jenkins.io icon indicating copy to clipboard operation
jenkins.io copied to clipboard

Published 20 hours ago verified publisher icon jenkins-infra

[4564] Restructure Security section

Open StackScribe opened this issue 3 years ago • 5 comments

This is the first of a series of PRs to restructure and update the "Securing Jenkins" chapter, adding:

  • Jenkins is a fully-distributed build system...
  • Security principles
  • How Jenkins executes a pipeline

Reviewers: please particularly note material about Security Advisories and Security Updates. I am not sure that they are linked to the most appropriate pages.

@MarkEWaite @daniel-beck @Wadeck

This PR also modifies the information about "Enable Security" that is in the "Managing Security" page and turns it into a NOTE. This is here because I first moved that note onto this page but then decided it belongs where it is.

This PR also includes some rewrites to the "Agents and Security" material that was here, although this will be removed and merged with what is in the "Controller Isolation" page.

The rest of the material on this page will be merged with information in other pages of this chapter.

When completed, this chapter will have this general flow:

  • Security concepts and information (this page)
  • Controller Isolation
  • Configure Global Security -- introduce the UI
  • Sections that discuss how to populate the UI sections, presented in the order they appear after installing Jenkins with the recommended plugins. So begin with Security Realm, then Authentication, TCP Port, other security settings...
  • Other security topics such as "Access Control for Builds" and "Handling Environment Variables"

StackScribe avatar Oct 05 '21 09:10 StackScribe

@daniel-beck Can you approve this so we can merge it?

StackScribe avatar Oct 13 '21 01:10 StackScribe

The PR is now being redone to conform with the structure discussed in https://docs.google.com/document/d/1xpx6CGyCv3Dcs9blZLwKnzgTsPg-pkabM3XeyfMiUNY/edit#heading=h.df9a9tasgkqd .

All this restructuring is going to make this PR very large but it will mean we have the structure in place moving forward. To try to reduce the pain, I am annotating the gdoc with links to the relevant commit.

StackScribe avatar Oct 19 '21 05:10 StackScribe

@StackScribe FYI you haven't pushed (in case that's unintentional).

daniel-beck avatar Jan 20 '22 09:01 daniel-beck

We discussed the structural issues with this piece in the 24 January Docs Office Hours and came up with the following actions, all of which have been implemented:

  • Split "How Jenkins executes jobs" into a separate page (https://github.com/jenkins-infra/jenkins.io/pull/4612/commits/d5b6325216fded6f4315716038c13c768e666b59 )
  • Rename "Background concepts" to "Security concepts" (same commit as above)
  • Remove the descriptions of the individual fields on the "Configure Global Security" page from the list in index.adoc so that list is not so long. These topics still show in the left frame and the "Configure Global Security" page still has a comprehensive list of all fields. (https://github.com/jenkins-infra/jenkins.io/pull/4612/commits/1d349e8fcf173b5cb653a59cece2a2d1fa4acd12 )
  • Move the information about Agent -> Controller security to controller-isolation and remove that file since this field no longer shows on the UI. (https://github.com/jenkins-infra/jenkins.io/pull/4612/commits/4b4ced3b3dd5bc0e535dcfd72c134f59102d724b )

StackScribe avatar Jan 25 '22 20:01 StackScribe

Please take a moment and address the merge conflicts of your pull request. Thanks!

github-actions[bot] avatar Mar 07 '23 19:03 github-actions[bot]