►
Description
Abhyudaya Sharma will demonstrate the progress made during the second coding phase of GSoC 2019. He will present the recent performance improvements in the Role Strategy Plugin. Also, a new Folder Auth Plugin will be presented (now in alpha).
Project page: https://jenkins.io/projects/gsoc/2019/role-strategy-performance/
A
B
B
B
So
we've
done
a
couple
of
things
which
have
led
to
some
improvements
in
the
performance.
The
first
thing
is
the
fourth
strategy,
plug-in
to
twelve,
for
every
permission,
checking
request
that
it
got
it
used
to
match
all
the
regular
expressions
that
were
there
for
the
roles.
Now,
what
we
do
is
we
cache
the
collection
of
rules
internally
in
the
role
strategy
plugin.
This
is
called
a
role
map
and
these
all
of
these
match
the
given
regular
expression.
B
B
B
We
use
the
GMs
benchmarks,
which
were
created
during
the
previous
phase,
and
we
saw
improvements
of
up
to
three
thousand
three
hundred
percent
in
in
getting
these
matching
roadmaps.
Now.
Another
thing
that
we've
done
is
we
cache
the
employing
permissions
so
Jenkins
permission
model
follows
a
tree
like
structure,
so
each
permission
can
be
implied
by
other
permissions.
B
A
big
challenge
we
had
here
was
handling
dangerous
permissions.
Certain
permissions
and
Jenkins
are
considered
dangerous,
for
example,
the
run
scripts
permission
which
allows
non-administrator
users
to
configure
Jenkins.
Basically,
they
could
do
anything
that
they
wanted
so
row
strategy
plug-in
supports
them
as
an
option
for
backward
compatibility
and
the,
and
this
option
is
disabled
by
default.
So
whenever
dangerous
permissions
were
either
enabled
or
disabled,
the
cash
for
the
implying
permissions
needed
to
be
changed,
because
when
permissions
are
disabled,
they
are
deferred
to
the
Jenkins
administered
permissions.
B
Now,
let's
discuss
about
how
we
measure
the
performance
improvements,
we
use
the
damage
benchmarks
created
during
the
previous
phase
of
g-shock,
like
a
toll
before
and
all
of
these
benchmark
reports
were
generated
during
the
pull
request
builds.
The
results
were
obtained
as
JSON
files,
which
were
visualized
using
jmh
visualizer.
I
also
verified
the
improvements
in
performance
by
running
on
my
own
machine
and
running
profiling.
B
B
Now
to
now,
we
have
another
plugin
which
was
created
during
this
phase.
That's
the
folder
authorization
plug-in,
which
was
created
to
avoid
the
problems
that
roll
strategy
plug-in
had.
First,
we
removed
using
regular
expressions
because
they
were
being
a
big
bottleneck
for
the
performance
and
it
also
frees
us
from
having
backward
compatibility
row
strategy
plug-in
I
guess
is
six
or
seven
years
old,
so
it
had
to
cope
up
with
a
lot
of
things
that
were
there
earlier.
For
example,
the
new
plugin
does
not
support
dangerous
permissions
by
default
and
just
by
crawl
strategy.
B
Global
rules
are
just
like
role,
strategy,
plug-in
and
they're,
applicable
everywhere,
within
jenkins,
folder
rules,
which
is
what
is
the
namesake
of
this
plugin
work
on
cloudBees
folders
and
they
can
be
assigned
to
multiple
users.
So
each
folder
role
can
give
permissions
to
the
users.
The
permissions
granted
through
a
folder
role
that
is
to
a
folder
assigned
to
the
folder
role,
are
inherited
to
all
the
children
of
the
folder
agent
role.
Allow
configuring
permissions
for
agents
connected
to
Jenkins.
B
We
have
REST
API
methods
for
adding
and
assigning
roles,
and
finally,
we
have
jenkins
configuration
is
called
support.
So
this
is
what
a
sample
yum
is
configuration
for.
The
plugin
looks
like
so
you
can
have
agent
roles
you
have.
