Matrix Authorization and Ambiguous Permission Assignments

phil.j...@gmail.com

unread,

Aug 19, 2022, 2:42:57 PM8/19/22

to jenkins-job-builder

Helllo!

Starting with version 3.0 of the Matrix Authorization Strategy plugin (https://plugins.jenkins.io/matrix-auth/#releases) , the plugin APIs were changed to support differentiating between users and groups.

Will support for this be added to future versions of JJB or is there an existing workaround?

phil.j...@gmail.com

unread,

Aug 19, 2022, 4:23:12 PM8/19/22

to jenkins-job-builder

Sorry to bother, I found the answer myself. The syntax for a group looks like

- authorization:

GROUP:CN=xxx,OU=xxx,DC=xxx,DC=xxx,DC=com:

- job-build

- job-read

- job-status

Thanh Ha

unread,

Aug 19, 2022, 4:31:29 PM8/19/22

to phil.j...@gmail.com, jenkins-job-builder

Hi Phil,

Thanks for replying with the answer to your question. I'm sure it will help someone Googling it in the future.

I do want to address a larger concern that your question unintentionally touched on. Truth of the matter is JJB is no longer actively in development and hasn't been for a couple of years now. There is no roadmap or any kind of planned changes. All contributions these days come from outside contributors who are mostly drive-by contributors. For a couple of years now I've been reviewing and merging contributions with the help of a few others in the community to keep the project alive despite JJB being a tool I haven't used in quite a while and do not really have much interest in anymore.

We've tried to call for new maintainers to step up a couple of times in a few different spaces such as [0] and a few other places. Unfortunately to no avail as I think folks are interested in adding new features to the tool but not enough to step up and keep the project alive by becoming an active maintainer of the project. Unfortunately I've just started on paternity leave recently and have no plans to review any code in the JJB for the foreseeable future. Sadly I suspect this may mean the end of JJB unless other people or organizations decide to step up in a big way to keep this project going.

Unless you or your organization can dedicate resources to building the feature you want and contribute it back I would say it's unlikely any features will be added to the project. Even if the feature is implemented I'm not sure there's enough core maintainers active on this project anymore to actually get it merged into the code base either so may just sit in code review indefinitely. I know this isn't great news but it is unfortunately the state of the project today.

Regards,

Thanh

[0] https://groups.google.com/g/jenkins-job-builder/c/Bnddb1V3HBA/m/dDrwLVG2AAAJ

--
You received this message because you are subscribed to the Google Groups "jenkins-job-builder" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkins-job-bui...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkins-job-builder/03fd39b6-b43f-4762-815a-e7aab4e736dan%40googlegroups.com.

Vsevolod Fedorov

unread,

Aug 20, 2022, 11:20:56 AM8/20/22

to Thanh Ha, phil.j...@gmail.com, jenkins-job-builder, Artem Nikitin

Hi,

Our company uses jjb for CI. And, recently, decided to contribute to it also. So, for last month, I am working on the project - there are 5 reviews already and more to come.
But there are no one reviewing them except for one my coworker. And no one having +2 access rights. So, it looks like, those reviews are stuck forever.
I will keep on developing jjb for using in our company. Currently I push to our internal gitlab instance.

My the question is: what can be done next? Could reviews be reviewed and merged somehow?

Are there any one interesting in these new versions of jjb? if not, I will continue development on our internal gitlab and won't be afraid to break any backward compatibility.
If yes, I ask you to show up and propose plans for distribution, for example setting up github repository, or giving someone commit (+2) rights. It would also be helpful to know, how many people and companies are still using jjb.

Vsevolod.

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkins-job-builder/CAHrkGO_kP6FqnUTLMunR7ct0RJRwQOuh-d3SLPvjCVuY9bT-BA%40mail.gmail.com.

Thanh Ha

unread,

Aug 20, 2022, 12:30:19 PM8/20/22

to Vsevolod Fedorov, phil.j...@gmail.com, jenkins-job-builder, Artem Nikitin

Hi Vsevolod,

At this point I think it makes sense to just grant +2 permissions to anyone that asks or contributes. With that said I've added you to both the jjb-core and jjb-release groups which should allow you to merge and produce JJB releases (we have automation in place that simply requires a Git tag with the version number to release to be pushed to Gerrit to produce a release on pypi). This should at least allow you to continue to develop JJB upstream which I hope you continue to do so. I definitely don't want to be the reason this project is stalled if reviews are all waiting on me at this point.

We've granted +2 permissions to community members in the past but our biggest problem is finding maintainers who have enough interest to stick around long enough. Problem is people tend to disappear after a while, it's been difficult to find maintainers who can/want to stick around for more than a year. Without people who have interest in keeping the project going and also to spend time reviewing contributions from folks outside of their own company. I'm afraid this project's longevity is already in question at this point.

If we really cannot get any new long-term maintainers to join this project then perhaps it might make sense to officially sunset this project if anything to clarify the state that this project really is no longer actively maintained.