Configuring security settings in CC.NET 1.5 - cruisecontrol.net

Below is the ccnet.config file I am having, where I am using the new security features of CC.NET 1.5. Can anybody let me know what I am doing wrong.
I have two groups in a DOMAIN and I want to let one group to only view and the other group Full Access.
<cruisecontrol>
<project>
<name>Introvert</name>
<!-- Security Settings -->
<security type="defaultProjectSecurity" defaultRight="Deny">
<permissions>
<!-- Grant permissions to this project -->
<rolePermission name="ViewOnly" ref="ViewOnly"/>
<rolePermission name="FullAccess" ref="FullAccess"/>
</permissions>
</security>
</project>
<!-- Security Settings -->
<internalSecurity>
<users>
<simpleUser name="DOMAIN\GROUP1\*" />
<simpleUser name="DOMAIN\GROUP2\*" />
</users>
<permissions>
!-- Roles -->
<rolePermission name="FullAccess" forceBuild="Allow" startProject="Allow" >
<users>
<userName name="DOMAIN\GROUP1\"/>
</users>
</rolePermission>
<rolePermission name="ViewOnly" forceBuild="Deny" startProject="Deny">
<users>
<userName name="DOMAIN\GROUP2\"/>
</users>
</rolePermission>
</permissions>
</internalSecurity>
</cruisecontrol>

<!-- Security Settings -->
<internalSecurity>
<users>
<simpleUser name="DOMAIN\GROUP1\*" />
<simpleUser name="DOMAIN\GROUP2\*" />
</users>
<permissions>
**!-- Roles -->** <-- mising a "<", bad formatted XML
<rolePermission name="FullAccess" forceBuild="Allow" startProject="Allow" >
<users>
<userName name="DOMAIN\GROUP1\"/> <-- shouldn't it be DOMAIN\GROUP1\*?
</users>
</rolePermission>
<rolePermission name="ViewOnly" forceBuild="Deny" startProject="Deny">
<users>
<userName name="DOMAIN\GROUP2\"/>
</users>
</rolePermission>
</permissions>
</internalSecurity>

Related

Wix MSI Installer:How to allow anonymous authentication when set to override="deny" in applicationHost.Config

I have a web application that we install via a Wix MSI project. The web.config includes the authentication nodes below. Everything installs correctly but after installation, I get the error message:
"The configuration section cannot be used at this path". This is due to the configuration locking in applicationHost.config .
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<basicAuthentication enabled="true" />
<windowsAuthentication enabled="false" />
</authentication>
</security>
</system.webServer>
How can I override the applicationHost.config settings during the installation? I do install required Windows Features during the install, but am I missing one?
This is the solution that worked for me, calling appcmd from a custom action, before InstallFinalize.
<CustomAction Id="UnlockAnonymousAuthentication"
Execute="deferred"
Impersonate="no"
Return="check"
Directory="TARGETDIR"
ExeCommand="[SystemFolder]inetsrv\appcmd unlock config /section:anonymousAuthentication" />
<CustomAction Id="UnlockBasicAuthentication"
Execute="deferred"
Impersonate="no"
Return="check"
Directory="TARGETDIR"
ExeCommand="[SystemFolder]inetsrv\appcmd unlock config /section:basicAuthentication" />
<CustomAction Id="UnlockWindowsAuthentication"
Execute="deferred"
Impersonate="no"
Return="check"
Directory="TARGETDIR"
ExeCommand="[SystemFolder]inetsrv\appcmd unlock config /section:windowsAuthentication" />
<InstallExecuteSequence>
<Custom Action="UnlockAnonymousAuthentication" Before="InstallFinalize"><![CDATA[NOT Installed]]></Custom>
<Custom Action="UnlockBasicAuthentication" Before="InstallFinalize"><![CDATA[NOT Installed]]></Custom>
<Custom Action="UnlockWindowsAuthentication" Before="InstallFinalize"><![CDATA[NOT Installed]]></Custom>
</InstallExecuteSequence>
Hope this helps someone.
Here is currently a way to do this directly using the WiX IIS extension WebDirProperties element:
https://wixtoolset.org/documentation/manual/v3/xsd/iis/webdirproperties.html
Something similar to this should work. Notice the critical piece is the WebDirProperties
element that specifies the
AnonymousAccess="yes" BasicAuthentication="no" WindowsAuthentication="no" which modify
the IIS properties you are looking to change during installation.
<?xml version="1.0" encoding="UTF-8"?>
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"
xmlns:iis="http://schemas.microsoft.com/wix/IIsExtension" >
<Fragment>
<!-- Install to default web site -->
<iis:WebSite Id="DefaultWebSite" Description='Default Web Site'>
<iis:WebAddress Id="AllUnassigned" Port="80" />
</iis:WebSite>
<!-- References the installation folder specified in the Product.wxs file under the INSTALLFOLDER -->
<DirectoryRef Id="WEB_INSTALLFOLDER">
<!-- Configure virtual dir -->
<Component Id="VirtualDirectoryComponent"
Guid="{INSERT-YOUR-OWN-GUID-2C27-427A-A7B1-DA4DBCC79117}"
KeyPath="yes" >
<iis:WebVirtualDir Id="VirtualDirectory"
Alias="[WEB_DIRECTORY_ALIAS]" Directory="WEB_INSTALLFOLDER"
WebSite="DefaultWebSite">
<iis:WebDirProperties Id="VirtualDirectoryProperties"
AnonymousAccess="yes" BasicAuthentication="no"
WindowsAuthentication="no" />
<iis:WebApplication
Id="MyWebApplication"
Name="MyWebApplication" />
</iis:WebVirtualDir>
</Component>
</DirectoryRef>
</Fragment>
</Wix>

How can I get CruiseControl.NET to attach error log in email?

This is a sample of my publisher setting:
<publishers>
<statistics />
<xmllogger logDir="F:\ccnet\Project\xxxxxx\Artifacts\buildlogs" />
<buildpublisher>
<sourceDir>$(buildDir)\_PublishedWebsites\$(projectName)</sourceDir>
<publishDir>$(webDir)</publishDir>
<useLabelSubDirectory>false</useLabelSubDirectory>
<alwaysPublish>false</alwaysPublish>
</buildpublisher>
<email mailport="25"
mailhostUsername="xxx#xx.xx"
mailhostPassword="xxxxxxxxx"
includeDetails="TRUE"
useSSL="FALSE">
<includeDetails>TRUE</includeDetails>
<from>xxxx#xx.xx</from>
<mailhost>xxxx.xxxx.xxx</mailhost>
<users>
<user name="Flemming" group="buildmaster" address="xx#xx.xxu" />
</users>
<groups>
<group name="buildmaster">
<notifications>
<notificationType>Always</notificationType>
</notifications>
</group>
</groups>
</email>
</publishers>
In webdashboard everything is fine. it shows all information from the standard xslt list.
After each build I get an email, but it only shows me information from header.xsl, unittest.xsl (shows no unit tests) and modification.xsl. But it doesn't show anything from compile.xsl.
xslfiles from ccnet.exe.config:
<xslFiles>
<file name="xsl\header.xsl"/>
<file name="xsl\compile.xsl"/>
<file name="xsl\msbuild.xsl"/>
<file name="xsl\modifications.xsl"/>
<!-- <file name="xsl\unittests.xsl"/>
<file name="xsl\fit.xsl"/>
<file name="xsl\fxcop-summary_1_36.xsl"/> -->
</xslFiles>
What am I missing here?
I tried to insert TRUE as well as having it as an attribute, but no difference.
I found the solution.
Instead of using compile.xsl in the xsllists I now use compile_msbuild.xsl
Now I get all errors and warnings in the mails !!!
From CCNET's EmailPublisher documentation:
Make sure that all of the Merge Publishers, along with the Xml Log Publisher task are done before the publisher, or else you won't be able to include output from the build in the email.

Not able to see the FxCop Report embeded in the Email using CruiseControl.Net

I have installed Cruise Control 1.5 on my machine and trying to configure the automated build. Everything is working fine. Application is building, i receive an email but I don't see the FXCop result embedded in the Build Email. What am i missing?
ccnet.config file
<cruisecontrol xmlns:cb="urn:ccnet.config.builder">
<project name="SampleProject">
<webURL>http://localhost/ccnet</webURL>
<workingDirectory>E:\\NewProject\\DevBuilds</workingDirectory>
<artifactDirectory>E:\\NewProject\\DevBuilds\Artifacts</artifactDirectory>
<modificationDelaySeconds>600</modificationDelaySeconds>
<category>Dev Build</category>
<sourcecontrol type="svn">
<trunkUrl>https://mycompany.com/svn/trunk/MyApplication</trunkUrl>
<workingDirectory>E:\\NewProject\\DevBuilds\SourceCode</workingDirectory>
<autoGetSource>false</autoGetSource>
<executable>C:\Program Files\Subversion\bin\svn.exe</executable>
<username>username</username>
<password>password</password>
</sourcecontrol>
<initialState>Started</initialState>
<startupMode>UseInitialState</startupMode>
<triggers>
<intervalTrigger seconds="3600" buildCondition="IfModificationExists" />
</triggers>
<state type="state" directory="E:\\NewProject\\DevBuilds" />
<labeller type="iterationlabeller">
<prefix>1.0</prefix>
<duration>1</duration>
<releaseStartDate>2012/04/11</releaseStartDate>
<separator>.</separator>
</labeller>
<tasks>
<nant>
<executable>E:\NewProject\Installables\nant\bin\nant.exe</executable>
<baseDirectory>E:\\NewProject\\Build Files</baseDirectory>
<buildFile>Build.xml</buildFile>
<targetList>
<target>Run</target>
</targetList>
<buildTimeoutSeconds>5000</buildTimeoutSeconds>
</nant>
</tasks>
<publishers>
<merge>
<files>
<file>E:\NewProject\DevBuilds\FxCopOutput\FxCop-results.xml</file>
</files>
</merge>
<xmllogger logDir="E:\\NewProject\\DevBuilds\Artifacts\\buildlogs" />
<email from="Checkins#symphonysv.com" mailhost="smtp.gmail.com" includeDetails="true" useSSL="false">
<users>
<user name="dev1" group="buildmaster" address="myname#gmail.com"/>
</users>
<groups>
<group name="buildmaster">
<notifications>
<notificationType>Always</notificationType>
</notifications>
</group>
</groups>
</email>
</publishers>
</project>
</cruisecontrol>
Build.xml
<?xml version="1.0"?>
<project name="Test" default="Run" basedir=".">
<property name="BuildNumber" value="1.0.0.0"/>
<property name="SourceControlURL" value="https://mycompany.com/svn/trunk/MyApplication/"/>
<property name="BuildFile" value=".\Build.xml"/>
<property name="TagBuild" value="false"/>
<property name="BuildType" value="Release"/>
<property name="BuildTargetDir" value="E:\NewProject\DevBuilds\Executables"/>
<property name="BuildWorkDir" value="E:\NewProject\DevBuilds\SourceCode"/>
<property name="MSBUILD" value="C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319"/>
<property name="FxCopOutPutDirectory" value="E:\NewProject\DevBuilds\FxCopOutput" />
<property name="FxCopInputDirectory" value="E:\NewProject\DevBuilds" />
<target name="Run" description="Starting ThinkPets Build">
<call target="GetLatestCode"/>
<call target="BuildCode"/>
<call target="BuildASPWebSite"/>
<call target="runFxCop"/>
</target>
<target name="GetLatestCode">
<echo message="Updating Code From SVN to ${BuildWorkDir}"/>
<exec program="svn.exe">
<arg line="checkout ${SourceControlURL} ${BuildWorkDir} -q"/>
</exec>
</target>
<target name="BuildCode">
<echo message="Building VS10 Projects Web" />
<exec program="${MSBUILD}\msbuild.exe" failonerror="true">
<arg line=" "${BuildWorkDir}\Application.sln" /t:Rebuild /p:Configuration=Release /V:q"/>
</exec>
</target>
<target name="BuildASPWebSite">
<echo message="Building ASP Web Site" />
<exec program="${MSBUILD}\aspnet_compiler.exe" failonerror="true">
<arg line=" -v / -p "${BuildWorkDir}\MyDir" -f -c "${BuildTargetDir}" "/>
</exec>
</target>
<target name="runFxCop" depends="BuildCode">
<exec program="C:\Program Files\Microsoft FxCop 1.36\FxCopCmd.exe" failonerror="false">
<arg line="/p:${FxCopInputDirectory}\SampleProject.FxCop /o:${FxCopOutPutDirectory}\FxCop-results.xml"/>
</exec>
</target>
</project>
There are a few points you missed:
You need to add <includeDetails>true</includeDetails> to your e-mail publisher block. This will give you HTML e-mails.
In order to transform your XML build results into HTML you need to add an <xslFiles> section to your e-mail publisher block. The elements of this block point to XSL transformation files in [CCNET_INSTALL_DIR]\server\xsl.
So for including the FxCop summary just as appears in CCNET webdasboard this is your e-mail publisher block:
<email from="Checkins#symphonysv.com" mailhost="smtp.gmail.com" includeDetails="true" useSSL="false">
<users>
<user name="dev1" group="buildmaster" address="myname#gmail.com"/>
</users>
<groups>
<group name="buildmaster">
<notifications>
<notificationType>Always</notificationType>
</notifications>
</group>
</groups>
<includeDetails>true</includeDetails>
<xslFiles>
<file>xsl\fxcop-summary_1_36.xsl</file>
</xslFiles>
</email>
Thanks Chairman for your valuable time. I think my mistake was that I did not host the "ccnet" application on my machine which resulted in not able to find the xsls for the publishers. When I used the same settings and config file on the Server machine with "ccnet" application hosted, I was able to see the FxCop summary in the email. Please correct my understanding if wrong.

