Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31425

should be able to specify multiple users or groups for the submitter of an input step

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      It is quite often that the team writing workflows does not have access to create groups in the external authenitcation realm (e.g. ActiveDirectory).

      The input step allows you to restrict who can approve (submit) the input - but this is limited to a single user or group.

      It would be beneficial if this could be expanded to a list that could contain multiple users or groups (i.e a mix).

        Attachments

          Issue Links

            Activity

            Hide
            sag47 Sam Gleske added a comment - - edited

            Dependencies on specific authorization strategies will not be entertained.

            I'm not sure how you came to the conclusion that this request is dependent on a specific authorization strategy. Right now, only one Jenkins Group or one User is allowed for the input step. The actual request is one or more Jenkins Groups (agnostic to the strategy being used). Most authorization strategies (like the GitHub Authorization Strategy) surface their authorizations as Jenkins Groups.

            not the “multiple” part per se.

            The original purpose for this request is just the "'multiple' part".

            Also after reading JENKINS-27134, I'd say it's not good for how my team works. We don't want "one person or group of people" to approve all parts of the pipeline. There's a whole approval process at my place of work (like Dev deployer, QA teams deploying, and an entire separate permission for production deployments). The current behavior is good enough.

            JENKINS-27134 is not a good proposal for how my teams work.

            Show
            sag47 Sam Gleske added a comment - - edited Dependencies on specific authorization strategies will not be entertained. I'm not sure how you came to the conclusion that this request is dependent on a specific authorization strategy. Right now, only one Jenkins Group or one User is allowed for the input step. The actual request is one or more Jenkins Groups (agnostic to the strategy being used). Most authorization strategies (like the GitHub Authorization Strategy) surface their authorizations as Jenkins Groups. not the “multiple” part per se. The original purpose for this request is just the "'multiple' part". Also after reading JENKINS-27134 , I'd say it's not good for how my team works. We don't want "one person or group of people" to approve all parts of the pipeline. There's a whole approval process at my place of work (like Dev deployer, QA teams deploying, and an entire separate permission for production deployments). The current behavior is good enough. JENKINS-27134 is not a good proposal for how my teams work.
            Hide
            romanp Roman Pickl added a comment -

            See https://www.cloudbees.com/sites/default/files/2016-jenkins-world-no_you_shouldnt_do_that_lessons_from_using_pipeline.pdf last slide on how people currently try to cope with this limitation.

            def magicValue
            node {
            withCredentials([
            [$class: 'StringBinding', credentialsId: 'production_magic', variable:
            'tmpMagicValue'
            ]
            ])

            { magicValue = env.tmpMagicValue }

            }
            while (true) {
            def pass = input id: 'PushToProduction', message: 'Please enter the magic value for publishing to
            production ', parameters: [[$class:
            'com.michelin.cio.hudson.plugins.passwordparam.PasswordParameterDefinition', defaultValue:
            'wibble', description: 'The magic token to show you have rights to push to production', name:
            'authentication token']]
            if (magicValue != pass)

            { echo "incorrect value entered" }

            else

            { echo "Push to production approved by magic" break }

            Please fix this.

            Show
            romanp Roman Pickl added a comment - See https://www.cloudbees.com/sites/default/files/2016-jenkins-world-no_you_shouldnt_do_that_lessons_from_using_pipeline.pdf last slide on how people currently try to cope with this limitation. def magicValue node { withCredentials([ [$class: 'StringBinding', credentialsId: 'production_magic', variable: 'tmpMagicValue' ] ]) { magicValue = env.tmpMagicValue } } while (true) { def pass = input id: 'PushToProduction', message: 'Please enter the magic value for publishing to production ', parameters: [[$class: 'com.michelin.cio.hudson.plugins.passwordparam.PasswordParameterDefinition', defaultValue: 'wibble', description: 'The magic token to show you have rights to push to production', name: 'authentication token']] if (magicValue != pass) { echo "incorrect value entered" } else { echo "Push to production approved by magic" break } Please fix this.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Emilio Escobar
            Path:
            src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStep.java
            src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepExecution.java
            src/main/resources/org/jenkinsci/plugins/workflow/support/steps/input/InputStep/help-submitter.html
            src/test/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepTest.java
            http://jenkins-ci.org/commit/pipeline-input-step-plugin/e2563fbbac634b6c9f64cd00755478064fcdd2bf
            Log:
            JENKINS-31425 multiple submitters are allowed

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Emilio Escobar Path: src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStep.java src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepExecution.java src/main/resources/org/jenkinsci/plugins/workflow/support/steps/input/InputStep/help-submitter.html src/test/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepTest.java http://jenkins-ci.org/commit/pipeline-input-step-plugin/e2563fbbac634b6c9f64cd00755478064fcdd2bf Log: JENKINS-31425 multiple submitters are allowed
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            .gitignore
            src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStep.java
            src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepExecution.java
            src/main/resources/org/jenkinsci/plugins/workflow/support/steps/input/InputStep/help-submitter.html
            src/test/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepTest.java
            http://jenkins-ci.org/commit/pipeline-input-step-plugin/01c72d7b53c857e0fa7de796a7fefce35260c4fc
            Log:
            Merge pull request #6 from escoem/JENKINS-31425

            JENKINS-31425 should be able to specify multiple users or groups for the submitter of an input step

            Compare: https://github.com/jenkinsci/pipeline-input-step-plugin/compare/114a36be8362...01c72d7b53c8

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: .gitignore src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStep.java src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepExecution.java src/main/resources/org/jenkinsci/plugins/workflow/support/steps/input/InputStep/help-submitter.html src/test/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepTest.java http://jenkins-ci.org/commit/pipeline-input-step-plugin/01c72d7b53c857e0fa7de796a7fefce35260c4fc Log: Merge pull request #6 from escoem/ JENKINS-31425 JENKINS-31425 should be able to specify multiple users or groups for the submitter of an input step Compare: https://github.com/jenkinsci/pipeline-input-step-plugin/compare/114a36be8362...01c72d7b53c8
            Hide
            romanp Roman Pickl added a comment -

            thanks!

            Show
            romanp Roman Pickl added a comment - thanks!

              People

              • Assignee:
                escoem Emilio Escobar
                Reporter:
                teilo James Nord
              • Votes:
                11 Vote for this issue
                Watchers:
                20 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: