How to restrict access to some shared libraries methods
18 views
Skip to first unread message
Cristiano Kliemann
Aug 16, 2017, 9:42:15 AM8/16/17
to Jenkins Users
Hi,
We are developing pipeline shared libraries to organize common tasks. Some of the functionality involves deploying files to our binary repository. We've decided to create small classes and methods to keep things simple and maintainable. But we have some concerns about what the developer should have access. Take the example below:
src/com/mycompany/Deployer.groovy:
package com.mycompanyclass Deployer { // I don't want the developer to call this method directly def deploy(file) {
// }}vars/myDeploy.groovy:
def call(file) { checkFileContents(file) checkPermissions() // ... does a lot of things and then: new com.mycompany.Deployer().deploy(file)}
Jenkinsfile:
node() {
// Ok
myDeploy('file.bin')
// Should raise an exception
new com.mycomany.Deployer().deploy('file.bin')
}We would like to restrict which methods can be directly called from the Jenkinsfile.
Is there any way to implement such restriction?
Thanks,
Cristiano
R. Tyler Croy
Aug 16, 2017, 10:39:21 AM8/16/17
to jenkins...@googlegroups.com
(replies inline)
On Wed, 16 Aug 2017, Cristiano Kliemann wrote:
> Hi,
>
> We are developing pipeline shared libraries to organize common tasks. Some
> of the functionality involves deploying files to our binary repository.
> We've decided to create small classes and methods to keep things simple and
> maintainable. But we have some concerns about what the developer should
> have access. Take the example below:
On what basis are you intending to restrict the access? You can simply add
Pipeline Shared Libraries at a Folder level, and only add the referenced Shared
Library to a folder with "trusted" Pipelines.
Or the deploy() method could maybe look at `env.JOB_NAME` to select from an
inclusion list of Pipelines which execute the rest of the method body?
Otherwise, I'm not sure how you might wish to restrict the usage.
Cheers
- R. Tyler Croy
------------------------------------------------------
Code: <https://github.com/rtyler>
Chatter: <https://twitter.com/agentdero>
xmpp: rty...@jabber.org
% gpg --keyserver keys.gnupg.net --recv-key 1426C7DC3F51E16F
------------------------------------------------------
On Wed, 16 Aug 2017, Cristiano Kliemann wrote:
> Hi,
>
> We are developing pipeline shared libraries to organize common tasks. Some
> of the functionality involves deploying files to our binary repository.
> We've decided to create small classes and methods to keep things simple and
> maintainable. But we have some concerns about what the developer should
> have access. Take the example below:
Pipeline Shared Libraries at a Folder level, and only add the referenced Shared
Library to a folder with "trusted" Pipelines.
Or the deploy() method could maybe look at `env.JOB_NAME` to select from an
inclusion list of Pipelines which execute the rest of the method body?
Otherwise, I'm not sure how you might wish to restrict the usage.
Cheers
- R. Tyler Croy
------------------------------------------------------
Code: <https://github.com/rtyler>
Chatter: <https://twitter.com/agentdero>
xmpp: rty...@jabber.org
% gpg --keyserver keys.gnupg.net --recv-key 1426C7DC3F51E16F
------------------------------------------------------
Daniel Beck
Aug 27, 2017, 11:01:27 PM8/27/17
to Jenkins Users
> On 16. Aug 2017, at 06:42, Cristiano Kliemann <crist...@gmail.com> wrote:
>
> Is there any way to implement such restriction?
>
Try to `new Exception()` (don't throw) and inspect its stack trace to see who called the method.
Reply all
Reply to author
Forward
0 new messages