Enviar búsqueda
Cargar
Authentication and authorization in Jenkins and nectar 1
•
Descargar como PPTX, PDF
•
2 recomendaciones
•
3,927 vistas
CloudBees
Seguir
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 71
Descargar ahora
Recomendados
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...
lisanl
SCREAM-15: Authentication and Authorization Considerations for a Multi-tenant...
SCREAM-15: Authentication and Authorization Considerations for a Multi-tenant...
heiland
4 dezv-prenat-ii 2013
4 dezv-prenat-ii 2013
jennypain
Two factor authentication with Laravel and Google Authenticator
Two factor authentication with Laravel and Google Authenticator
Allan Denot
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
Jon Todd
Tomasz Janczuk - Webtaskalifragilistexpialidocious
Tomasz Janczuk - Webtaskalifragilistexpialidocious
ServerlessConf
Security models for security architecture
Security models for security architecture
Vladimir Jirasek
graphical password authentication
graphical password authentication
Akhil Kumar
Recomendados
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...
Security Authentication and Authorization Service (AAS) for IBM InfoSphere St...
lisanl
SCREAM-15: Authentication and Authorization Considerations for a Multi-tenant...
SCREAM-15: Authentication and Authorization Considerations for a Multi-tenant...
heiland
4 dezv-prenat-ii 2013
4 dezv-prenat-ii 2013
jennypain
Two factor authentication with Laravel and Google Authenticator
Two factor authentication with Laravel and Google Authenticator
Allan Denot
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
Jon Todd
Tomasz Janczuk - Webtaskalifragilistexpialidocious
Tomasz Janczuk - Webtaskalifragilistexpialidocious
ServerlessConf
Security models for security architecture
Security models for security architecture
Vladimir Jirasek
graphical password authentication
graphical password authentication
Akhil Kumar
3D Password PPT
3D Password PPT
Seminar Links
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
Graphical password authentication
Graphical password authentication
Asim Kumar Pathak
iOS Release Management
iOS Release Management
Samuel Chow
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
Serverless architectures
Serverless architectures
techmaddy
Enterprise Security Architecture
Enterprise Security Architecture
Kris Kimmerle
Adidas brand case study
Adidas brand case study
tomjohnson15
JUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Scaling Your Jenkins Master with Docker
CloudBees
JUC Europe 2015: Plugin Development with Gradle and Groovy
JUC Europe 2015: Plugin Development with Gradle and Groovy
CloudBees
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)
CloudBees
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
CloudBees
JUC Europe 2015: Jenkins Made Easy
JUC Europe 2015: Jenkins Made Easy
CloudBees
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
CloudBees
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...
CloudBees
JUC Europe 2015: Hey! What Did We Just Release?
JUC Europe 2015: Hey! What Did We Just Release?
CloudBees
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...
CloudBees
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
CloudBees
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
CloudBees
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...
CloudBees
JUC Europe 2015: Enabling Continuous Delivery for Major Retailers
JUC Europe 2015: Enabling Continuous Delivery for Major Retailers
CloudBees
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"
CloudBees
Más contenido relacionado
Destacado
3D Password PPT
3D Password PPT
Seminar Links
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
Graphical password authentication
Graphical password authentication
Asim Kumar Pathak
iOS Release Management
iOS Release Management
Samuel Chow
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
Serverless architectures
Serverless architectures
techmaddy
Enterprise Security Architecture
Enterprise Security Architecture
Kris Kimmerle
Adidas brand case study
Adidas brand case study
tomjohnson15
Destacado
(8)
3D Password PPT
3D Password PPT
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Graphical password authentication
Graphical password authentication
iOS Release Management
iOS Release Management
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
Serverless architectures
Serverless architectures
Enterprise Security Architecture
Enterprise Security Architecture
Adidas brand case study
Adidas brand case study
Más de CloudBees
JUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Scaling Your Jenkins Master with Docker
CloudBees
JUC Europe 2015: Plugin Development with Gradle and Groovy
JUC Europe 2015: Plugin Development with Gradle and Groovy
CloudBees
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)
CloudBees
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
CloudBees
JUC Europe 2015: Jenkins Made Easy
JUC Europe 2015: Jenkins Made Easy
CloudBees
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
CloudBees
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...
