Grant limited access to release.ci to some security team folks #3426
Comments
|
Approved 👍, and agree it would be good to not make people admin by default for people who can trigger builds. |
|
For info, blocked by #3428 (until the jenkins-infra team is able to apply configuration changes again). |
|
Good idea! We're going to propose an improved RBAC (which include jensec members) here before any PR to ensure we all align |
dduportal
modified the milestones:
infra-team-sync-2023-03-07,
infra-team-sync-2023-03-14
lemeurherve
modified the milestones:
infra-team-sync-2023-03-14,
infra-team-sync-2023-03-21
dduportal
modified the milestones:
infra-team-sync-2023-03-21,
infra-team-sync-2023-03-28,
infra-team-sync-2023-04-04
|
FTR, @Kevin-CB has now access to the private VPN allowing him to go to release.ci.jenkins.io: jenkins-infra/docker-openvpn#252 We need to do the same for @yaroslavafenkin then adapt permissions. |
|
@Kevin-CB @yaroslavafenkin I've confirmed with you that you have access to private.vpn.jenkins.io and release.ci.jenkins.io, and I've added your When the following PR will be merged this issue will be completed: jenkins-infra/kubernetes-management#3775 |
Service(s)
release.ci.jenkins.io
Summary
@Kevin-CB and @yaroslavafenkin are on the Jenkins security team and it would be useful if they were able to scan branches, trigger builds, and cancel builds on https://release.ci.jenkins.io/job/core/
https://github.com/jenkins-infra/kubernetes-management/blob/49f302fd024e4a9d23e8e0cb080b030f4d034265/config/ext_jenkins-release.yaml#L626-L631 seems to govern permissions. Right now there's only readers and admins. It's probably a good idea to make security team members not admins by default.
Reproduction steps
No response
The text was updated successfully, but these errors were encountered: