Authorization
With no security switched on, there is of course no authorization either. Once you have switched on security, the default is that any user can perform any operation. However you can get Go to limit certain operations to particular Users or Roles, and manage membership of those Roles.
Role-based security
<cruise>
<server>
<license ... />
<security>
<passwordFile path="/etc/cruise-server/passwords.properties" />
<roles>
<role name="qa">
<user>dyang</user>
<user>pavan</user>
</role>
<role name="cruise_admin">
<user>jhumble</user>
<user>qiao</user>
</role>
</roles>
<admins>
<role>cruise_admin</role>
<user>chris</user>
</admins>
</security>
</server>
</cruise>
In this example, the "qa" role has two users: dyang and pavan. The "cruise_admin" role also has two users: jhumble and qiao. The <admins> section of the configuration controls who is allowed to administer Go. We discuss it in the following section.
Administrators
Go allows you to restrict the users who can perform certain functions. Administrators is a special role that allows its members to perform any action in Go. Specifying administrators is optional -- without it, all users are automatically made administrators. If you do include the admins section, only users and roles specified within it can administer Go.
In the example in the section above, members of the "cruise_admin" role (jhumble and qiao), along with the user chris, can administer Go.
If administrators are specified, only they can perform the following actions:
- Access the "administration" tab
- Add Pipelines
- Enable agents
- Add / remove agent resources
Specifying who can view and operate pipeline groups
Go allows you to group pipelines together. If you define pipeline groups, you can specify who is able to view or operate those groups. As usual, administrators are able to do anything. To do this, you add an "authorization" section to the pipeline group.
If the "view" section is not defined, anyone can see the pipelines in that group. In the following example the user "lqiao" and the users in the role "cruise_readonly_member" can see the pipelines in this group, but they cannot perform any operations on it. They cannot approve manual stages, re-run stages, pause or force pipelines.
If you leave out the "operate" section then only administrators can operate the pipelines. To allow other users to operate the pipelines you can add roles and users to the "operate" section.
Note that is is possible to give a user or role only the operate permission. In the example below, the user "an_operator" only has operate permission. That means they can not view the pipeline, they can only operate it. This can be used to enable a script to force a build periodically via REST, without letting that user's account access any other features of Go.
<pipelines group="studios">
<authorization>
<view>
<user>lqiao</user>
<role>cruise_readonly_member</role>
</view>
<operate>
<user>lqiao</user>
<user>joe_operator</user>
<role>cruise_operate_member</role>
</operate>
</authorization>
<pipeline name="yourproject" labeltemplate="foo-1.0.${COUNT}">
...
</pipeline>
</pipelines>
Adding authorization to approvals
In Go, it is possible to specify manual approvals between stages. You can also specify who is able to trigger manual approvals. In the example below, only members of the role "qa", and the user "jerry", can trigger the approval.
<stage name="uat">
<approval type="manual">
<authorization>
<role>qa</role>
<user>jerry</user>
</authorization>
</approval>
<jobs>
<job name="deploy">
<resources>
<resource>uat</resource>
</resources>
<tasks>
<ant target="deploy" />
</tasks>
</job>
</jobs>
</stage>