CloudBees
JUC Europe 2015: Hey! What Did We Just Release?
JUC Europe 2015: Hey! What Did We Just Release?
CloudBees
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...
CloudBees
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
CloudBees
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
CloudBees
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...
CloudBees
JUC Europe 2015: Enabling Continuous Delivery for Major Retailers
JUC Europe 2015: Enabling Continuous Delivery for Major Retailers
CloudBees
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"
CloudBees
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
CloudBees
JUC Europe 2015: Evolving the Jenkins UI
JUC Europe 2015: Evolving the Jenkins UI
CloudBees
JUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache Mesos
JUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache Mesos
CloudBees
JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...
JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...
CloudBees
JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...
JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...
CloudBees
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
CloudBees
Más de CloudBees
(20)
JUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Scaling Your Jenkins Master with Docker
JUC Europe 2015: Plugin Development with Gradle and Groovy
JUC Europe 2015: Plugin Development with Gradle and Groovy
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)
JUC Europe 2015: Multi-Node Environment as a Jenkins Slave (Compound-Slave)
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
JUC Europe 2015: Jenkins Made Easy
JUC Europe 2015: Jenkins Made Easy
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
JUC Europe 2015: Scaling of Jenkins Pipeline Creation and Maintenance
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...
JUC Europe 2015: From Virtual Machines to Containers: Achieving Continuous In...
JUC Europe 2015: Hey! What Did We Just Release?
JUC Europe 2015: Hey! What Did We Just Release?
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...
JUC Europe 2015: Orchestrating Your Pipelines with Jenkins, Python and the Je...
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...
JUC Europe 2015: Optimizing Your CI: Lessons Learned from a Successful Jenkin...
JUC Europe 2015: Enabling Continuous Delivery for Major Retailers
JUC Europe 2015: Enabling Continuous Delivery for Major Retailers
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"
JUC Europe 2015: Bringing CD at Cloud-Scale with Jenkins, Docker and "Tiger"
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
JUC Europe 2015: Making Strides towards Enterprise-Scale DevOps...with Jenkin...
JUC Europe 2015: Evolving the Jenkins UI
JUC Europe 2015: Evolving the Jenkins UI
JUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache Mesos
JUC Europe 2015: Using Infrastructure Nodes Wisely With Jenkins and Apache Mesos
JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...
JUC Europe 2015: How to Optimize Automated Testing with Everyone's Favorite B...
JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...
JUC 2015 - Keynote Address and Opening Remarks by Kohsuke Kawaguchi, Founder,...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
Último
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Pixlogix Infotech
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Zilliz
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Dilum Bandara
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Precisely
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
DianaGray10
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
Último
(20)
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
Authentication and authorization in Jenkins and nectar 1
1.
Authentication and Authorization
in Jenkins and Nectar July 27th, 2011 ©2011 CloudBees, Inc. All Rights Reserved
2.
The slides will
be made available as well as a link to the replay of this webinar. Links will be sent in an email after the webinar has finished (2-3 days). Housekeeping ©2011 CloudBees, Inc. All Rights Reserved
3.
The Presenters Who
exactly is talking? ©2011 CloudBees, Inc. All Rights Reserved
4.
Stephen Connolly Responsible
for Most of this talk Trying to answer the questions Harpreet Singh Responsible for Ensuring Stephen does not go too fast/slow Keeping track of questions for the Q&A session The Presenters ©2011 CloudBees, Inc. All Rights Reserved
5.
Overview What we
will be covering today ©2011 CloudBees, Inc. All Rights Reserved
6.
Jenkins Security Architecture
Authentication Plugins Authorization Plugins CloudBees’ RBAC plugin Common Use Cases & Walk-throughs Questions & Answers Overview ©2011 CloudBees, Inc. All Rights Reserved
7.
CloudBees Who are
we and what we can do for you? ©2011 CloudBees, Inc. All Rights Reserved
8.
9.
DEV@cloud – Cloud
Services for Developers
10.
11.
CloudBees Jenkins Solutions
©2011 CloudBees, Inc. All Rights Reserved CloudBees’ Pro version of Jenkinsproprietary add-ons, stable release cycle Professional support from the Experts
12.
CloudBees Jenkins Solutions
©2011 CloudBees, Inc. All Rights Reserved Self-service “Jenkins as a Service”pay-as-you-go public cloud DEV@cloud CloudBees’ Pro version of Jenkinsproprietary add-ons, stable release cycle Professional support from the Experts
13.
CloudBees Jenkins Solutions
©2011 CloudBees, Inc. All Rights Reserved Self-Service“Jenkins as a Service”for Enterprises DEV@cloudPrivate Edition Self-service “Jenkins as a Service”pay-as-you-go public cloud DEV@cloud CloudBees’ Pro version of Jenkinsproprietary add-ons, stable release cycle Professional support from the Experts
14.
Jenkins Security Architecture
Server security Security Realms Authorization Strategies Master/Slave security Authentication Plugins Authorization Plugins CloudBees’ RBAC plugin Common Use Cases & Walk-throughs Questions & Answers Overview ©2011 CloudBees, Inc. All Rights Reserved
15.
Jenkins Security Architecture
What goes where and which does what… ©2011 CloudBees, Inc. All Rights Reserved
16.
Security Realm provides
user identity Authorization Strategy provides user’s permissions for each object. Actions can require a specific permission to be performed. Jenkins Security Architecture ©2011 CloudBees, Inc. All Rights Reserved Security Realm Object Identity Action AuthorizationStrategy Permission Access Plugins extension points
17.
Depends on your
server: Operating System Windows Linux Servlet container Winstone (java -jar jenkins.war) Tomcat Jetty JBoss etc Server security ©2011 CloudBees, Inc. All Rights Reserved
18.
19.
Server firewall configured
appropriately
20.
Server remote access
locked down
21.
Remote desktop on
Windows
22.
SSHD on *nix
23.
Servlet container running
as restricted user
24.
Consider Apache HTTPD
or nginx if exposing on a public networkServer security (cont.) ©2011 CloudBees, Inc. All Rights Reserved
25.
What are they
Core Jenkins extension point for Authentication Responsible for validating user identity Can only select one. Default for clean install: None What is available already Core None Unix PAM Internal DB Legacy Container Open Source Plugins Active Directory CAS v1 CollabNet Crowd MySQL DB OpenID SSO Script & Extended Script SourceForge Enterprise Edition … Security Realms ©2011 CloudBees, Inc. All Rights Reserved
26.
What are they
Core Jenkins extension point for Authorization Responsible for deciding the permissions available to users. Can only select one. Default for clean install: Unsecured What is available already Core Global Matrix Project Matrix Logged in user can do anything Legacy Authorization Open Source Plugins CollabNet Role strategy SourceForge Enterprise Edition … CloudBees’ Plugins RBAC Authorization Strategies ©2011 CloudBees, Inc. All Rights Reserved
27.
What are they
The fine-grained activities that can be secured within Jenkins Some permissions aggregate others, e.g. Global Admin implies all other standard permissions Plugins can define their own permissions for their own actions What is available Overall Administer Read Slave Configure Delete Job Create Delete Configure Read Build Workspace View Create Delete Configure … Permissions ©2011 CloudBees, Inc. All Rights Reserved
28.
29.
Use VM for
slaves & reset VM image after every build
30.
Launch slave process
with a read-only JVM
31.
Access to slaves
should be as restricted as the Master
32.
Install build tools
read-onlyMaster / Slave security ©2011 CloudBees, Inc. All Rights Reserved Take Away SCM security sets the upper bound
33.
34.
Authentication Plugins Who
are you and how can you prove it to me… ©2011 CloudBees, Inc. All Rights Reserved
35.
Not all plugins
implement every feature Key features to check for are: Supports signup Provides group details Supports group lookup Can logout You may not need all/any of the above but it may restrict your choice of Authorization Strategy Authentication Plugins ©2011 CloudBees, Inc. All Rights Reserved
36.
Authenticates the username
and the password through Active Directory Actually multiple implementations under the hood and one is chosen based on your environment Active Directory (plugin) ©2011 CloudBees, Inc. All Rights Reserved Notes: Jenkins does not have to run on Windows to use this. Can require a correctly configured DNS for Active Directory
37.
