问题
I need to add some permissions (Read, Build, Workspace, cancel etc) to a spesific user to a lot of jobs. I'm wondering it there is a way to do that using groovy script instead of doing it manually.
回答1:
As far as I know what you are trying to do is not possible.
Link: https://wiki.jenkins-ci.org/display/JENKINS/Matrix-based+security
I would recommend using 'configuration slicing' if there is a change that you want to apply to multiple jobs at the same time.
https://wiki.jenkins-ci.org/display/JENKINS/Configuration+Slicing+Plugin
but i don't think permissions are part of configuration slicing anyway.
回答2:
I tried the above solutions, and they nearly worked. All my attempts resulted in the current, in-memory permissions reflecting the new settings, but those permissions were not saved in config.xml, so when Jenkins was restarted the permissions were lost. Building on Andrew Hura's solution, I came up with this code, which works across a restart:
AbstractProject proj = Hudson.instance.getItem("my_job")
AuthorizationMatrixProperty authProperty = proj.getProperty(hudson.security.AuthorizationMatrixProperty)
authProperty.add("hudson.model.Item.Build:DEV")
Map<Permission, Set<String>> permissionMap = authProperty.getGrantedPermissions()
proj.removeProperty(hudson.security.AuthorizationMatrixProperty)
proj.addProperty(new AuthorizationMatrixProperty(permissionMap))
回答3:
You can use the execute system groovy step to run a script like:
import hudson.security.AuthorizationMatrixProperty
def jobWithPermissionsYouWant = "template-job-name"
def jobToAddPermissions = "job-to-update-name"
def jen = Jenkins.getInstance();
def templateJob = jen.getItem(jobWithPermissionsYouWant);
//get permissions from another job (use it as permissions template)
def autTemplate = templateJob.getProperty(AuthorizationMatrixProperty.class)
def permissionSetToAdd = autTemplate.getGrantedPermissions()
//get the authorization matrix property of the job you want to update
def jobToUpdate = jen.getItem(jobToAddPermissions);
def autToUpdate = jobToUpdate.getProperty(AuthorizationMatrixProperty.class)
def currPermissionSet = autToUpdate.getGrantedPermissions()
//for each permission in the template job, add permission to the job you want to update
permissionSetToAdd.each{
autToUpdate.add(it.key, "your.email@here.com")
}
println("the permissions after update: ${autToUpdate.getGrantedPermissions()}" )
(if you figure out how to get a permission object without reading it from a different job, please update)
回答4:
We don't need to create new permission object, just create new hudson.security.AuthorizationMatrixProperty:
Jenkins.instance.getItem("JobName")
.removeProperty(hudson.security.AuthorizationMatrixProperty)
Jenkins.instance.getItem("JobName")
.addProperty(new hudson.security.AuthorizationMatrixProperty())
Jenkins.instance.getItem("JobName")
.getProperty(hudson.security.AuthorizationMatrixProperty)
.add("hudson.model.Item.Build:DEV")
where "hudson.model.Item.Build:DEV" is a permission string you can take from xml file with configured permissions you need
回答5:
Have a look a the script here: https://github.com/MovingBlocks/GroovyJenkins/blob/master/src/main/groovy/ChangeSecurityPerJob.groovy
You should be able to pull parts of it out to do what you want, kinda like this.
AbstractProject proj = Hudson.instance.getItem("YourJob")
AuthorizationMatrixProperty authProperty = proj.getProperty(AuthorizationMatrixProperty.class)
Map<Permission,Set<String>> newPermissions = new HashMap<Permission, Set<String>>()
newPermissions.put(Item.BUILD, users)
proj.addProperty(new AuthorizationMatrixProperty(newPermissions))
proj.save()
The more interesting part is if you need to merge the permissions.
You can find example for that in the above link as well.
来源:https://stackoverflow.com/questions/26449432/jenkins-add-permissions-to-jobs-using-groovy