Ownership plugin - automatically assigning ownership in multibranch projects
49 views
Skip to first unread message
Jordan Coll
Mar 24, 2017, 7:16:03 PM3/24/17
to Jenkins Developers
Hey,
I'm trying to provide a way to control automatic assignment of job ownership and/or item specific security for branch jobs in MultiBranchProjects.
At first I thought I could allow this by applying a JobOwnerJobProperty in a Pipeline `properties` step.
But, if I understand correctly, this could let any committer change ownership of the branch job (am I right about this?)
At jglick's suggestion, I went about a BranchProperty to assign JobOwnerJobProperty.
This has the added advantage of not having to run the job before permissions and ownership are assigned.
This would allow anyone with configuration permissions on the MultiBranchProject to control ownership on derived branch jobs.
Is this a good thing? I assume ownership configuration was taken out of items' configuration views deliberately for this reason.
I suggest MultiBranchProjects get an extra section in the `Manage Ownership` view for configuring branch job ownership.
This Branch Job ownership section would allow configuring a BranchPropertyStrategy, and the aforementioned BranchProperty to the Project.
Come to think of it, maybe this is what jglick had in mind and I only understood now after digging through the code.
Am I missing anything? How does this sound to you? Any suggestions for Branch Property Strategies?
Cheers,
Jordan
Oleg Nenashev
Mar 27, 2017, 4:16:07 AM3/27/17
to Jenkins Developers, Jesse Glick
Hello Jordan, // Added Jesse to Cc
As an Ownership plugin maintainer, I feel quite biased regarding this feature. Though is seems to be a useful addition to the plugin functionality, the plugin has been mostly created to empower the Ownership-based security strategy (including integrations with Role Strategy, Job Restrictions and Authorize Project plugins). In such use-case branch-specific ownership seems to be something strange, though I admit there may be other use-cases.
I am fine with implementing the feature if it gets delivered with some flexibility (e.g. opt-in or opt-out flag). My only request would be to retain the Ownership inheritance from parent types by default in order to avoid breaking changes.
As an Ownership plugin maintainer, I feel quite biased regarding this feature. Though is seems to be a useful addition to the plugin functionality, the plugin has been mostly created to empower the Ownership-based security strategy (including integrations with Role Strategy, Job Restrictions and Authorize Project plugins). In such use-case branch-specific ownership seems to be something strange, though I admit there may be other use-cases.
I am fine with implementing the feature if it gets delivered with some flexibility (e.g. opt-in or opt-out flag). My only request would be to retain the Ownership inheritance from parent types by default in order to avoid breaking changes.
Is this a good thing? I assume ownership configuration was taken out of items' configuration views deliberately for this reason.
When I was working on the Pipeline support in the plugin, I had no intention to support the per-branch ownership management.
By default Ownership can be configured for "AbstractFolder" and for all Jobs not implementing MatrixConfiguration (proof). Since you do not see the action for branches in Multi-Branch Pipeline, it likely means that the TransientActionFactory extension point is not being invoked for them. Not sure why. Likely Branch actions are being generated by another extension point.
Am I missing anything? How does this sound to you? Any suggestions for Branch Property Strategies?
As I said before in IRC, Ownership plugin offers extension points like OwnershipHelperLocator and ItemOwnershipPolicy, which allow customizing the management flow. Probably you do not even need BranchProperty to implement the feature you want.
Oleg
суббота, 25 марта 2017 г., 0:16:03 UTC+1 пользователь Jordan Coll написал:
Jordan Coll
Mar 27, 2017, 8:26:42 AM3/27/17
to Jenkins Developers, jgl...@cloudbees.com
Hi Oleg,
Thanks for the reply.
Of course, I wouldn't want any change I might introduce to change the current behavior or state of ownership on any item.
Since you do not see the action for branches in Multi-Branch Pipeline, it likely means that the TransientActionFactory extension point is not being invoked for them
I actually do see the action on branch jobs; the current functionality of the plugin works fine on them. The feature request stems from the difference in nature of branch jobs: they are created dynamically, and so, I'd like to be able to dynamically set their ownership. My use case would assign ownership based on branch name, but other strategies are possible (SCM permissions, last committer, ...)
I must've missed the ItemOwnershipPolicy extension point. It sounds exactly like what I need. Where would be the place to implement it? Add a configurable implementation of it to ownership-plugin / branch-api? Write a private plugin for my own use and leave you alone? =)
Again, thanks for the assistance,
Jordan
Reply all
Reply to author
Forward
0 new messages