You
can
have
multiple
agent
roles,
that's
an
array
of
agent
roles
and
similarly
you
have
multiple
folders
and
multiple
global
roles.
B
B
Let's
give
the
top
ipod
permission
and
we
click
add
role.
The
role
was
added
and
you
can
see
the
role
being
added
here
and
now
you
can
assign
this
said.
The
s
ID
of
the
group
or
of
the
user,
so
jenkins
provides
two
to
predefined
groups
that
are
the
authenticated
and
the
anonymous
groups
which
are
there
by
default.
Other
groups
are
there
from
the
authorization
from
the
authentication
that's
currently
running,
so
we
can
assign
a
said,
let's
say,
user
to
and
be
submitted,
so
we
can
just
see
that
the
seat
gets
assigned
to
the
road.
B
B
B
Let's
just
take
a
look
at
global
rules.
First,
we
gave
the
anonymous.
We
give
the
overall
read
permission
to
every
authenticated
user
here
and
then
for
user
1.
We
give
permission
to
read
the
route
1
folder
and
to
build
the
projects
in
route
1,
slash
style.
So
that's
the
child
folder,
that's
inside
of
the
root
folder.
Now,
let's
go
back
to
user
1
and.
B
Sign
in
so,
as
you
can
see,
first,
the
root
2
and
root
3
are
not
authorized.
This
user
is
not
authorized
to
access,
root,
2
and
root
3,
and
when
we
go
inside,
you
do
not
need
to
specify
the
permissions
independently
for
the
child
items.
Let's
see
go
to
job
1.
The
user
does
not
have
the
build
permissions
here,
but
if
we
go
to
a
child,
the
user
was
give
in
this
mission
through
a
folder
roll,
and
we
go
to
this
one
and
you
can
just
build
the
folder
as
user.
One.
B
B
B
Another
thing
that
I
wasted
a
full
day
on
was
trying
to
get
the
JavaScript
json
dot
stringify
to
work.
So
what
was
happening
was
prototype
ideas
from
Jenkins
code,
changed,
I
had
a
prototype
to
Jason
and
it
was
giving
some
garbage
values
and
we
weren't
not
being
able
to
exchange
the
data
with
the
Jenkins
server.
And
finally,
there
were
some
issues
with
configuration
is
code
not
supporting
sets
there
to
pull
requests
there.
One
of
them
is
still
a
work
in
progress.
B
Now
the
next
steps
would
be
to
improve
would
be
to
give
more
improvements
for
all
strategy
plugin
and
find
and
improve
the
UI
of
the
folder
authorization
plugin.
This
was
the
first
alpha
release
of
the
plugin,
so
there's
lot
to
be
done
here
and
then
there's
then
we
have
to
write
the
documentation
for
it
and
the
one
dot
or
release
for
the
plugin.
B
A
A
It's
really
nice
to
see
the
progress
and
yet
I
think
that
you
next
Peaks
why
the
presentation,
so
one
will
be
differently
the
part
of
jisub
faced
humiliations
and
if
you
want,
we
can
all
see
this
one
special
interest
groups
to
do
the
presentation
unfortunate
I
didn't
think
about
this
earlier,
because
here
we
had
a
platform
special
interest
group
meeting
yesterday.
So
maybe
it
could
be
a
venue
for
that,
but
if
not,
we
still
use
development,
restore
whatever
additional
feedback.
I
think
it's
already
a
good
sir
thanks
a
lot
for
doing
that.
A
A
Doesn't
mean
the
cameraman
oh
yeah,
the
Jenkins
reacts,
though
I'm
not
sure
how
active
is
it
well.
Basically,
they
will
only
yeah.
That
was
only
one
message
to
this
year
because
he
it
was
basically
round
lotion
but
yeah.
It
looks
like
there
are
not
that
many
activities
in
motion
at
the
moment,
but
maybe
it
makes
sense
to
send
a
message.
A
To
this
channel
and
before
it
makes
also
make
sense
to
send
it
to
this.
