Add the ability to filter what steps in this plugin are available to use in pipelines #196
Conversation
|
I had an itch and had to scratch it. |
| public class StepSelectionConfigurationTest { | ||
|
|
||
| @Rule | ||
| public RealJenkinsRule r = new RealJenkinsRule().withDebugPort(4001).withDebugServer(false); |
There was a problem hiding this comment.
Can I keep this in the code or do I need to remove it before merging?
There was a problem hiding this comment.
using a static port in a test is liklely to cause port conflicts when run on other systems (and random failures). so I would remove it.
|
I do not think it makes sense to do something like this in a random plugin. If there is a genuine need to block certain steps from certain folders or the whole controller, that should be done generically. You can also use https://plugins.jenkins.io/extension-filter/ in general. What is the motivation here? Certain steps in this plugin are known to be bad ideas, and they should simply be deprecated for everyone. |
| ExtensionList<StepDescriptor> stepDescriptors = ExtensionList.lookup(StepDescriptor.class); | ||
|
|
||
| FilterImpl filter = ExtensionList.lookupSingleton(FilterImpl.class); | ||
| Collection<StepDescriptor> definedStepDescriptors = getAllStepDescriptors(); | ||
| List<StepDescriptor> toRemove = new ArrayList<>(); | ||
| final List<StepDescriptor> toAdd = new ArrayList<>(); | ||
| for (StepDescriptor descriptor : definedStepDescriptors) { | ||
| if (stepDescriptors.contains(descriptor)) { | ||
| if (!filter.allows(StepDescriptor.class, new ExtensionComponent<>(descriptor))) { | ||
| toRemove.add(descriptor); | ||
| } | ||
| } else if (filter.allows(StepDescriptor.class, new ExtensionComponent<>(descriptor))) { | ||
| toAdd.add(descriptor); | ||
| } | ||
| } | ||
| stepDescriptors.refresh(new ExtensionComponentSet() { | ||
| @Override | ||
| public <T> Collection<ExtensionComponent<T>> find(Class<T> type) { | ||
| if (type == StepDescriptor.class) { | ||
| return toAdd.stream().map(stepDescriptor -> new ExtensionComponent<T>(type.cast(stepDescriptor))).collect(Collectors.toSet()); | ||
| } else { | ||
| return Collections.emptyList(); | ||
| } | ||
| } | ||
| }); | ||
| stepDescriptors.removeAll(toRemove); |
There was a problem hiding this comment.
This is rather low-level and will result in a cryptic error message about an undefined function. Much better to use https://javadoc.jenkins.io/plugin/workflow-api/org/jenkinsci/plugins/workflow/flow/StepListener.html#notifyOfNewStep(org.jenkinsci.plugins.workflow.steps.Step,org.jenkinsci.plugins.workflow.steps.StepContext) to just fail the step with a polite AbortException.
|
I suggest splitting this plugin up into multiple ones, each with one or few steps that make sense to be in the same component, and keeping this plugin as an empty shell with dependencies to all of them. This way, admins can uninstall what they don't want. |
|
It is not random in the sense that it only filters the steps that are defined in this plugin. Yes some sets of steps could be extracted into new plugins, but due to the goal of this plugin there would always be a hodge podge of random good to have steps where one of them might be interesting for someone while others could be risky. |
Perhaps I should rephrase—there is no precedent for a plugin suppressing the existence of its own steps, and this plugin should not be setting such a precedent. If there is a compelling use case for an administrator to block selected Pipeline steps from being run in any job (and I have yet to hear the explanation for that), then it should be done in a separate generic plugin that offers a list of all Pipeline steps. (Along similar lines, CloudBees CI includes a Pipeline policy system producing build-time errors under configurable conditions.)
If there are specific steps in this plugin that are known to be problematic for specific reasons, they should be placed in the “advanced/deprecated” section with suitable warnings. Start with the most misguided: #47.
It would break the build with a clear message, which seems a lot friendlier than having the build throw a cryptic stack trace from |
jtnord
left a comment
jtnord
left a comment
There was a problem hiding this comment.
do we still desire this? should it be closed given existing comments?
| * @return The unfiltered list of all {@link StepDescriptor}s defined in this plugin. | ||
| */ | ||
| public static Collection<StepDescriptor> getAllStepDescriptors() { | ||
| Hudson jenkins = Hudson.getInstance(); |
| } | ||
|
|
||
| public synchronized String getDeny() { | ||
| return String.join("\n", deny); |
There was a problem hiding this comment.
generally a textAreas value in HTML is normalized to \r\n
| Set<String> steps = ExtensionList.lookup(StepDescriptor.class).stream().map(StepDescriptor::getFunctionName).collect(Collectors.toSet()); | ||
| assertThat(steps, hasItems(allSteps)); | ||
|
|
||
| //blacklist something |
There was a problem hiding this comment.
| //blacklist something | |
| //deny something |
Uh oh!
There was an error while loading. Please reload this page.