[JENKINS-31425] should be able to specify multiple users or groups for the submitter of an input step - Jenkins Jira

Details

Type: Improvement
Status: Resolved (View Workflow)
Priority: Minor
Resolution: Fixed
Component/s: pipeline-input-step-plugin
Labels:
- blueocean
Environment:
workflow 1.10.1

Similar Issues:

Show

Description

It is quite often that the team writing workflows does not have access to create groups in the external authenitcation realm (e.g. ActiveDirectory).

The input step allows you to restrict who can approve (submit) the input - but this is limited to a single user or group.

It would be beneficial if this could be expanded to a list that could contain multiple users or groups (i.e a mix).

Attachments

Issue Links

is duplicated by

JENKINS-32341 Submitter in input directive has to accept comma separated values

Closed

is related to

JENKINS-27134 Permission for input approval, or choice of Jenkins-specific group as submitter

Open

links to

CloudBees Internal OSS-837

PR 6

Activity

Ascending order - Click to sort in descending order

View 9 older comments

Sam Gleske added a comment - 2016-10-05 19:24 - edited

Dependencies on specific authorization strategies will not be entertained.

I'm not sure how you came to the conclusion that this request is dependent on a specific authorization strategy. Right now, only one Jenkins Group or one User is allowed for the input step. The actual request is one or more Jenkins Groups (agnostic to the strategy being used). Most authorization strategies (like the GitHub Authorization Strategy) surface their authorizations as Jenkins Groups.

not the “multiple” part per se.

The original purpose for this request is just the "'multiple' part".

Also after reading JENKINS-27134, I'd say it's not good for how my team works. We don't want "one person or group of people" to approve all parts of the pipeline. There's a whole approval process at my place of work (like Dev deployer, QA teams deploying, and an entire separate permission for production deployments). The current behavior is good enough.

JENKINS-27134 is not a good proposal for how my teams work.

Sam Gleske added a comment - 2016-10-05 19:24 - edited Dependencies on specific authorization strategies will not be entertained. I'm not sure how you came to the conclusion that this request is dependent on a specific authorization strategy. Right now, only one Jenkins Group or one User is allowed for the input step. The actual request is one or more Jenkins Groups (agnostic to the strategy being used). Most authorization strategies (like the GitHub Authorization Strategy) surface their authorizations as Jenkins Groups. not the “multiple” part per se. The original purpose for this request is just the "'multiple' part". Also after reading JENKINS-27134 , I'd say it's not good for how my team works. We don't want "one person or group of people" to approve all parts of the pipeline. There's a whole approval process at my place of work (like Dev deployer, QA teams deploying, and an entire separate permission for production deployments). The current behavior is good enough. JENKINS-27134 is not a good proposal for how my teams work.

Roman Pickl added a comment - 2016-10-18 08:02

See https://www.cloudbees.com/sites/default/files/2016-jenkins-world-no_you_shouldnt_do_that_lessons_from_using_pipeline.pdf last slide on how people currently try to cope with this limitation.

def magicValue
node {
withCredentials([
[$class: 'StringBinding', credentialsId: 'production_magic', variable:
'tmpMagicValue'
]
])

{ magicValue = env.tmpMagicValue }

}
while (true) {
def pass = input id: 'PushToProduction', message: 'Please enter the magic value for publishing to
production ', parameters: [[$class:
'com.michelin.cio.hudson.plugins.passwordparam.PasswordParameterDefinition', defaultValue:
'wibble', description: 'The magic token to show you have rights to push to production', name:
'authentication token']]
if (magicValue != pass) {
echo "incorrect value entered"
} else {
echo "Push to production approved by magic"
break
}

Please fix this.

Roman Pickl added a comment - 2016-10-18 08:02 See https://www.cloudbees.com/sites/default/files/2016-jenkins-world-no_you_shouldnt_do_that_lessons_from_using_pipeline.pdf last slide on how people currently try to cope with this limitation. def magicValue node { withCredentials([ [$class: 'StringBinding', credentialsId: 'production_magic', variable: 'tmpMagicValue' ] ]) { magicValue = env.tmpMagicValue } } while (true) { def pass = input id: 'PushToProduction', message: 'Please enter the magic value for publishing to production ', parameters: [[$class: 'com.michelin.cio.hudson.plugins.passwordparam.PasswordParameterDefinition', defaultValue: 'wibble', description: 'The magic token to show you have rights to push to production', name: 'authentication token']] if (magicValue != pass) { echo "incorrect value entered" } else { echo "Push to production approved by magic" break } Please fix this.

SCM/JIRA link daemon added a comment - 2016-10-24 19:40

Code changed in jenkins
User: Emilio Escobar
Path:
src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStep.java
src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepExecution.java
src/main/resources/org/jenkinsci/plugins/workflow/support/steps/input/InputStep/help-submitter.html
src/test/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepTest.java
http://jenkins-ci.org/commit/pipeline-input-step-plugin/e2563fbbac634b6c9f64cd00755478064fcdd2bf
Log:
~~JENKINS-31425~~ multiple submitters are allowed

SCM/JIRA link daemon added a comment - 2016-10-24 19:40 Code changed in jenkins User: Emilio Escobar Path: src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStep.java src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepExecution.java src/main/resources/org/jenkinsci/plugins/workflow/support/steps/input/InputStep/help-submitter.html src/test/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepTest.java http://jenkins-ci.org/commit/pipeline-input-step-plugin/e2563fbbac634b6c9f64cd00755478064fcdd2bf Log: JENKINS-31425 multiple submitters are allowed

SCM/JIRA link daemon added a comment - 2016-10-24 19:40

Code changed in jenkins
User: Jesse Glick
Path:
.gitignore
src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStep.java
src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepExecution.java
src/main/resources/org/jenkinsci/plugins/workflow/support/steps/input/InputStep/help-submitter.html
src/test/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepTest.java
http://jenkins-ci.org/commit/pipeline-input-step-plugin/01c72d7b53c857e0fa7de796a7fefce35260c4fc
Log:
Merge pull request #6 from escoem/~~JENKINS-31425~~

~~JENKINS-31425~~ should be able to specify multiple users or groups for the submitter of an input step

Compare: https://github.com/jenkinsci/pipeline-input-step-plugin/compare/114a36be8362...01c72d7b53c8

SCM/JIRA link daemon added a comment - 2016-10-24 19:40 Code changed in jenkins User: Jesse Glick Path: .gitignore src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStep.java src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepExecution.java src/main/resources/org/jenkinsci/plugins/workflow/support/steps/input/InputStep/help-submitter.html src/test/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepTest.java http://jenkins-ci.org/commit/pipeline-input-step-plugin/01c72d7b53c857e0fa7de796a7fefce35260c4fc Log: Merge pull request #6 from escoem/ JENKINS-31425 JENKINS-31425 should be able to specify multiple users or groups for the submitter of an input step Compare: https://github.com/jenkinsci/pipeline-input-step-plugin/compare/114a36be8362...01c72d7b53c8

Roman Pickl added a comment - 2016-10-25 05:36

thanks!

Roman Pickl added a comment - 2016-10-25 05:36 thanks!

Jenkins

should be able to specify multiple users or groups for the submitter of an input step

Details

Description

Attachments

Issue Links

Activity

People

Dates