This sounds quite complicated to attempt to build; for one, I can't think of way to 'store' access credentials in the way that you envision. There is an SSH Credentials plugin that can be used to store SSH-style credentials, but if your publication process relies on some other user identification that won't work.
The larger issue is that it sounds like you need the actual Jenkins job to be running in process with these authentication credentials (at the operating system level); this would require the Jenkins master (or slave) to be running with root/admin privileges to allow it to change identities on the fly. This would be very risky, for what should be obvious reasons. As someone else posted in this thread, your best bet is probably to setup multiple slaves (even if they are all on one computer) that run under the desired user accounts, and then direct the jobs to the proper slaves as they are needed. ----- Original Message ----- From: jenkinsci-dev@googlegroups.com To: jenkinsci-dev@googlegroups.com, jenkinsci-us...@googlegroups.com, k...@kohsuke.org At: Jun 22 2013 07:16:44 Hi, I need to execute few of the Jenkins jobs such as "Release to Production" through Jenkins UI using logged on user credential. The reason is, its the Support Team Members who have access to the production boxes, so in order to deploy any code base to production, all the Windows Deploy Commands (ex, create, update files, folder etc.) needs to be run with specific user credential who has access to the Production Box. I tried using parameterized plugin but couldn't able to pass the Password successfully to the batch file which contains MSDeploy instructions. I checked Role based security plugin, project matrix , active directory etc, but that doesn't help me much. I just need a plugin which should ask for user to provide their credential before start building the Job and should use the user credential to get the job executed, so that my MSDeploy command will be able to deploy the code on Production boxes, when the Support team member build that Job using their credential. I wish there was support for impersonation. Right now all the Jenkins Jobs are getting executed using the service account which the Tomcat service is configured to run with on which Jenkins is hosted. Both Developers and Support team members are ADMIN on both Jenkins web server as well as on Jenkins web application. I am looking forward to the following. ============================================================= Each job can have a checkbox say "Execute using another user credential". Upon checking that checkbox the application should ask to provide credential that needs to be used for Building that Job. That job should get executed then with that particular credential. So even if I can be able to run the job "Release To Production" using my credential then it will not succeed as I don't have access to Production web servers for creating files, folders etc. But when the same job gets executed by Support team, it should succeed as they have access to Production servers for creating files, folders, executing any MSDeploy commands. ================================================================== Any help would be appreciated. On Fri, Jun 21, 2013 at 7:41 PM, Vijendra Patil <vijendra.1...@gmail.com> wrote: Hi, Please lete me know if I have missed anything. I just don't want to use "psexec" to get the Job executed using another user context. Any help would be really very appreciated. Thanks, Vijendra On Wed, Jun 19, 2013 at 4:46 PM, Vijendra Patil <vijendra.1...@gmail.com> wrote: Hi, I am looking for an option where we can execute few of the Jobs such as "release to Stage" "release to production" etc. jobs to be run under the credential of logged on user. Right now all the Jenkins jobs are getting executed under the credential of the service account which the Tomcat Service is configured to run with, on which Jenkins web app is hosted. The reason I am asking this is because, we have list of Jenkins job, while most of them does "Create Build on Local Build Server", while few jobs does "Release to Production". Now those jobs which perform production deployment, aren't supposed to execute using that service account which the Jenkins job is using. It should execute using the credential of Logged on user, so that the separate Operation Support Team person can logged in to Jenkins and get the Production Release job deployed with his credential as he is having access to the Production Web Servers. Is this possible? -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
