Configure permissions to execute an especific job in Jenkins - jenkins

I have a little doubt about the behavior the permissions jobs in jenkins. My problem is that I want to configure a job for it can be builded for an user/s with permissions for it. The permissions will be granted for me. It wish an configurable option for each job.
Best regards!

Whit this plugin you can set permission by pattern.
https://wiki.jenkins-ci.org/display/JENKINS/Role+Strategy+Plugin
E.g: Pattern = "Producion-.*"
You can set permissions to a user to execute builds only when the jobs-name starts with Production-

Related

Set group of Jenkins system user when creating a job

I'm using the Authorize User plugin in Jenkins, and I'm trying to setup a multi-tenant jenkins with genuine access control. I want to have a folder with a set of jobs which group A can see, and another folder with another set of jobs which group B can see.
At the master/controller, the $JENKINS_HOME/jobs/ folder creates a new job folder when a build is triggered. However this folder is created as the SYSTEM user, not the build user. The issue is although I could just put the build user into the SYSTEM user's group, this would ALSO give them access to any job on the filesystem, not just the folder they should have.
Is there a way to configure what user:group is set when a job folder is created?
Perhaps this helps:
https://support.cloudbees.com/hc/en-us/articles/204173600-How-do-I-limit-users-access-to-the-folders-to-which-they-belong-to-?page=94
It should also work with vanilla Jenkins.
Warning: untried ;-)

How to select password from dropdown and pass it as parameter to jenkins job?

I have a problem. I use Jenkins to deploy application on machines. Depending on which machine i want to deploy new version I need to use different database passwords to run db migrations. I want to store credentials in Jenkins and for each deploy job select credentials set from dropdown which will be passed (just password ) to powershell script. I have Credentials Binding Plugin and Extended Choice Parameter Plugin. I thought it might help me with my problem, but I cannot find solution for this. Do you have any ideas how to achieve this?
As I understand, you need only to do two things:
add Credential Parameter in This project is parameterized section for possibility to select credentials set from dropdown.
enable Use secret text(s) or file(s) option in Build Environment section. This will allow you to take credentials of various sorts and use them from shell build steps and the like. Each binding will define an environment variable.
If you have already created Jenkins credentials like these:
then you will be available to run your job using Build with Parameters button and select needed credentials:
So, after configuring, you don't need to dig in job configuration each time, all possible credentials will be automatically loaded, you need only select the needed one when run a job.

How to post jenkins job result in jira?

I am running jobs in Jenkins. I want to share the Jenkins job result in Jira. I have tried various plugins but failed to achieve my objective.
https://wiki.jenkins-ci.org/display/JENKINS/JIRA+Plugin
If you also want to use this feature, you need to supply a valid user id/password. If you need the comment only to be visible to a certain JIRA group, e.g. Software Development, enter the groupname.
Now you also need to configure jobs. I figured you might not always have write access to the JIRA (say you have a Jenkins build for one of the Apache commons project that you depend on), so that's why this is optional.

Disabling and enabling jobs in jenkins

Currently in order to enable or disable a job, a user must have Job Configure permissions in the Matrix-based security configuration.We would like to be able to manage the enable / disable job permission independently from the job configure permission.
There are some nightly jobs that we want every user to be able to enable and disable the project without touching/breaking the configuration.
Thanks
Provide a script for the users that will do this using the credentials of 'root' user and set only the execute bit on the script so that no one can read/copy it.
At least 3 ways to make a script:
HTTP POST request:
1.
curl -X POST http(s)://<your_jenkins_url>/jenkins/job/<nightly-build_job_name>/disable
2.
Use python JenkinsAPI.
Documentation is very good, easy to understand much like the API.
3.
The third one can be a script which will use jenkins-cli: accepted answer describes this well .
The Job Configure permission is bounded to the disable/enable function in each job, that's true.
One alternative to disable/enable jobs without the corresponding permission is to create new jobs which do this internally. For example, a job that needs job names as parameters, and disables them.
You could use curl + credentials of a Jenkins user with the Job Configure permission.
You could use plugins. For example, this script using the Job DSL Plugin:
job("jobname"){
using("jobname")
disabled(true)
}
For other options, check out this question.
You may try to install this plugin to get the enable/disable button for the individual project-
I checked in my Jenkins and I could see this:
But when I checked under plugins section I don't see this extra column plugin installed. Probably this is the default behavior in latest versions of Jenkins.

Restrict a build step for a job name or user

Is there a way to restrict a build step for a user. I have added a build step using the templates plugin, this template is for the deployment.
I do not want any users who has access to create a job or modify a job to be able to use this build step. The new build step that has been added should only be used by the the administrator.
If people can modifying Job configuration, they can get around any limitation you would place.
If your step can be executed post-build, I suggest to take a look at Promoted Builds plugin. The promotions can be configured to be limited to certain users only. But again, if a user has ability to change job configuration, they can overcome that easily.
The only way I can think of, is to have an external script (or preferably a compiled program than cannot be simply "read" with text editor) that is expecting a password that only you now, before executing whatever secret stuff that you want.

Resources