-
-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Grant limited access to release.ci to some security team folks #3426
Grant limited access to release.ci to some security team folks #3426
Comments
Approved 👍, and agree it would be good to not make people admin by default for people who can trigger builds. |
For info, blocked by #3428 (until the jenkins-infra team is able to apply configuration changes again). |
Good idea! We're going to propose an improved RBAC (which include jensec members) here before any PR to ensure we all align |
FTR, @Kevin-CB has now access to the private VPN allowing him to go to release.ci.jenkins.io: jenkins-infra/docker-openvpn#252 We need to do the same for @yaroslavafenkin then adapt permissions. |
@Kevin-CB @yaroslavafenkin I've confirmed with you that you have access to private.vpn.jenkins.io and release.ci.jenkins.io, and I've added your When the following PR will be merged this issue will be completed: jenkins-infra/kubernetes-management#3775 |
Service(s)
release.ci.jenkins.io
Summary
@Kevin-CB and @yaroslavafenkin are on the Jenkins security team and it would be useful if they were able to scan branches, trigger builds, and cancel builds on https://release.ci.jenkins.io/job/core/
https://github.com/jenkins-infra/kubernetes-management/blob/49f302fd024e4a9d23e8e0cb080b030f4d034265/config/ext_jenkins-release.yaml#L626-L631 seems to govern permissions. Right now there's only readers and admins. It's probably a good idea to make security team members not admins by default.
Reproduction steps
No response
The text was updated successfully, but these errors were encountered: