Jenkins Manage Assign Roles - Role based Strategy

By -
Here I am finding a solution for the users who belong to QA must have access only to the QA-related jobs. In this post, 

Situation
IT Organizations includes multiple teams such as: QA, Release, Developer and DBA or Middleware Engineers 
Jenkins Master - Container-based
Default all users have the same authorization.

I would like to share how to launch the Jenkins Master on a Docker Container. login with docker playground. As you have provision to Add Node from the left side click it. You will get a terminal to use for 4 hours to play with the Docker engine.

Jenkins Security Realm


 

To run the Jenkins inside docker container

  1. name: Jenkins-master
  2. run in detached mode -d
  3. Port forwarding from container port 8080 to host 8081 and 50000 to 50001
  4. Allocate disk space to run the Jenkins workspace use -v
  5. Docker image from Blue Ocean
Let's launch the Jenkins container using below command:
docker run --name jenkins-master -u root --rm \
 -d -p 8081:8080  -p 50001:50000 \
 -v jenkins-data:/var/jenkins_home \
 -v /var/run/docker.sock:/var/run/docker.sock \
 jenkinsci/blueocean
check Jenkins master logs from the container Jenkins-master 
docker logs jenkins-master
Copy the encrypted InitalAdminPassword to start working on Jenkins
Jenkins runs on Docker

After complete regular steps execution on the Jenkins console installation of Suggested Plugins completed 
Once your Jenkins setup is completed you will see on the browser: Jenkins is ready! Start using Jenkins
to create the default Admin user which we will use for administrating users and managing roles assignment.

Jenkins Admin User
Jenkins Crate First Admin User

Click "save and Continue".

How to create a User in Jenkins?

These users can log into Jenkins. This will be maintained by Jenkins Master 'own user database'.
Let's crate User now, ensure you have login with 'administrator' user 

Navigation steps:
  1. Goto to 'Manage Jenkins'
  2. Select 'Manage Users' 
  3. Select 'Create User'
    1. Enter Username
    2. Enter Password and Confirm Password same
    3. Enter Full name  which will display the name on the top when you log in with this user
    4. In the organizations multi-user Jenkins, to track we must enter the email id
Jenkins User
Create User on Jenkins


Jenkins allows us to create multiple users but they are all set to the global role that means "Anyone can do Anything"  which is not good when you have a lot of users and a lot of projects run in the same Jenkins Security Realm. When the project grows on a large scale we must use 'Role' specific assignment to the users.

How to install 'Role-based Authorization Strategy' plugin?


There is a Jenkins Plugin 'Role Base Strategy' which will allow us to enable the different roles assigned to different team members (users). hence we need to install that plugin. 

Jenkins > Manage Jenkins > Manage Plugin > Available tab filter 'role'.
Select the 'Role-based Authorization Strategy





Enable user authorization using a Role-based strategy. Roles can be defined globally or for particular jobs or nodes selected by regular expressions.

How to configure Global Security for Role-based?

To secure Jenkins we can define who is allowed to access or use the Jenkins Master Configuration from the 'Configure Global Security.  To enable the Role-based Authorization do the following steps:
  • Manage Jenkins 
  • Under the Security section, Select Configure Global Security
  • 'Role-based Autoriaztion' select the radio button 
  • Save the Configuration
Global Configuration Security
Authorization - Role-based Strategy



How to add Global Role in Jenkins?


Navigate to 'Manage Jenkins' then select 'Manage and Assign Roles' from the right pane. 
On the 'Manage Roles's page top, you will see Global roles section, where you will see the admin role as default available with Full access to anything on the Jenkins.Now add the new global role as "devopsAdmin'.
Manage Global Roles

Full Global Role picture

Global Role in Jenkins
Jenkins Manage Global Roles



Now in the Global roles table under 'Overall' choices  'Read' permission. which will enable user to access the Jenkins dashboard. 
On the Global roles table for 'DevopsAdmin' role choose 'View all options.
At the bottom click on 'Apply' button to save and continue.

