Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Jenkins Extensible Choice with user specific items based on users Roles

Tags:

jenkins

I have a situation where I would like to alter the contents of a choice parameter in a Jenkins parametrised build.

In my case I would like one project for deploying the application 'Deploy My App'. When building this project the user is presented with a choice parameter. I would like to alter the contents of this list depending on a user role. i.e. someone with the 'dev_deploy' role will be able to see the dev environments, someone with the 'test_deploy' role will be able to see the test environments etc.

I am currently using the Extensible Choice Parameter plugin and the Role-based Authorization Strategy plugin.

I know that I can write some groovey script to generate the list items for the choice.

def result = ["-------"]

def roles=??????

if(roles.get('dev_deploy') {
    //Add dev environments
    result.add('dev1')
    ....
}
if(roles.get('test_deploy') {
    //Add test environments
    result.add('test1')
    ....
}

return result

I just can't figure out who to get hold of the users roles?

Anyone know how I might do this, or have different solution to the problem?

Many thanks

like image 701
YanisTheYak Avatar asked Feb 10 '16 09:02

YanisTheYak


People also ask

How do I add extended choice parameters in Jenkins?

To install this plugin, you simply need to go to your jenkins instance and navigate to “/pluginManager/available”, and then search for “Extended Choice Parameter Plug-in” in the search box. Be careful! There is another plugin called “Extensible Choice Parameter Plug-in”.

How do you define a role based security in Jenkins?

The Role-Based Access Control authorization strategy is enabled from the global security configuration screen (Manage Jenkins → Configure Global Security) by selecting the Role-based matrix authorization strategy from the Authorization selections (that are displayed when the Enable Security checkbox is enabled) and ...


1 Answers

OK, after a few more searches I came across the source (https://github.com/jenkinsci/role-strategy-plugin/tree/master/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy)

After further reading and a bit of playing around I came up with this...

import com.michelin.cio.hudson.plugins.rolestrategy.*

def result = ["-- Please Select --"]
def authStrategy = jenkins.model.Jenkins.instance.getAuthorizationStrategy()

if(authStrategy instanceof RoleBasedAuthorizationStrategy){
    def currentUser = jenkins.model.Jenkins.instance.getAuthentication().getName();
    def roleMap= authStrategy.roleMaps.get("globalRoles")

    def sids= roleMap.getSidsForRole("Manage_Dev")
    if(sids != null && sids.contains(currentUser)) {
        result.add("dev1")
        ...
    }

    sids= roleMap.getSidsForRole("Manage_Test")
    if(sids != null && sids.contains(currentUser)) {
        result.add("tst1")
        ...
    }
    ...
}

return result

Which works for me. Easy when you know how!

like image 80
YanisTheYak Avatar answered Oct 12 '22 05:10

YanisTheYak