38.
39.
40.
41.
Authenticates the username
and password through Unix Pluggable Authentication Modules Requires that Jenkins be running on Linux / Mac OSX / Unix Unix PAM (core) ©2011 CloudBees, Inc. All Rights Reserved Notes: Very quick to set-up Handy if you already have a federated PAM configuration If on a public network serve Jenkins over https://
42.
Feature Matrix ©2011
CloudBees, Inc. All Rights Reserved
43.
44.
Authentication PluginsAuthorization Plugins
Matrix Strategy Project-based Matrix Strategy Role strategy CloudBees’ RBAC plugin CloudBees’ RBAC plugin Common Use Cases & Walk-throughs Questions & Answers Overview ©2011 CloudBees, Inc. All Rights Reserved
45.
Authorization Plugins So
tell me… who can do what? ©2011 CloudBees, Inc. All Rights Reserved
46.
A simple matrix
of click-boxes. Each row is a user/group* Each column is a Permission * If the Authentication plugin does not support group details then one row is required for each user Matrix Strategy (core) ©2011 CloudBees, Inc. All Rights Reserved
47.
A simple matrix
of click-boxes. Each row is a user/group* Each column is a Permission Each project can add its own matrix Project-based Matrix Strategy (core) ©2011 CloudBees, Inc. All Rights Reserved
48.
Allows grouping permissions
into roles Roles assigned to users/groups ‡ Project roles are defined using a regex for the project name to which the role is restricted. * If the Authentication plugin does not support group details then one row is required for each user § Requires global Admin role Role Strategy (plugin) ©2011 CloudBees, Inc. All Rights Reserved
49.
A simple matrix
of click-boxesRow: roleColumn: permission Define groups at any level Assign roles to groups Filter roles at any level CloudBees’ RBAC Plugin (plugin) ©2011 CloudBees, Inc. All Rights Reserved
50.
Feature Matrix ©2011
CloudBees, Inc. All Rights Reserved
51.
52.
Authentication Plugins
53.
Authorization PluginsCloudBees’ RBAC
plugin Overview Inheritance model Filtering Common Use Cases & Walk-throughs Questions & Answers Overview ©2011 CloudBees, Inc. All Rights Reserved
54.
CloudBees’ RBAC plugin
Our take on an Authorization Strategy ©2011 CloudBees, Inc. All Rights Reserved
55.
Roles defined in
Nectar External Groups from LDAP / AD / Atlassian Crowd / etc Local Groups defined in Nectar Configure Roles in Local Groups Manage membership in Local Groups Users / other Local Groups / External Groups Role filtering to restrict inheritance A layered approach What Who Tweak ©2011 CloudBees, Inc. All Rights Reserved
56.
Adds new elements
to the GUI ©2011 CloudBees, Inc. All Rights Reserved
57.
Groups are defined
on objects Per-slave permissions Per-folder permissions (Folders Plugin) Per-module permissions (Maven Projects) Role definitions are global Role assignments can be scoped Object based permissions ©2011 CloudBees, Inc. All Rights Reserved
58.
Plan out your
roles Enable security Add the roles Save Define Groups Remove Admin permissions from Authenticated Role Save How to deploy ©2011 CloudBees, Inc. All Rights Reserved
59.
Inheritance model: Groups
and roles Have Dev role if in Devs group or Folder A Devs group Dev Folder A Devs Have Dev role if in Devs group Devs Dev ©2011 CloudBees, Inc. All Rights Reserved
60.
Inheritance model: Pinned
roles Have Dev role if in Folder A Devs group Dev Folder A Devs Devs Dev Nobody has Dev role ©2011 CloudBees, Inc. All Rights Reserved
61.
Filtering Have Dev
role if in Folder A Devs group Dev Folder A Devs Have Dev role if in Devs group Devs Dev ©2011 CloudBees, Inc. All Rights Reserved
62.
63.
Authentication Plugins
64.
Authorization Plugins
65.
