, that's true.
One alternative to disable/enable jobs without the corresponding permission is to create new jobs which do this internally. For example, a job that needs job names as parameters, and disables them.
You could use curl + credentials of a Jenkins user with the Job Configure permission.
You could use plugins. For example, this script using the Job DSL Plugin:
job("jobname"){
using("jobname")
disabled(true)
}
For other options, check out this question.
You may try to install this plugin to get the enable/disable button for the individual project-
I checked in my Jenkins and I could see this:
But when I checked under plugins section I don't see this extra column plugin installed. Probably this is the default behavior in latest versions of Jenkins.
Related
Just to quote as an example one can submit a remote-run with some tool like TeamCity (similar to Jenkins) where it will apply delta/patch on what user is trying to commit & produces result whether changes is good from set-of configured checks for that project.
With Github & Jenkins, can such validation be achieved with any plugins out there?, which will avoid breaking a build?
I know with pull-request & status check one can achieve similar end-result. But without commit/push to remote repo of Git - is there a way Jenkins can handle this validation & produce initial result ??
It isn't possible to have GitHub perform checks on data it doesn't have, so if you don't push the data to the remote server, GitHub won't know anything about it and therefore will do nothing.
Jenkins does have a REST API that you could use to do this, provided you equipped each developer with appropriate credentials. However, this is not a common situation and wouldn't be a recommended configuration.
You'd be better off with a script in the repository that users could install as a hook or invoke from a hook that would perform the testing you want. If your CI jobs run a script in your repository, then sharing code between them should be easy.
Note that you shouldn't mandate pre-commit hooks, since they can interfere with advanced users (who may make intentionally incomplete temporary commits) and they can be disabled by users. Any sort of required checks should be done as part of CI, where policy can be enforced appropriately.
I have a Jenkins server with multiple users that are able to create and modify Global credentials. Is there any way I can audit and see who did what with the credentials - who modified them, who added new creds, etc. Preferably, presented in nice way similar to Job Config History plugin. Thanks
I had a similar question a few days ago. You can use the Audit Trail Plugin (GitHub) to audit changes to credentials. It logs the HTTP requests that modify credentials. However, it doesn't have a "config history"-style visualisation.
(Soon, it may also be able to log what jobs access the credentials)
You can do that using the Job Configuration History Plugin.
Link should be something like:
https://your.jenkins.url/jobConfigHistory/history?name=credentials
What I noticed is that all changes are shown as if they were been done by 'System' - though they all were done by a specific user.
I am running jobs in Jenkins. I want to share the Jenkins job result in Jira. I have tried various plugins but failed to achieve my objective.
https://wiki.jenkins-ci.org/display/JENKINS/JIRA+Plugin
If you also want to use this feature, you need to supply a valid user id/password. If you need the comment only to be visible to a certain JIRA group, e.g. Software Development, enter the groupname.
Now you also need to configure jobs. I figured you might not always have write access to the JIRA (say you have a Jenkins build for one of the Apache commons project that you depend on), so that's why this is optional.
I have a little doubt about the behavior the permissions jobs in jenkins. My problem is that I want to configure a job for it can be builded for an user/s with permissions for it. The permissions will be granted for me. It wish an configurable option for each job.
Best regards!
Whit this plugin you can set permission by pattern.
https://wiki.jenkins-ci.org/display/JENKINS/Role+Strategy+Plugin
E.g: Pattern = "Producion-.*"
You can set permissions to a user to execute builds only when the jobs-name starts with Production-
Is there a way to restrict a build step for a user. I have added a build step using the templates plugin, this template is for the deployment.
I do not want any users who has access to create a job or modify a job to be able to use this build step. The new build step that has been added should only be used by the the administrator.
If people can modifying Job configuration, they can get around any limitation you would place.
If your step can be executed post-build, I suggest to take a look at Promoted Builds plugin. The promotions can be configured to be limited to certain users only. But again, if a user has ability to change job configuration, they can overcome that easily.
The only way I can think of, is to have an external script (or preferably a compiled program than cannot be simply "read" with text editor) that is expecting a password that only you now, before executing whatever secret stuff that you want.