By
sending
information
to
these
too
many
please,
hopefully
there
will
be
some
feedback
of
how
it
will
be
improved
and
have
some
discussions
ongoing
about,
for
example,
JavaScript,
modernization
and
polish
re
injection,
and
they
also
work
on
nukes
related
stuff
at
the
moment.
So
maybe
they
will
collaborate
with
you
to
make
some
improvements.
B
B
A
A
A
A
A
A
Yeah,
so
basically
what
JC
says
that
deputation
should
be
simple
now
in
case
we
have
initial
stage
plug
in
unlikely.
We
have
an
issue
here
is
welded
mini
access
data,
often,
and
hence
it's
not
enough
to
use
standard
collections
in
some
cases,
especially
when
it
comes
to
concurrency.
So
here
you
basically
speed.
A
So
yeah,
maybe
it's
a
point,
so
he
just
basically
concerned
about
creating
a
new
object
and
he
suggests
just
defining
the
existing
one
on
the
return
entities
which
was
written
here.
So
he
basically,
what
it
says
is
just
moving
to
this
constructor
logic,
which
is
already
private,
but
once
little
bit
just
doing
is
realization
here
talking
with
resolve,
you
can
see
initialize
this
connection
and
basically
you
get
the
same
result
as
if
you
were
doing
new
constructor
types.
B
B
A
So,
okay,
yeah
final,
he
just
is
just
quality
of
life.
Thing
I
mean
it's
self-protection,
so
you
cannot
make
mistake
while
doing
any
kinds
of
patient,
but
it's
so
not
a
severe
about
it
because
yeah,
even
if
their
final
in
this
collection,
some
modifiable
and
basically
occasional
modification
of
these
Corrections,
is
a
much
bigger
program
that
creation
of
a
new
instance.
So
here
is
no
problem.
If
you
make
them
non
final,
just
to
resolve
this
command
because
yeah,
it's
a
valid
point,
yeah
I
think
the
rest
of
it.
A
A
A
But
it
uses
fixed
imports
right.
So
it's
not
it's
basically
a
test
for
sure.
Maybe
it
also
makes
sense
to
have
a
round
trip
test
in
addition
to
it.
But
basically,
when
you
construct
an
object,
then
save
it
then
load
it
and
ensure
that
everything
is
fine.
Okay,
you
just
evenly,
it
will
dig,
but
not
this
correct.
A
A
Maybe
actually
bonds.
So,
for
example,
what
you
could
do
you
could
pass
configuration
from
configuration
s
code
then
load
it.
For
example,
use
intimidation
has
control.
Then
you
process
to
the
subject
say
for
a
it
manually
to
the
disk
loaded
and
see
that
the
object
was
intact.
So
you
can
do
this
round
three
preferred
six,
your
time
so
basically
notice
result.
Configuration
is
good,
but
you
can
combine
them
if
you
want.
A
Yeah,
so
maybe
it's
something
you
could
just
see
whether
it
works
for
you,
because
your
what
it
basically
does
it
actually
run
trips.
They
sit
allowable
object,
I
mean
maybe
not
yeah
lightly.
It
says
it's
only
first
step,
but
you
you
could
do
something
like
that.
So
yeah.
This
definitely
won't
work
for
your
keys.
A
A
A
B
A
A
Yeah
I
think
that
this
request
can
be
quickly
rushed
once
we
integrate
the
one
above.
So
this
one
is
a
relatively
simple
and
you
all
set
REST
API
is
in
peril.
This
is
good,
so
one
thing
for
STPs
sometimes
is,
but
to
start
documenting
a
template
right
away,
for
example
here,
when
you
ate
this
request,
you
can
all
set
documentation
for
well
right
now.
We
just
have
no
documentation
here.
Well,
basically,
what
would
be
a
good
approach
is
when
you
at
the
TJ,
we
will
just
touch
documentation
in
parallel
example.