CloudBees’ RBAC pluginCommon
Use Cases & Walk-throughs Authenticated only Public read-only Devvs SQA Multi-department Secret skunk-works projects Questions & Answers Overview ©2011 CloudBees, Inc. All Rights Reserved
66.
Common use-cases &
Walk-throughs You’re not so different… here’s how you might do it… ©2011 CloudBees, Inc. All Rights Reserved
67.
Use case System
is set up so that only authenticated users can access. Authenticated users can do anything. Authenticated Only ©2011 CloudBees, Inc. All Rights Reserved
68.
Authenticated Only ©2011
CloudBees, Inc. All Rights Reserved
69.
Walk-through Authenticated Only
use case ©2011 CloudBees, Inc. All Rights Reserved
70.
Use case System
is set up so that anonymous users can browse all projects Anonymous users cannot access the Job Workspaces, or change/trigger anything Authenticated users can do anything. Public read-only ©2011 CloudBees, Inc. All Rights Reserved
71.
Public read-only ©2011
CloudBees, Inc. All Rights Reserved
72.
Walk-through Public read-only
use case ©2011 CloudBees, Inc. All Rights Reserved
73.
Use case System
is set up so that anonymous users can browse all projects. Anonymous users cannot access the Job Workspaces, or change/trigger anything. Authenticated Developers can trigger builds. Authenticate SQA can delete/tag builds. Devvs SQA ©2011 CloudBees, Inc. All Rights Reserved
74.
Devvs SQA ©2011
CloudBees, Inc. All Rights Reserved
75.
Walk-through Devvs SQA
use case ©2011 CloudBees, Inc. All Rights Reserved
76.
Use case System
is set up so that anonymous users can browse all projects Anonymous users cannot access the Job Workspaces, or change/trigger anything Authenticated users can do anything to the projects in their department only. For projects outside their department they are like anonymous users. Multi-department ©2011 CloudBees, Inc. All Rights Reserved
77.
Multi-department ©2011 CloudBees,
Inc. All Rights Reserved
78.
Walk-through Multi-department use
case ©2011 CloudBees, Inc. All Rights Reserved
79.
Use case A
secret project is set up for a skunk-works team. Only the skunk-works team‡ can see the secret project. The skunk-works team are not otherwise restricted. ‡Someone with direct disk access to the master may be able to find the skunk-works project. The aim is to hide the project from the GUI. Secret skunk-works projects ©2011 CloudBees, Inc. All Rights Reserved
80.
Impl matrix with
each plugin Secret skunk-works projects ©2011 CloudBees, Inc. All Rights Reserved
81.
Walk-through Secret skunk-works
projects use case ©2011 CloudBees, Inc. All Rights Reserved
82.
83.
Authentication Plugins
84.
Authorization Plugins
85.
CloudBees’ RBAC plugin
86.
Common Use Cases
& Walk-throughsQuestions & Answers Overview ©2011 CloudBees, Inc. All Rights Reserved
87.
Support Nectar ©2011
CloudBees, Inc. All Rights Reserved
88.
Releases every 6
months. Supported for 18 months. Patches every 6 weeks. Plugins supported for life of underlying release Support all plugins Nectar 10.10 and Nectar 11.04 released Nectar ©2011 CloudBees, Inc. All Rights Reserved
89.
CloudBees Resources Page
http://www.cloudbees.com/support.cb Try DEV@cloud& RUN@cloud https://grandcentral.cloudbees.com/account/signup CloudBees Eclipse Plugin http://cloudbees.com/eclipse-plugin.cb DEV@cloud Private Edition Beta Program (DEV@cloud for private clouds) http://www.cloudbees.com/dev-pe.cb CloudBees Resources ©2011 CloudBees, Inc. All Rights Reserved
90.
Questions & Answers
And if the questions are too tough, we’ll answer offline… ©2011 CloudBees, Inc. All Rights Reserved
91.
Raise your hand
if you have a question and type your question into the question box… Harpreet is keeping track of who is next… We will unmute you while it is your Q&A… If an answer is going too long, or we need to check some specifics we will distribute the answer off-line. Questions & Answers ©2011 CloudBees, Inc. All Rights Reserved
92.
©2011 CloudBees, Inc.
All Rights Reserved
Descargar ahora