[New plugin] - Explicit ownership of the jobs and slaves

[Oleg Nenashev]

Hello,

I’m working on the new "Ownership Plugin", which will provide explicit ownership of jobs and slaves (more info: https://wiki.jenkins-ci.org/display/JENKINS/Ownership+Plugin).

To the best of my knowledge, Jenkins Enterprise provides “Node owners” plugin (http://jenkins-enterprise.cloudbees.com/docs/user-guide-bundle/nodes-plus-sect-nodeowners.html), so I’d like to prevent possible conflicts in plugin naming and appearance.

I would be very appreciated if somebody could answer following questions:
• What is the name/artifactId/… of the "Node owners" plugin?
• Is there any functionality excepting e-mail notifications (summary boxes, etc.)?
• Does "Node owners" plugin use any specific resources in the job's directories and userContent?

Probably, I should rename plugin in order to avoid confusions.

Thanks in advance,
Oleg Nenashev,
R&D Engineer, Synopsys Inc.
www.synopsys.com 

[Vincent Latombe]

Hi Oleg,

I'm very interested by your plugin concept, I had a similar idea in
mind and I would be happy to try it out.

Concerning cloudbees plugin, as far as I know its artifactId is
cloudbees-nodes-plus so it shouldn't conflict.
On top of what you already listed there is a Cloudbees Folder Plus
plugin that allows to restrict usage of nodes to jobs located in
specific folders, I don't know if it has to be combined with the Nodes
Plus plugin, but its features play in the same category.

I don't think you need to rename the plugin, Ownership looks like the
right name to me.

Cheers,

Vincent


2013/7/11 Oleg Nenashev <o.v.ne...@gmail.com>:

> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-de...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

[Jesse Glick]

On 07/11/2013 06:34 AM, Vincent Latombe wrote:
> there is a Cloudbees Folder Plus
> plugin that allows to restrict usage of nodes to jobs located in
> specific folders, I don't know if it has to be combined with the Nodes
> Plus plugin

Nodes Plus and Folders Plus work independently.

> I don't think you need to rename the plugin, Ownership looks like the
> right name to me.

Agreed, seems like an intuitive name.

[domi]

Hi Oleg,

sounds good, I like the idea - But I think you should also clarify how this is related to this https://issues.jenkins-ci.org/browse/JENKINS-18285 - which is implemented with version 1.520

and later with this https://issues.jenkins-ci.org/browse/JENKINS-16956

regards Domi

[Oleg Nenashev]

Hello Domi,

In my opinion, plugin is not directly related to the mentioned Jenkins issues.

I'm going to implement integration with security plugins (Role Strategy Plugin) via incoming macro roles support (@Owner, @Co-owner roles will be added), but I’m not going to have specific “Ownership Strategy” in the plugin. So, permissions will be handled “as is” by selected strategy. So, "Authentication" will work properly in 1.520+ versions (if security plugin supports it, of course).

BTW, there’s one exception. I’m going to add feature, which allows to prohibit execution of jobs at the slaves according to ownership (ex, “Accept jobs only from the following owners…”). Such mechanism can be considered as a “security” solution, but it doesn’t utilize “Authentication” as well.

Best regards,

Oleg Nenashev

2013/7/11 domi <do...@fortysix.ch>

--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-dev/PIUt-NcD8ws/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-de...@googlegroups.com.

[domi]

Hi Oleg,

Actually, the exception you'r describing is exactly the use case for JENKINS-18285 and the reason for the new extension point 'ProjectAuthenticator'. So if you intend to implement the same functionality in a different way, you should take care and know about the behavior of the EP in the core too.

I also had a look at your first release of the plugin and if you don't mind, I have couple of comments:

- what is the global configuration for the email suffix for? There is no help for it. But anyway - would it not make more sense to have emails picket up in the users configuration, as ownership probably only makes sense in a secure environment, I guess an owner should also be a registered user? There is also an extension to resolve emails: http://javadoc.jenkins-ci.org/hudson/tasks/MailAddressResolver.html

- None of the config fields have any help

- the nested checkbox of the "Slave Owner > Enable Ownership" should visible be more nested. The current checkboxes are on the same level and therefore do not visible reflect the nesting. Why are there two boxes anyway, I think "enable ownership" would be enough?

- on my JNLP slave the OwnerShip Box is listed twice

regards Domi

[Oleg Nenashev]

Hello Domi,

Thank you for review and comments. Please feel free to create issues in the JIRA if you discover anything else. Of course, it’s just a first release, so there’s much work to do in case of help messages, etc. Please feel free to create JIRA issues if you discover any additional issues or have proposals. Seems that jenkins-dev mailing list is not right venue for such discussions.

Below you can find answers to your comments.

Regarding JENKINS-18285...
Just for clarification, I target Jenkins LTS 1.480.3, so JENKINS-18285 is not applicable in my case. But you are definitely right, I should consider integration with newest versions. Please let me take timeout in order to clarify this question.

What is the global configuration for the email suffix for? There is no help for it. But anyway - would it not make more sense to have emails picket up in the users configuration, as ownership probably only makes sense in a secure environment. There is also an extension to resolve emails: http://javadoc.jenkins-ci.org/hudson/tasks/MailAddressResolver.html

“E-mail suffix” is just a hack, which allows provisioning of e-mails in our environment (unfortunately, existing mail resolvers don’t work). I’ll implement my own resolver and then add support of MaillAddressResolver into the plugin (JENKINS-18745).

I guess an owner should also be a registered user?

There’re following requirements:
-    Owner is registered user
-    At current state, owner should have “Configuration” permissions to the job/slave (I’ll make it optional in the next release)
Anyway, I’ll add help files with description. Probably, I should replace list by text field with validation and auto-completion.

None of the config fields have any help

Accepted. I’ll add help pages to all fields.

The nested checkbox of the "Slave Owner > Enable Ownership" should visible be more nested. The current checkboxes are on the same level and therefore do not visible reflect the nesting. Why are there two boxes anyway, I think "enable ownership" would be enough?

Yes, “Enable ownership” is a single option now, but I’m going to add additional options to configuration page, which will available even if node’s ownership is not specified specified. I’ll add indenting in order to prevent confusion.

On my JNLP slave the OwnerShip Box is listed twice

Hmm… Plugin shows only one Box at my slaves. Need to investigate issue… Could you create JIRA issue and provide screenshot/version of Jenkins core/etc.?

Best regards,
Oleg Nenashev

R&D Engineer, Synopsys Inc.
www.synopsys.com

четверг, 11 июля 2013 г., 10:49:09 UTC+4 пользователь Oleg Nenashev написал:

[Oleg Nenashev]

Thanks to all for feedback and contribution,

Ownership Plugin v. 0.2.1 is available for download.
I’ve added usage guidelines and examples to the Wiki, so at the current state plugin is ready for public use.

Best regards,
Oleg Nenashev
www.synopsys.com

суббота, 13 июля 2013 г., 23:12:50 UTC+4 пользователь Oleg Nenashev написал: