►
From YouTube: Knowledge Transfer: Role Strategy Plugin code dive
Description
We will do a code dive into the Jenkins Role Strategy plugin in order to help new contributors to study the plugin and do their first contributions. How is the plugin codebase organized? Which Jenkins extensions are used? How to develop and debug the plugin? What would be potential improvements for it?
The meeting will be conducted and recorded in YouTube live. participant link will be posted in https://gitter.im/jenkinsci/role-strategy-plugin 10 minutes before the meeting starts
A
Okay,
real
life,
everybody.
Today
we
have
a
knowledge
transfer
for
all
strategy,
plug-in
it's
one
of
the
most
popular
plug-in
in
Jenkins,
managing
code
reservation
for
various
cases,
and
since
we
have
a
number
for
newcomer
contributors,
maintainer
sandals
students
who
are
interested
in
Google's
our
project
ideas.
We
said
that
is
better
to
have
a
knowledge
transfer
earlier
than
it
usually
happens
in
google
Summer
of
Code.
A
So
that's
the
approach
today,
we'll
just
give
you
the
architectural
strategy
plug-in
how
it
operates
and
how
to
start
contributing
to
this
plug-in.
It's
a
real-time
discussion.
So
if
you
have
a
question,
just
feel
free
to
interrupt
me
and
I'll
try
to
answer
that
and
their
main
objective
is
to
just
provide
you
as
much
information
as
needed
and
if
you
need
a
follow-up
session-
and
we
can
definitely
do
that,
and
so
that's
the
plan
I'm
going
to
share
my
screen.
A
A
A
A
So
let's
try
C
2
is
the
key
T
itself.
So
if
you
have
never
seen
not
all
strategy
plug-in
before
I
mean
there
is
a
I
mean
again,
it
has
4870
installations.
So
it
means
that
it's
installed
on
around
25%
of
instances.
It's
a
pretty
good
number,
and
actually
this
is
the
second
most
popular
authorization
and
management
I
mean
after
Monica's
authorization,
but
Monica's
authorization
was
at
part
of
the
Lincoln
score.
A
We
may
see
that
it's
installed
almost
every
way
because
it's
vataj
plugin,
we
don't
know,
we
don't
know
how
many
actual
usages
of
this
configuration
but
yeah.
This
is
the
second
most
popular
plug-in
anyway.
So
what
this
plug-in
does
in
Jenkins,
the
actually
authorization
and
authentication
parts
I'll,
probably
just
start
with
the
instance.
A
A
Jenkins-
and
here
we
get
my
development
instance,
it
doesn't
have
so
many
things
can
be
good
but
yeah.
What
I
wanted
to
show
you
that
this
plugin
and
actually
yeah?
Let's
start
foraging
circuit
section,
you
may
see
that
I'm
running
to
piss-all
to
change
score
because
I
said
baseline
for
the
plugin,
so
there
is
a
number
of
security,
vulnerabilities,
etc,
but
it
doesn't
matter
for
the
context
of
Restall
here.
What
we
need
to
know
that
there
are
security
configurations
and
Jenkins,
and
here
you
can
configure
security,
real
issues
actually
the
identification.
A
So
you
can
set
up
various
sources
of
out
indication.
It
means
that
ability
to
understand
who
said
the
user,
so
it
may
be
internal
user
database.
You
can
connect
held
up,
you
can
connect
to
UNIX
and
IG,
and
these
other
plugins
that
are
dozens
of
various
ways
to
identify
resistors
in
the
system.
But
then,
even
if
you
know
that
there
is
a
user
that
this
user
has
locked
in,
we
still
need
to
terrorise
it.
A
So
we
understand
to
which
permissions
user
has
on
the
instance
and
rejections
say
he
can
execute,
and
this
is
managed
by
authorization
on
to
decision.
There
are
also
many
plugins
and
currently
I'm
using
crossdresser
plug-in,
but
you
may
see
that,
even
on
my
instance,
there
is
a
number
of
various
extension
point
implementations
configured.
A
However,
all
strategy
plug-in
looks
like
from
a
user
perspective.
I
hope
that
everybody
on
this
call
has
already
tried
that
I'm
human.
You
see
that
yeah,
that
is
manish
on
assign
roles
page,
which
is
available
when
you
enable
it
as
a
theorization
engine
and
what
you
can
do.
You
can
configure
multiple
roles,
for
example,
project
roles
and
agent
roles
boy,
but
does
it
right
slaves
here?
I
will
show
a
fixed
that,
maybe
not
but
him,
and
what
you
can
do
in
this
plug-in.
You
can
actually
create
multiple
roles
using
regular
expressions.
A
So,
for
example,
we
can
say
job
developer
on
would
say,
project
a
developer.
We
know
that
there
is
a
folder,
a
Jenkins,
and
we
say
that
anything
under
its
folder
is
accessible
by
this
developer,
and
we
can
say
that
he
is
able
touching
configure
jobs.
They
delete
them,
read
of
course.
Oh
sorry,
my
did
you
another
project.
Yeah
we
had
this
scroll
here
we
can
yeah.
This
is
a
new
feature
was
which
was
it
released
yesterday.
A
We
know
that
there
is
no
mention
project
so
far,
but
we
will
create
some
later
and
here
we
can
just
set
some
check
boxes.
Each
check
box
is
a
managing
one
of
Jenkins
permissions
permission,
cells,
extensible
and
Jenkins.
So,
depending
on
the
plugins
you
have,
you
will
get
different
sets
of
Admissions
anyway,
I
can't
figure
something
it
doesn't
really
matter
for
this
goal,
I
saved
it
and
then
once
roles
are
configured
we
also
can
assign
roles.
A
A
A
Okay,
so
now
we
have
another
user
and
you
may
see
that
this
user
has
permissions
to
browse
jobs,
but
he
has
no
permissions
to
launch
anything
because
admin
didn't
grant
him
permissions.
We
agree
so
now,
where
that
mean,
we
can
say
that
work
create
a
folder,
a
key
and
folder
a
we
can
create
job.
Let's
say.
A
Empty
configuration,
it
doesn't
really
matter
for
the
discussion,
so
here
we
may
see
that
it's
executed,
and
now,
if
we
log
in
as
a
user,
we
should
also
have
permissions
to
at
least
access
this
job.
So
job
a
fool,
and
he
you
may
see
that
we
now
have
permissions
to
delete
the
project
because
it's
what
admin
granted
due
to
whatever
reason
this
had
mean
didn't:
grant
permissions
to
actually
run
the
jobs.
But
again
it's
how
I
can
figure
that
it
doesn't
really
matter
in
this
case.
A
So
this
is
what
the
plug-in
does.
Actually,
you
can
just
configure
roles,
and
this
plug-in
is
pretty
scalable.
In
terms
of
how
many
roles
you
can
configure
how
you
can
configure
them,
it's
not
that
scalable
in
terms
of
performance
and
in
terms
of
web
UIs,
and
they
it's
one
of
the
this
approach.
You're
saying,
is
to
improve
user
experience
of
these
videos
but
yeah.
What
we
really
interested
to
know
today
is
how
its
organized
internally
and
before
we
proceed
to
that,
are
they
any
questions.
A
Let's
take
a
look
at
the
outer
section.
The
entire
code
base
is
located
in
github
as
and
for
almost
any
other
Genki
plugin.
There
is
a
real
strategic,
plugin
and
yeah.
Actually
it's
the
common
structure
for
Jenkins
plugins
and
maybe
in
project,
maybe
in
project
which
uses
Jenkins,
plug-in
poem
and
yeah.
The
most
of
configuration
is
defined
today.
So
you
know
the
plug-in
poem.
You
only
depend
declare
some
dependencies,
for
example,
on
other
plugins
and
also
on
some
test
tools
which
are
no
not
included
in
the
base
package.
A
So
that's
it
and
the
rest
is
managed
by
here
parent
bomb
and
then,
if
you're
familiar
with
maven
projects,
it's
a
common
maiden
structure
and
what
we
need
to
know
here
that
and
the
java
classes
the
resources
machine
users
web
you
guys-
and
there
is
also
about
because
web
app
is
all
the
way
to
manage
resources
in
a
newest
plugins
usual,
unlike
vc,
where
bob.
But
here
there
are
some
contents
here
and
with
new
contents.
So,
for
example,
CSS
files
located
here
also
a
JavaScript
components.
A
This
is
the
UI
content,
but
the
rest,
and
the
most
interesting
part
for
us
today
is
Java
code
base
and
it's
easy
to
show.
This
Java
could
be
such
least
in
ID,
because,
due
to
historical
reasons,
the
cookies
scattered
across
multiple
namespaces
packages
why
it
happened.
Originally
this
project
first
started
by
contributors
from
Mission,
so
they
created
the
base
architecture
for
the
plugin.
They
created
this
class,
which
is
a
heard
of
the
plug-in.
A
We
will
talk
about
it
later
then
yeah
this
plugin
was
created
in
2008,
then
in
2011
and
I
have
taken
ownership
of
this
plug-in.
I
was
working
from
a
previous
company.
We
are
using
our
own
any
package,
so
you
may
see
that
there
is
a
number
of
courses
here
as
well
and
finally,
now
the
reserved
communication
to
actually
use
or
Jing
in
CI
plug-in
install
strategy
package
following
your
development.
A
So
if
you
create
new
features,
is
better
to
put
them
here
and
it
may
similar
to
be
a
bit
complex,
but
that's
how
its
implemented
now
but
yeah
for
the
starters.
We
still
need
to
begin
from
this
class
because
it's
the
main
Jing
is
extension
point.
If
you
scroll
here,
you
may
see
that
there
is
a
role
based
resistant
strategy
which
extends
authorization
strategy.
Authorization
strategy
is
an
extension
point
in
Jenkins
code
which
effectively
defines
your
eyes.
So
if
we
go
back
to
manage
security
configuration,
this
is
a
actually
so
authorization.
A
This
drop-down
is
a
list
of
extension
points,
implemented
authorization
stratagem
and
that
is
actually
other
implementations.
So
we
can
go,
for
example,
extension
ones,
I,
usually
forget
what
is
the
location
of
this
page,
but
yeah
there
is
an
extension.
Points
are
defined
in
Jenkins
code.
Give
me
see
that
there
is
a
pretty
long
list
of
extension
points,
but
one
of
the
first
ones
is
authorization
strategy,
and
here
you
may
see
that
there
is
a
number
of
implementations
available
in
open
source,
3
implementations
in
Jenkins
court.
A
Then
there
is
a
github
authorization,
club
or
magic
civilization
and
also
roles
tradition.
There
are
more
implementations
available,
but
yet
they
are
talking
about
these
ones
and
the
here
here's
our
opinion.
So
yeah,
it's
one
of
them
communications.
It
is
organized
as
classic
Jenkins
extension
point.
So
if
you
have
already
seen
plug-in
developer
guidelines
and
recordings
which
describe
how
this
is
developed,
it's
one
of
the
classic
implementations
but
yeah.
This
implementation
is
a
bit
old.
A
So
the
code
was
in
2008
or
later,
but
you
may
still
see
the
descriptor,
so
the
descriptive
content
holder
for
all
the
Orient
imitation
for
static
methods.
And
yet
when
we
talk
about
the
extension
point,
there
is
a
you
are
eating
good
part,
which
is
a
base
class
and
the
descriptor
and
yeah.
As
I
said,
this
is
a
bit
old
style
and
if
you
develop
new
plugins,
they
may
be
a
better
ways
to
do
data
binding
code
whatever.
A
So
here,
for
example,
when
we
configure
the
project,
that
is
a
method
called
new
instance,
it's
currently
located
in
the
descriptor
in
a
new
implementation,
so
it
would
be
just
date
a
bound
constructor
or
something
like
that.
But
yeah
here
you
may
see
that
there
is
a
bunch
of
code
here,
because
we
are
manually
process
a
foreign
date
in
order
to
retrieve
entities
and
then
to
submit
them,
and
there
is
same
logic
for
reading
data
for
the
disk
from
the
disk.
So
yeah
everything
is
implemented
manually.
There
are
some
advantages
of
this,
but
yeah.
A
A
A
He
back
to
the
main
class.
So
he
main
class
includes
a
lot
of
the
stuff.
Configuration
is
code,
computability
likely
they
will
be
serious
refactoring
applied
here.
But,
as
an
extension
point
extension
point
is
relatively
simple:
what
we
need
to
implement?
Let's
take
a
look,
so
the
result
is
Asian
strategy.
We
can
click
here
and
we
actually
went
in
the
Javadoc.
For
this
extension
point,
you
may
see
that
there
is
a
number
of
methods
which
are
abstract
and
these
methods
are
get
a
seal
for
something.
A
Acl
is
just
common
permission
management
entity
in
Jenkins
and
you
can
reduce
facial
objects,
for
jobs,
for
computers,
for
nodes,
for
users,
news
etc,
and
this
I
think
is
actually
used
to
retrieve
permissions.
So
when
you
navigate
through
UI
example,
let's
go
here,
you
may
see
that
there
is
a
number
of
controls
here
just
to
access
at
this
web
interface.
You
need
a
Jenkins
terrific
admission,
then
jenkees,
you
near
the
Jenkins,
administer
permission
to
manage
credentials.
Yeah
you
likely
do
not
need
anything
for
jobs
in
order
to
see
the
job
you
need
for
this
interface.
A
You
need
job,
discover
and
job
its
permissions
in
order
to
launch
it.
The
job
you'll
see
the
job
build
permission.
So
every
time
you
open
a
Jenkins
web
interface,
there
is
enough
both
technician
checks
being
performed
each
time,
I
alone
the
load,
this
page,
which
can
be
accessed
particular
companies,
for
example,
we
can
go
to
tests
here.
There
is
no
buttons
there
is
built,
and
there
is
debate.
Project
is
a
permission
to
delete
project.
If
we
have
a
build
history
for
bills,
you
can
also
delete
things.
A
You
can
mark
them
escape
forever,
and
all
of
that
is
managed
by
permissions,
and
there
is
also
move
button.
So
move
button
comes
from
folders
plug-in,
but
yeah
even
a
photo
strategy
doesn't
have
direct
integration
in
these
folders,
since
the
plug-in
and
ro
strategy
use
common
API
used
to
can
manage
admissions
for
that,
so
everything
is
managed.
Everything
has
a
lot
of
beautician
checks
and
all
of
that
passes
through
this
class.
A
So
if
you
want
to
get
a
better
mission,
at
least
for
computer,
we
get
this
ACL
for
jobs,
this
UCL,
etc,
etcetera
in
the
plugin.
As
we've
seen
in
the
web
interface,
there
are
three
types
of
permissions
right
now:
let's
take
a
look:
monition
assign
nodes
trolls
so
here
global
roles,
project
roles
and
slave
roles,
which
effectively
means
agent
roles
on
other
roles,
what
it
means
we
manage
data
only
for
three
entities.
For
example,
there
is
no
view
permission
management.
A
There
was
a
pull
request,
but
it
has
never
been
completed
and
there
is
also
no
user.
Specific
permission
management
probably
doesn't
matter,
but
it
could
be
done
in
this
plugin.
We
have
three
entities
this
strength.
It
is
if
we
go
back
to
the
code
and
they
actually
visible
right
here.
So
there
is
a
global
project
slave
which
string
values
the
results
enumeration
in
another
package,
roll
type
which
actually
does
the
same
but
yep
as
an
iteration
which
improves
performance
of
some
IPS.
A
A
For
each
type,
a
global
project
slave,
we
have
a
role
map
which
is
stored
in
the
container.
It's
persistent
on
the
disk
and
each
time
the
plugin
needs
to
provide
a
CL
for
permissions.
It
goes
through
the
methods,
for
example,
if
you
want
to
get
a
permission
for
the
project,
for
example
out
this
job,
you
may
see
that
actually
we
request
a
shield
for
abstract
item
is
here
and
for
abstract
item.
It
includes
not
only
job
but
various.
A
Components,
actually
it's
not
widely
used
to
inject
this
right
now.
Here
you
can
to
appreciate-
and
this
method
actually
goes
here.
This
is
a
default
role,
my
complementation,
so
it
takes
a
little
knob
to
take
which
item
name
to
retrieve
and
then
it
receives
all
the
information
so
how
this
little
map
is
organized.
There
were
some
changes
in
that
in
the
recent
release,
but
effectively
for
each
role
map,
since
we
have
global
permissions
and
they
have
local
permissions.
A
What
we
do
here
that
there
is
a
also
way
to
inherit
data
so,
for
example,
inheriting
SEL
what
it
does
it
actually
combines
rotation
and
those
role
specific
ecn.
So
it
means
that
they,
if
you
request
permission
for
a
project,
so
I
clicked.
Some
is
here
and
some
bits
here
and
our
user.
If
we
identify
them
what
he
will
get
if
he
accesses
a
project,
he
gets
permissions.
He
and
the
guest
permission
here,
always
if
he
belongs
to
this
group.
So
it's
combined
at
this
level
but
yeah.
A
B
A
A
It's
a
combination
of
multiple
entities,
so
role
is
what
you
can
figure
here.
So,
for
example,
role
at
me:
it
has
some
permissions
and
the
role
entity
is
like
it.
He
as
well,
but
yeah.
You
may
say
that
it
has
name
it
has
pattern.
It
has
some
description
which
is
not
publicly
used
in
web.
Your
right
now
and
the
results
has
had
with
permissions.
Then
we
map
it
to
the
container
here
so
set
of
strings
effectively.
This
set
of
strings
is
assignments.
A
We
have
in
another
control
key
Andros
assigned
roles
yep,
so
you
may
see
that
yeah
I
should
have
created
a
better
configuration
for
the
demo
today,
I
didn't
prepare
to
that,
but
yeah
whatever
you
know,
taking
a
look
at
the
key
section.
So
here
this
is
set
of
seeds.
It
may
be
either
users.
So,
for
example,
here
we
have
user
user
user
admin.
We
can
have
also
no
animus,
we
could
add
alt
and
authenticated.
A
So
this
also
see
significant
link
is
directly
and
if
our
identification
engine
supports
group,
so
then
we
can
also
do
groups
here,
for
example,
really,
if
you
use
old
up
or
if
use
github
as
identification
engine,
you
can
manage
groups
and
the
plug-in
also
supported
it.
Because
inject
is
that
we
see.
Actually
each
group
will
be
a
set
of
seeds
which
you
can
manage
various
assignments.
A
So
that's
how
it
works
and
yeah
they
start
here,
and
you
may
see
that
the
results
cache,
because
yeah
the
plug-in
needs
to
provide
good
performance
and
what
it
means
that
we
need
some
caching.
So
here
we
use
standard
crashing
complementation
and
do
not
recall
which
one
its
cache
builder
from
and
go
up
if
I
recall
correctly
and
yeah
here
we
just
used
this
default
construction
cache.
So
when
we
access
rolls,
etc.
A
A
Yeah
I
did
have
sources
for
this
session
and
my
maybe
not
repository
but
yeah.
Let's
just
go
to
the
Incas
Java
doc
me
a
jinx
project
posts
Javadoc
for
companies,
so
here
you
may
see
that
that
is
our
security
entity.
Actually
just
controls
access
to
the
data,
and
here
you
may
see
a
number
of
methods
and
the
only
method
which
is
abstract
is
this
method
has
permission.
A
It
means
that
whatever
a
sale
entity
reproduce,
it
should
be
able
to
answer
whether
this
SEL
has
a
admission
for
particular
route
indication
so
identification.
Maybe,
for
example,
my
current
user
or
jenkees
admin,
the
admission
it
may
be,
for
example,
job
field
or
job
execute
or
whatever,
and
this
particular
permission
entity
should
be
able
to
answer
these
two
questions.
A
So
Sen
has
been
retrieved
for
particular
item
and
it
means
that
if
here,
for
example,
we
have
got
a
CL
which
retrieves
data
for
the
project,
it
means
that
we,
if
there
are
different
admission
configurations,
we
should
return
different
ACN
objects
here
and
that's
why
actually,
the
plug-in
creates
a
CLS
each
time
on
its
own,
especially
when
it
inherits
the
data.
So
here
you
may
see
that
yeah
you.
A
We
create
a
new
ACL
on
each
request,
which
is
definitely
not
good
from
the
performance
side,
and
it
would
be
one
of
the
potential
topics
for
performance
polishing
but
yeah.
That's
how
the
plug-in
works
now,
and
you
may
see
that
actually
he
just
combines
better
mission
from
child
and
then,
if
child
has
no
permission,
it
takes
permission
from
parent
what
it
means
that
a
child
force
it's
always
route
this
year.
So
if
you
take
a
here's,
a
child
for
the
cocoa-
okay-
oh
maybe
not,
let's
take
a
look,
no,
its
parent.
A
Second,
is
here
so:
firstly,
we
consult
with
project
permissions.
So
then
we
consult
with
global
roles
and
if
it
doesn't
work,
then
we
just
return
false.
So
this
is
the
default
behavior.
It's
done,
because
this
one
may
be
non
conclusion,
because
we
can
treat
turn
permissions,
but
sometimes
it
may
be
better
to
invert
this
logic,
which
could
be
also
a
potential
perform
improvement
anyway,
this
how
it
works.
A
A
You
may
see
that
there
is
equity
here
but
effectively
what
it
does
it
various
role
map
for
item
names
and
then
it
gets
a
CL
which
would
operate
with
this
role
map
and
which
would
also
be
combined
with
0
TC
so
effectively
we
mesh
all
this
permission
and
graph,
for
particular
fetch
so
item
name,
for
example,
for
job
or
for
agent
military.
We
built
this
map
and
then
return
this
a
CL
as
a
result
and
Jenkins
will
use
this
SL
as
many
times
as
it
wishes
to
render
to
their
web
bi.
A
That's
how
it
works.
It's
not
well,
it
works.
Obviously
there
is
a
lot
of
performance.
Improvements
can
be
done
there,
but
on
the
plugins.
Actually,
our
main
objective
is
to
build
this
object
in
a
quick
way.
So
here
there
you
go
some
enhancement
in
the
last
release
and
thanks
a
lot
for
that.
So
here
you
may
see
that
we
actually
go
through
all
roles
and
verify
that
our
regular
expression
patterns
are
matching,
and
after
that
we
do
these
permission
checks,
obviously
not
for
permissions.
A
A
Actually,
this
is
how
it
works.
So
it's
just
one
method
which
goes
a
little
bit
of
ice
all
patterns.
It
will
build
towers,
roll
mob
and
then
roll
mob,
and
here
we
can
see
that
the
results-
a
ETL
constructor
here
yet
get
a
CA
effectively
for
roll
mop.
It
just
creates
a
CL
implementation
which
takes
control
to
item.
We
will
be
very
frank
and
roll
type
because
we
need
it
for
some
pet
machine
checks
and
logging
and
yeah
pretty
much
sure.
That's
it.
A
A
C
A
A
Here
it's
just
roll
asanas.
So
if
you
had
mean
you
don't
mean
everywhere,
if
you
authenticated,
you
have
identification
where
and
we
have
painted
this
configuration
to
project
rolls
when
we
produced
the
finally
sealed,
so
these
global
rolls
will
be
used
as
addition
to
what
specific
roles
or
agent
specific
roles
you
have
configured
them.
These
configurations.
A
So
global
levels
is
this
configuration
actually
its
global
roles.
It
applies
everywhere
across
jenkins
instance,
and
here
you
may
see
that
you
actually
can
manage
all
permission
groups.
So
there
are
permission
groups
for
credentials
for
agents
for
jobs
yeah.
You
can
configure
everything
and
it
will
apply
globally.
So,
for
example,
here
in
straighter
has
actually
jenkees
administered
permeation.
All
other
checkboxes
are
not
really
quite
in
this
configuration,
because
this
permission
in
the
current
setup
gives
you
all
permissions
across
the
Jenkins
instance
and
then
and
if
I
sign
this
permission
in
assign
roles.
A
This
is
the
first
roll
and
two
other
ones
is
project
and
slave,
so
project,
all
the
it
uses
obsolete
terminology
but
yeah
what
it
really
means
that
project
Rossi
is
any
kind
of
item
within
the
system
so,
for
example,
folder
job
and
anything
else.
You
can
actually
create
from
here
so
new
item.
You
may
see
that
there
are
multiple
project
types.
Everything
is
controlled
by
a
here
by
this
permission,
or
over
builds
also
controlled
by
this
troll.
A
So,
for
example,
if
we
take
test,
you
may
see
that
there
is
a
build
and
the
drink
is
take.
Tinkly
allows
to
configure
different
permissions
for
different
bins.
It's
supported
by
its
architecture.
It's
not
supported
by
the
whole
strategy
plug-in,
but
still
all
permissions.
You
define
actually
come
from
this
table
and
last
but
not
least,
is
about
agents.
So
currently
we
didn't
have
agents
in
Jenkins,
but
actually
we
could
have
one.
So,
for
example,
there
is
built
executor
status.
There
is
only
one
agent
master,
but
we
can
create
another
agent
agent.
A
It's
something
like
that.
So
here
the
result
some
configuration
to
be
done,
but
we
are
not
really
going
to
launch
the
same
agent,
so
we
can
just
put
something
quite
a
bit
and
we
will,
for
example,
Linux.
Even
though
I
run
with
my
costs-
okay,
let's
say
it's
my
cost
to
be
fair
okay,
so
this
is
an
agent
and
what
we
can
do.
We
can
configure
different
permissions
for
master
and
the
agent
and
the
yeah.
Let's
take
a
look
at
these
permissions.
A
A
So,
let's
say
agent
team
E,
and
you
say
that
my
agent,
you
it's
a
regular
expression
pattern,
but
the
name
is
a
valid
regular
expression
name
and
they
he
we
have
that
a
also
let's
say
King
bee,
so
I
think
we
hey.
We
created
two
teams
for
my
agent
and
we
can
say
that,
for
the
team
a
for
example
can
configure
agents
can
connect
agents
can
delete,
disconnect
build
whatever.
So
this
is
management
for
owners,
but
for
King
bee
we
can
say
that
the
user
can
only
build
on
the
agent.
What
it
actually
means.
A
I
want
to
talk
about
it
a
bit
later,
because
it's
a
complicated
topic,
but
in
Jenkins
said
that
is
also
Q
identification.
So
it's
not
only
about
web
UI
when
you
launch
a
build,
for
example,
if
you
click
here,
you
also
run
some
execution
on
the
queue
and
this
execution
can
actually
land
on
a
master
on
an
agent
and
it's
possible
to
protect
agents.
So,
for
example,
by
this
permission,
if
I
have
authorized
project
plug-in
installed,
I
can
say
that
only
team
B
can
execute
a
builds
on
a
particular
agent.
A
It
requires
some
configuration,
but
it's
possible
and
the
dam
I
was
showing
it's
damaging.
His
configuration
s
code
actually
does
that
if
you
take
a
look
at
plug
in
plug
in
sixth
year,
there
is
a
plug-in
called
a
trace
project.
He
is
here
so
effectively
huge
security
is
configured
here,
and
this
is
an
engine.
How
we
do
it
so
the
role
stretch
plug-in
allows
managing
that,
and
it's
just
one
of
the
ways
porting.
D
A
A
A
So
we,
let
me
just
finish
the
code
Dave.
If
there
are
some
interesting
bits
in
this
plugin,
for
example,
there
are
some
dangerous
permission,
handling
logic.
It
actually
has
been
done
due
to
historical
reasons,
because
there
were
some
combinations
of
permissions
which
are
not
actually
recommended
in
Jenkins.
I
won't
be
able
to
show
you
it
in
the
web
UI
because
we
have
protection
from
that,
but
so
currently
dangerous
permissions
are
disabled.
A
So
at
some
point
in
the
security
team,
where
it
was
decided
to
limit
number
of
permissions
by
default-
and
there
is
a
dangerous
permission-
engine
which
actually
hides
the
despair
missions
or
prints
administrative
warnings
if
they're
configured
and
if
they
are
not
advised
so
currently
it's
hidden.
So
we
don't
see
it
in
web
UI.
Another
topic
you
may
need
to
know
about
it
is
about
mattress,
so
what
mattress
to
actually
they
provide.
A
Some
additional
integrations
and
a
story
behind
the
determine
at
my
previous
company.
We
had
some
issues
with
performance
of
refresher
plug-in
and
we
decided
to
offer
another
based
on
ownership
plugin,
so
ownership
plug-in
is
just
separate
plug-in,
but
it
integrates
with
a
roll
strategy
and
some
other
plugins
and
the
security
engine
is
called
basic
security.
So
you
may
see
that
it
includes
at
all
based
strategy.
Also
job
restrictions
plug-in
an
authorized
project
which
I
was
referencing
today
and
what
it
does.
A
Instead
of
configuring,
multiple
roles,
actually
it
configures
only
two
roles:
current
user
is
owner,
is
primary
owner,
etc,
and
then
you
can
configure
roles
not
by
this
moderate
success.
You
may
see
here.
There
is,
for
example,
matrix
with
assigned
roles,
but
by
managing
permissions
directly
as
owner.
A
So
if
you
have
access
to
this
demo
is
something
you
can
see
there,
but
you
effectively
able
exchange
administrator
to
assign
owners
to
each
job
or
to
each
folder,
and
then
this
owner
configurations
it
will
grant
you
some
technicians
and
on
the
road
side,
you
said
it
was
done
by
mattress.
So
you
may
see
that
it
starts
from
a
special
symbol
and
then
it's
considered
as
a
mockery
in
toe
stretchers
plugin,
so
mock
those,
so
they
being
handled
a
bit
differently
because
yeah,
when
you
have
mattress,
it's
actually
being
calculated
dynamically.
A
So
it's
not
like
a
regular
expression.
It's
an
invocation
of
extension
point
so
here
you
may
see
that
actually
there
are
two
kinds
of
mattress.
One
is
role,
macro
extension,
so
this
is
what
we
have
here.
There
is
also
a
user
macro
extension,
but
it's
not
really
implementing
that
and
it's
not
really
used
anyway,
but
him
for
mattress
what
it
does.
It's
a
separate
extension
point
which
has
its
own
caching
and
yeah.
This
macro
engine
allows
to
somehow
complete
which
users
much
this
permission.
They
name
again.
A
So,
for
example,
here
you
may
see
that
just
second
amateur
extension,
I
believe
should
be
here
yeah,
so
it
checks.
It
actually
has
this
method
has
permission,
so
you
may
see
it
here
and
effectively.
It
means
that
this
matter
makes
a
final
decision,
whether
user
has
permission
or
not.
It
comes
at
some
performance
overhead,
but
on
the
other
hand,
we
didn't
need
to
compare
multiple,
regular
expressions
each
time
you
fetch
it
the
data,
so
at
some
point,
I
implemented
it
as
my
solution
for
performance
issues
in
the
plugin.
A
It's
not
a
medial
solution,
but
it
came
from
advanced
user
management
features.
But
if
you
work
on
the
performance
plug-in
that
it's
something
you
need
to
keep
in
mind,
okay,
I
was
talking
about
performance
about.
Today,
probably
we
should
talk
a
bit
about
user
experience
so
how
its
organized
Jenkins
has
its
own
engine.
A
It's
based
on
data,
so
you
may
see
that
whether
it's
a
mostly
written
in
jelly
for
this
plug-in
jelly
is
a
bit
combination
of
XML
HTML
and
the
Java
code,
actually
not
even
Java
groovy,
but
you
may
see
how
it
works
in
real,
for
example,
this
is
an
index
page
which
offers
you
controls
taxes,
the
data
so
effectively.
This
is
a
configuration
for
this
page
and
there
are
ways
to
create
markers.
There
are
ways,
for
example,
that
is
a
reusable
tag,
library,
and
then
we
have
two
hyperlinks
and
yeah.
A
There
are
all
stables,
for
example,
in
global
rules.
You
may
see
that
there
is
some
magic
behind
it
and
you
may
also
see
that
there
is
embedded
JavaScript
logic,
which
does
something
for
management
of
this
web
view
is,
so
is
how
the
current
interface
is
configured
in
this
plugin.
It's
far
from
ideal.
It
would
be
great
to
completely
to
work
it.
To
be
honest.
So
now
there
is
a
trend
toward
Sheila
splitter,
the
management,
the
part,
so
we
could
have
REST
API
sand.
A
A
So
yeah
you
may
see
that
now
it's
a
mix,
so
whatever
jelly
JavaScript
doesn't
help,
but
yeah
I
mean
you'd,
be
makes
the
code
more
complex,
especially
things
like
that.
So
by
using
an
existing
web
framework,
for
example,
rewrapped
or
something
like
that,
you
can
just
work
these
pages
and
simplify
them
so
yeah,
it
would
be.
One
of
the
foundation
needs
for
the
user
experience
project
and
Rob
strategy
plug-in
yeah.
You
may
see
that
there
is
number
of
such
pages
here,
which
could
be
the
word
completely
replaced.
According
to
your
proposal,.
D
A
A
Okay,
so
yeah
for
web
URLs,
yep
I
think
that
the
work
of
this
mess
would
be
actually
an
interesting
I.
Think
for
everybody
who
uses
this
plugin,
because
this
configurations
it's
difficult
to,
maintain
that
it's
difficult
to
extend
the
extended
the
UI
is
really
difficult
to
use
when
you're
hundreds
of
rolls,
because
there
is
no
pagination
there
and
just
switching
to
another
interface,
would
help
yeah
thousands
of
users
of
the
plugin
out
of
the
box.
He
is
just
a
sketch,
but
he
imagined
these
pages.
A
A
Ok,
what
else
do
you
need
to
know
about
this
plugin?
As
I
said,
development
of
this
plugin
is
just
development
of
any
other
jenkees
plugin.
So
there
are
guidelines
for
it,
maybe
in
each
period
on
actually
that's
the
run.
You
can
call
me
a
niche,
maybe
in
debug,
in
order
to
run
in
the
debug
mode.
So
you
may
see
that
now
it
exposes
a
debug
port.
So
you
can
connect
your
ideas
at
remote,
debugger
and
start
developing.
A
If
you
use
NetBeans,
it's
even
more
easy
because
there
are
specific
means
for
NetBeans,
we
save
time,
but
here
it's
like
any
other
plugin
and
once
you
create
something
you
can
create
pull
requests.
Actually
we
already
had
a
lot
of
pull
requests
over
the
last
weeks
and
you're
more
than
welcome
to
contribute
more
so
you
may
see
that
we
have
continuous
integration
instance
configured
so
one
every
time
you
configure
create
a
pull
request.
Actually
the
build
will
be
completed
and
you
will
get
test
result.
A
So,
for
example,
there
is
a
pull
request
from
the
punch,
one
of
ones
related
to
performance.
It
has
been
tested,
it
has
been
integrated
and
all
the
widget
released
at
school
and
the
speaking
of
tests,
all
tests
which
be
running
in
the
plug-in.
Now
they
allocated
in
this
directory.
First-
and
here
you
may
see
that
there
is
actually
only
some
plugins
and
obviously
it
could
be
improved
a
lot.
So
you
may
see
that
there
are
a
few
plugins
a
few
tests
in
this
plugin
and
for
new
functionality.
A
I
tried
to
develop
a
test,
automation
and
everybody
is
welcome
to
contribute
more
tests,
because
now
there
is
almost
no
web
UI
test
automation.
There
is
a
limited,
functional
test
formation,
so
yeah
we
can
always
do
more
and
the
regarding
test
utilities.
So
right
now,
I
do
not
want
to
do
a
particular
knowledge
transfer
for
that
we
usually
do
a
dedicated
knowledge
transfer
for
test
utilities
when
we
get
closer
to
community
bonding
so
that
everybody
is
able
to
contribute
and
listen,
because
it's
shared
between
multiple
projects
and
yeah.
A
A
A
Managing
your
projects,
ji
Seok,
so
you
may
see
that
there
are
some
issues
here
and
some
of
them
are
still
not
addressed
but
yeah.
My
advice
to
you
would
be
to
actually,
if
you
don't
have
any
issues
to
start
from
here.
Firstly,
you
can,
if
you
already
contributed
some
tickets,
you
can
anymore.
Can
you
be
friendly
and
you
can
take
a
look
at
particular
locations
related
to
performance
or
you
can
just
do
some
exploration
because
yep
performance
performance,
then
this
plug-in
can
be
improved
a
lot
web
us
could
be
improved
a
lot.
A
A
Yes,
oh
this
method
is
to
actually
prevent
usages
of
AP
is
in
other
plugins.
So
it's
a
Jenkins
internal
mechanism
which
allows
to
restrict
public
methods
to
particular
plugins,
because
there
is
no
other
means
available
in
Java
to
permit
method
from
one
package
in
another
package
without
permitting
it
for
other
plugins,
at
least
until
we
use
Java
11
and
models
other
simple
solutions,
so
restrictive
how
internally
it
link
for
that.
A
It's
nearly
feature:
no
bug
groovy
actually
does
not
recognize
Java
annotations,
because
Ruby
is
still
able
to
access
many
things,
including
private
methods,
private
fields
like
reflection
in
Java.
So
so
it's
not
a
bug,
it's
how
it
works
and
yeah.
When
you
access
private
meditation
from
groovy
scripts,
it
usually
means
that
EPA
of
the
plug-in
is
material
and
could
be
improved
if
you
need
that,
we
do
not
restrict
it.
So
the
purpose
of
annotations
is
to
prevent
plugins,
at
least
from
including
the
code
directly
in
the
code
base.
A
Okay,
if
there
is
no
more
questions,
I
propose
to
close
down
the
recording
for
now,
because
I
have
another
meeting
starting
but
yeah.
If
there
are
any
questions,
we
can
press
it
into
a
chat
and,
if
needed,
I'm
happy
to
organize
another
session
from
them.
If
somebody
wants
to
talk
about
web
UIs,
specifically
how
its
organized
well,
most
probably
you
know
about
web
us
than
me,
but
I'll
do
my
best
to
help.