A
A
Yeah,
but
it's
also
available
to
users
right:
we
are
young
there,
so
it's
if
it's
available
to
users
the
commended,
so
overall
strategy
is
probably
not
the
best
example
of
that,
because
all
strategy
has
kind
of
separate
heuristic
vehicles
for
internal
stuff
and
for
user
stuff.
But
we
here,
since
you
have
clean
implementation,
I
think
it's
fine
to
just
delete
it.
A
A
So
again
for
documentation.
Basically,
if
you
click
on
work
down,
you
can
just
write
it
right
in
the
github.
Sometimes
it
takes
time,
though
you
can
do
the
same
in
AD.
One
thing
is:
when
you
consider
creating
big
pages.
Maybe
it
makes
sense
to
consider
asciidoc,
because
the
main
benefit
of
asciidoctor
that
you
can
use
some
mantras,
for
example,
here
in
your
table
of
contents,
which
is
not
accessible
to
markdown.
So
if
you
can
stipulate
in
big
communication
pages,
maybe
it
makes
sense
to
think
about
using
Kraske
dog
and
the
additional
benefit.
A
A
B
A
B
Yeah
and
I
wanted
to
discuss
whether
the
null
ability
these
annotations,
like
parameters
by
normal
by
default,
they
can
get
overridden
when
we
use
nullable
or
similar
annotations,
do
I,
consider
all
those
cases
and
have
an
implementation
that
checks
everything
like
an
ID.
He
does.
Is
this
fine
for
now.
A
Because,
basically,
all
kinds
of
this
or
such
purchase
is
the
first
thing.
Can
you
away
because
you
update
the
plug-in
not
two
days
ago?
First
in
coverton
use
cases
so
here
before
that
we
were
just
chicken,
but
it
has
non
mala
notation.
But
again,
even
that
might
be
a
problem
because
there
are
dozens
of
non
molar
notations.
So
it's
just
fine
house,
libraries,
it's
spot,
barks,
libraries,
it's
GSR
library,
so
say
if
you
use
IntelliJ
IDEA,
you
can
use
JetBrains,
annotation
libraries
etc,
and
this
one
in
just
this
one
particular
keys.
A
A
A
A
Okay,
so
you
hear
it
might
make
sense
to
support
spot
box
annotations,
but
mainly
it's
a
separate
change.
So
yes,
indeed,
it
makes
sense
to
consider
that
a
being
is
improvement.
But
it's
not
the
improvements
to
it
related
to
what
you
don't,
because
you
just
used
the
same
annotation
as
before
and
then,
for
example,
is
possible
to
create
a
follow-up
from
the
request.
A
A
A
So
here
I
think
that
its
finances
so
I'm
creepy
to
approve
it
this
discussion.
We
can
continue
it
in
the
background
and
maybe,
if
you're
interested,
you
could
submit
a
separate
request
for
it,
I'm
not
sure
which
notation
you
prefer
to
use
in
your
plugin.
But
here
some
people
started
migrating
to
split
bar
connotations,
because
there
were
some
license
concerns
about
Java
annotations,
so
it
might
make
sense.
A
A
A
B
B
B
A
A
So
yeah
most
like
one,
be
able
to
attend
the
meeting
at
a
time
so,
depending
on
the
status
yeah
I
think
that
we
can
safely
skip
one
meeting
at
this
point,
because
everything
is
fine
but
yeah
talk
to
sue
point
or
injure
if
they
become
object,
or
if
you
find
somebody
else
to
work
on
the
u.s.
part.
We
still
keep
can
keep
this
meeting
yeah.
Maybe
I
will
bill.
A
B
A
B
A
A
Well,
thank
you,
don't
so
yeah,
then
I'll
stop
the
broadcast
and
yeah.
You
can
just
take
a
look
at
the
recording
if
you
want
to
publish
it
ASIS,
if
you
want,
we
can
just
cut
to
the
demo
part
or
if
you
prefer,
we
just
don't
publish
anything.
So
it's
your
decision.
You
just
tell
me
what
what
option
you
prefer
and
they
will
implement
it.