How to setup Project roles?

On the same page of 'Manage Roles' we can add project-specific roles. Here for test purpose, we are using three roles: 

  1. DBA TEAM - dba
  2. DEVELOPER TEAM - developer
  3. TESTING TEAM - qa


Project roles in Jenkins
Manage roles for Project item

Once all set in the Manage Roles page, go to the 'Assign Roles' option from the 'Manage and Assign Roles' under the Security section.

Assign Global roles for each user

Add the Jenkins users, which were created earlier in our example srini, rajashekhar, melvin are created.
Select the global role which you have created in the Global roles on the 'Manage Roles' page.


After you assign users 'Srini, Melvin, Rajshekhar' the in place of  global roles they automatically turn to dev, dba, qa : 




Similarly, we can assign 'users' - 'Srini, Melvin, Rajsekhar' then the roles for Item (Project-based) as shown below


User adding to Project roles in Jenkins

Finally, we have succeeded in implementing a role-based authorization for the Jenkins system.

Admin full access to all jobs
Jenkins limited access to developer role




Please write your experience with the steps.



.

Comments

Post a Comment

Popular posts from this blog

Ansible Jinja2 Templates: A Complete Guide with Examples

By -
Image
Here I'm starting this post with famous ARISTOTLE quote. "We are what we repeatedly do. Excellence, then is not an act, but a Habit" Welcome back Ansible Automations and who are habituated as Ansible automation specialists this post for them to give boosted walk through, In this post, I would like to share my experiments with Jinja2 templates usage on the Ansible playbook. Of-course Jinja is from Japan it is world famous for templatization capabilities badvanced Ansible templating techniquesy integrating with multiple languages such as Python, Ruby, Salt talk etc. In this post we will be cover the following topics: What is Jinja2 template do in Ansible? Template with filters Template with Lists and sets Template module in Ansible Template with Flow Control Template using Looping Template inheritance** What is Jinja2 template do in Ansible? Jinja2 is another Python library created for Flask web framework, that comes part of Ansible installation. It is special ability as i...
Read more

Ansible 11 The uri module with examples

By -
Image
 Hey DevSecOps Automation specialist, Welcome back to the DevOps Hunter blog. In this post, I made it for learning more about all possible parameters that we can use when an application validation is done with the Ansible 'uri' module.  Why uri module? Web Application returns status HTTPCode 200 for success, 404 for failures, and also for 503 for Server internal issues. When you work on the restart of a web application we need to know the status of the application to proceed with the next move. So this uri module is most important for reboot and restart of web applications using ansible. The uri module parameters Supported parameters include: attributes, backup, body, body_format, client_cert, client_key, content, creates, delimiter, dest, directory_mode, follow, follow_redirects, force, force_basic_auth, group, headers, http_agent, method, mode, owner, regexp, remote_src, removes, return_content, selevel, serole, setype, seuser, src, status_code, timeout,...
Read more

Jenkins Active choices parameter - Dynamic input

By -
Image
Hello DevOps team!! Today I've revisited the experiment with the Jenkins ACTIVE CHOICE Parameter  to get the Dynamic parameters effect on the Build Job parameters. Installation Active Choice parameter - Groovy Script Prerequisite: Jenkins installed Up and running on your target master machine. Jenkins URL accessible   Step 1: Install Active Choice plugin On the Jenkins Dashboard, select the Manage Jenkins, Plugin- Manager, In the Available tab search for word 'Active', where you can see Active Choice plugin and choose installation option, and this will enables three different parameters in the "Add Paramters" list. They are : 1. Active choice parameter 2. Active Choice Reactive parameter 3. Active choice Reactive Reference parameter Here In my example I will use two of them, Firstly Active Choice Parameter for "environment". Create new item Name: active_project select a freestyle project click OK button. In the General tab, select the checkbo...
Read more