![]() |
|
|
|
|
Change By:
|
domi
(16/Sep/12 11:47 AM)
|
|
Description:
|
This issue is about implementing a security model where a job is only allowed to be executed on a subset of all slaves.
This topic was discussed on IRC and also in the office hours at 5.Sep 2012 by KK, Max Spring and Dominik Bartholdi.
The idea would be to have the build carry some kind of identity when it runs. This could then be verified whether it is allowed to run on a specific slave (right now it's always run as ACL.SYSTEM).
There must be a way to allow the user to define the identity that the job runs as. This should not be configurable in every single job, but
(at least as default)
only on global level - otherwise someone is able to execute its job on a slave he is actually not allowed to.
Such a mapping could also be exposed as a new extension point to allow different implementations - e.g. in our case we already follow naming standards for the job names, and these could be reused together with labels on the slaves. An other implementation might just do that manually...
Why is this useful?
In our usecase, we have one master with many slaves, but each slave is assigned to one or more teams only. Other then these teams should not be allowed to use these slaves as executors.
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
