How can I hide a build definition in RTC ?
I can change the 'Project or Team Area' of a build to a specified team that contain the just the developers. Should this action hide the build definition from team members that are not in the 'Project or Team Area' for this build ?
Yes, it should.
This looks like the same way I am hiding a Stream or a component in RTC, as I detail in "How to hide a stream from particular users in RTC source control?".
However, this thread doesn't mention visibility, only permission for:
requesting a build from a build definition
modifying a build definition
So it might not do what you want.
On the permission aspect:
Note that process permissions are looked up starting at the given process area and looking up its parent chain. Permissions may be overridden at the team area level, so different teams within the same project may have different permissions. Also note that the permissions are looked up for a particular user (i.e. the user running JBE or the Ant tasks), they're not defined directly for the engine itself.
For example, if you wanted to prevent team A's engine from processing requests for team B, then you would define:
two build users, bobA and bobB,
and two engines, engineA and engineB (associated with teamA and teamB respectively),
with bobA granted the relevant permissions in teamA, but not teamB, and the opposite for bobB.
When running the two JBEs, one would specify -userId bobA -engineId engineA, and the other would use bobB and engineB.
The build user(s) should also have permission to modify the build definition(s) for the relevant engine(s), since after the build request has been determined, it's the process area for the build definition that governs:
all further operations for the build (updating its state and status, contributing downloads/logs, etc.) and
the definition itself (updating the average build time once the build is complete).
Related
How can I change the permissions in CKAN, so every editor/admin of an organization can add a group to a dataset (right now, the editor or admin has to be a member of the group to be able to add a certain group to a dataset)?
The dataportal I am developing only has 8 groups and every admin/editor should be able to add these groups to a dataset.
It seems to me that Group permissions are a bit of a hangover from the past (there was a time in CKAN without Organizations and only groups, and groups are based heavily on Organizations internally) and I wanted to make a proposal to the CKAN developers for providing an option to remove them (i.e. every Org editor or Admin can add anything to any group). Apart from that possibility there are a couple of workarounds:
Make everyone of these users a superuser (probably bad)
Make a "master" group which contains all existing groups (this is only
possible via the API) and then use the cascading authorization
configuration:
http://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-auth-roles-that-cascade-to-sub-groups
Make an extension that hooks into the user creation process and
automatically adds all Org editors and Admins to all groups
Make an
extension that doesn't check or relaxes auth when trying to add
datasets to groups (this seems like overkill compared to the general
change I mentioned at the beginning: both would need to be coded and
I am more interested in doing the first one!)
My questions is as follows:
Is there a way to make a master project plan incorporating multiple projects (not necessarily sub projects) in Microsoft office. As our resources get pushed around due to parts and items not arriving and shipping dates being moved forward amongst other things etc, sometimes the resource plan has to be changed regularly. I want to be able to pull all current projects into a master project plan so that I can identify where project resources are overlapping. Not necessarily by task but more by employee.
To try and explain a bit better:
Project 1:
Project Manager: John
Project Engineer: Jack. Task - Drawing
John assigns Jack to work on a task in Project 1.
Project 2:
Project Manager: Mark
Project Engineer: Jack. Task - Documentation
Jack wasn't supposed to be working on Project 2 for a further 2 weeks but the deadline has been moved forward and Mark has also assigned Jack to work on a task on his project.
I'd like to create a master project where I can pull in Project 1 and Project 2 and find a way for it to identify the resource overlap, regardless of the fact that Jack has been assigned to 2 different tasks, but more because he as an employee has been assigned to two projects at once.
Is this possible?
On a larger scale realistically I'll need this to incorporate about 6 Projects and about 20 staff members across, so I can find all the overlaps.
I am aware that there is a way to split a person between 2 tasks by assigning a percentage that they will work on both, i.e 90% on task 1 and 10% on task 2 but obviously this won't be project exclusive and my aim is to identify the overlaps rather than create them on purpose for resource sharing.
You are basically looking for software to support your "resource leveling" process.
The ]project-open[ open-source PPM software is capable of importing MS-Project schedules. After the import, you can get Resource Management reports from the system that allow you to perform manual resource leveling.
Another interesting open-source tool is TaskJuggler. TJ actually does multi-project scheduling or automatic resource leveling. However, TJ does not include a MS-Project integration at the moment AFAIK.
Affiliation note: I'm a member of the ]project-open[ team.
Depending on how you want to approach this, you can have a single master project and make all of your other project files sub projects in that master file. You can work in this master file and it will save your updates to the other files. It is sort of like having Project server on your desktop. You can create veiws for each project, or simply roll them up and they show as a single summary task.
You can do this by using a shared resource file but the best way now would be to just get a Project Online subscription and do your projects there.
I have multiple projects in TRAC. I'm using mod_wsgi, and my wsgi script file TRAC_ENV_PARENT_DIR variable is pointing to the folder containing folders with all these projects. A few users have access to different projects. When a user visits the TRAC URL, she can see the listing containing all these projects, yet has no access to some of them.
Is there any way to show to a user only those projects this user has access to?
Please advise.
Preamble: I abhor security through obscurity. Your request could be read as cosmetics in web site presentation. Don't aim at improved access control, because knowing a valid path will still give access to each Trac environment depending on it's settings. Of course better navigation is a good reason.
Requiring to hide folders depending on user's permission means you require authentication before granting access to TRAC_ENV_PARENT_DIR. This could be done with standard mechanisms that your web server supports. This is just the precondition.
As you say, you have some non-public Trac instances in your Trac environment folder collection. How complicated it is to identify all folders correctly, that depends on how much you want to spend on initial implementation vs. maintenance.
I should be trivial, but error-prone, to provide a list of either the public or the private directories, of course whatever is easier to maintain. Zero additional configuration would require to open each Trac environment and look up user permissions. )** This sounds rather cumbersome and means probably a performance penalty for applications with large user base and frequent access. You will at least work with a cached list, if you go down this road.
You can't use Trac's auto-generated Available projects list but you'll have to deliver at least two versions of an index page for authenticated/unprivileged and authenticated and privileged users.
For the sake of maintenability you'll want to consolitate configuration and permissions. For access to each Trac environment you could use trac.ini inheritance and a shared .htpasswd file. However you can't inherit permissions, because these settings are stored inside the Trac db. You could give TracUserSyncPlugin a shot, but it seems not yet fit for production, or at least lacks feedback of all the happy users, if they exist.
)** While I'm not aware of dedicated documentation about this, there are actually several possibilities. Since permissions are stored in the Trac db, all involve reading/querying the permission db table. It's structure is documented with all other tables of the Trac db schema. To read you'll want to open the Trac environment(s) and then use a direct query on the table (see a AccountManagerPlugin changeset for an example) or construct and query a PermissionCache object.
It may be an old question, but so far i've found the answers to be rather complex without need.
I think using the information stated here, http://trac.edgewall.org/wiki/TracInterfaceCustomization#ProjectList , one could build a template that checks for users and permissions and then show the data it should.
In my case, i just needed to point the "TRAC_ENV_INDEX_TEMPLATE" variable to blank HTML, and that was enough for me.
How can i configure a build definition to allow me to pick a solution configuration at build time?
I have 3 configurations in my solution: (Local, UAT and Live).
I want people to pick and the configuration they need and the build will do the config transforms, deployment etc. as required. I have the build script I need, just need to know how I can switch upon the configuration.
If I cannot use the actual configurations, a custom property would do, but obviously I need to be able to access it in my build script.
My opinion is that your Build Defition should contain all three configurations, so that Build shall execute all three of them by default.Then, you can insert a custom argument in your build process template as an "Configuration Override" with default = empty.Checking this Hofman-post you can have your argument part of the 'Queue new Build dialog.So, when your users queue a new build, they either leave this empty and build executes all configs, or they enter one of the three and only the one selected shall be executed.There are various ways to implement this in your build process template, in general you might want to intervene in section For Each Configuration in BuildSettings.PlatformConfigurations:
and check if your custom argument is empty (so all nodes should execute), or if it is filled with a specific entry (so it should proceed only once). Further handling of a user input that does not comply with any of the available configs should be added, so that build can graciously fail.
I'm trying to configure a set of build configurations in TeamCity 6 and am trying to model a specific requirement in the cleanest possible manner way enabled by TeamCity.
I have a set of acceptance tests (around 4-8 suites of tests grouped by the functional area of the system they pertain to) that I wish to run in parallel (I'll model them as build configurations so they can be distributed across a set of agents).
From my initial research, it seems that having a AcceptanceTests meta-build config that pulls in the set of individual Acceptance test configs via Snapshot dependencies should do the trick. Then all I have to do is say that my Commit build config should trigger AcceptanceTests and they'll all get pulled in. So, lets say I also have AcceptanceSuiteA, AcceptanceSuiteB and AcceptanceSuiteC
So far, so good (I know I could also turn it around the other way and cause the Commit config to trigger AcceptanceSuiteA, AcceptanceSuiteB and AcceptanceSuiteC - problem there is I need to manually aggregate the results to determine the overall success of the acceptance tests as a whole).
The complicating bit is that while AcceptanceSuiteC just needs some Commit artifacts and can then live on it's own, AcceptanceSuiteA and AcceptanceSuiteB need to:
DeploySite (lets say it takes 2 minutes and I cant afford to spin up a completely isolated one just for this run)
Run tests against the deployed site
The problem is that I need to be able to ensure that:
the website only gets configured once
The website does not get clobbered while the two suites are running
If I set up DeploySite as a build config and have AcceptanceSuiteA and AcceptanceSuiteB pull it in as a snapshot dependency, AFAICT:
a subsequent or parallel run of AcceptanceSuiteB could trigger another DeploySite which would clobber the deployment that AcceptanceSuiteA and/or AcceptanceSuiteB are in the middle of using.
While I can say Limit the number of simultaneously running builds to force only one to happen at a time, I need to have one at a time and not while the dependent pieces are still running.
Is there a way in TeamCity to model such a hierarchy?
EDIT: Ideas:-
A crap solution is that DeploySite could set a 'in use flag' marker and then have the AcceptanceTests config clear that flag [after AcceptanceSuiteA and AcceptanceSuiteB have completed]. The problem then becomes one of having the next DeploySite down the pipeline wait until said gate has been opened again (Doing a blocking wait within the build, doesnt feel right - I want it to be flagged as 'not yet started' rather than looking like it's taking a long time to do something). However this sort of stuff a flag over here and have this bit check it is the sort of mutable state / flakiness smell I'm trying to get away from.
EDIT 2: if I could programmatically alter the agent configuration, I could set Agent Requirements to require InUse=false and then set the flag when a deploy starts and clear it after the tests have run
Seems you go look on the Jetbrains Devnet and YouTrack tracker first and remember to use the magic word clobber in your search.
Then you install groovy-plug and use the StartBuildPrecondition facility
To use the feature, add system.locks.readLock. or system.locks.writeLock. property to the build configuration.
The build with writeLock will only start when there are no builds running with read or write locks of the same name.
The build with readLock will only start when there are no builds running with write lock of the same name.
therein to manage the fact that the dependent configs 'read' and the DeploySite config 'writes' the shared item.
(This is not a full productised solution hence the tracker item remains open)
EDIT: And I still dont know whether the lock should be under Build Parameters|System Properties and what the exact name format should be, is it locks.writeLock.MYLOCKNAME (i.e., show up in config with reference syntax %system.locks.writeLock.MYLOCKNAME%) ?
Other puzzlers are: how does one manage giving builds triggered by build completion of a writeLock task read access - does the lock get dropped until the next one picks up (which would allow another writer in) - or is it necessary to have something queue up the parent and child dependency at the same time ?