Details
-
Type:
Improvement
-
Status: Resolved (View Workflow)
-
Priority:
Minor
-
Resolution: Fixed
-
Component/s: pipeline-input-step-plugin
-
Labels:
-
Environment:workflow 1.10.1
-
Similar Issues:
Description
It is quite often that the team writing workflows does not have access to create groups in the external authenitcation realm (e.g. ActiveDirectory).
The input step allows you to restrict who can approve (submit) the input - but this is limited to a single user or group.
It would be beneficial if this could be expanded to a list that could contain multiple users or groups (i.e a mix).
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-
- is related to
-
-
- Open
-
- links to
Activity
See https://www.cloudbees.com/sites/default/files/2016-jenkins-world-no_you_shouldnt_do_that_lessons_from_using_pipeline.pdf last slide on how people currently try to cope with this limitation.
def magicValue
node {
withCredentials([
[$class: 'StringBinding', credentialsId: 'production_magic', variable:
'tmpMagicValue'
]
])
}
while (true) {
def pass = input id: 'PushToProduction', message: 'Please enter the magic value for publishing to
production ', parameters: [[$class:
'com.michelin.cio.hudson.plugins.passwordparam.PasswordParameterDefinition', defaultValue:
'wibble', description: 'The magic token to show you have rights to push to production', name:
'authentication token']]
if (magicValue != pass) {
echo "incorrect value entered"
} else {
echo "Push to production approved by magic"
break
}
Please fix this.
Code changed in jenkins
User: Emilio Escobar
Path:
src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStep.java
src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepExecution.java
src/main/resources/org/jenkinsci/plugins/workflow/support/steps/input/InputStep/help-submitter.html
src/test/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepTest.java
http://jenkins-ci.org/commit/pipeline-input-step-plugin/e2563fbbac634b6c9f64cd00755478064fcdd2bf
Log:
JENKINS-31425 multiple submitters are allowed
Code changed in jenkins
User: Jesse Glick
Path:
.gitignore
src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStep.java
src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepExecution.java
src/main/resources/org/jenkinsci/plugins/workflow/support/steps/input/InputStep/help-submitter.html
src/test/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepTest.java
http://jenkins-ci.org/commit/pipeline-input-step-plugin/01c72d7b53c857e0fa7de796a7fefce35260c4fc
Log:
Merge pull request #6 from escoem/JENKINS-31425
JENKINS-31425 should be able to specify multiple users or groups for the submitter of an input step
Compare: https://github.com/jenkinsci/pipeline-input-step-plugin/compare/114a36be8362...01c72d7b53c8
thanks!
I'm not sure how you came to the conclusion that this request is dependent on a specific authorization strategy. Right now, only one Jenkins Group or one User is allowed for the input step. The actual request is one or more Jenkins Groups (agnostic to the strategy being used). Most authorization strategies (like the GitHub Authorization Strategy) surface their authorizations as Jenkins Groups.
The original purpose for this request is just the "'multiple' part".
Also after reading JENKINS-27134, I'd say it's not good for how my team works. We don't want "one person or group of people" to approve all parts of the pipeline. There's a whole approval process at my place of work (like Dev deployer, QA teams deploying, and an entire separate permission for production deployments). The current behavior is good enough.
JENKINS-27134 is not a good proposal for how my teams work.