Unused node detected when configuring schedule block with ant for CruiseControl.NET

I'm developing a ccnet.config script for CruiseControl.net that invokes an Ant script, and I'm getting the following error while executing the CruiseControl.NET service:
Error: "Unused node detected:schedule block"
This is my ccnet.config:
<cruisecontrol xmlns:cb="urn:ccnet.config.builder" xmlns="http://thoughtworks.org/ccnet/1/5">
<project name="testprj">
<webURL>http://localhost/ccnet</webURL>
<modificationDelaySeconds>10</modificationDelaySeconds>
<sourcecontrol type="cvs" autoGetSource="true">
<executable>C:\dev\ccnet\ccnet\tools\cvs.exe</executable>
<cvsroot>:ext:exortech#ccnet:/cvsroot/ccnetcontrib</cvsroot>
<module>ccnet</module>
<workingDirectory>C:\dev\Copy of FAT\</workingDirectory>
<webUrlBuilder type="viewcvs">
<url>http://localhost:7899/viewcvs/ccnet/NUnitDemo/</url>
</webUrlBuilder>
</sourcecontrol>
<schedule>
<ant>
<antscript>C:\Apache\apache-ant-1.8.1\bin\ant.bat</antscript>
<antworkingdir>C:\Apache</antworkingdir>
<buildfile>internalpush.xml</buildfile>
<uselogger>true</uselogger>
<usedebug>false</usedebug>
</ant>
</schedule>
<publishers>
<merge>
<files>
<file>C:\dev\ccnet\ccnet\build\ccnet.exe-results.xml</file>
</files>
</merge>
<xmllogger>
<logDir>log</logDir>
</xmllogger>
<email mailhost="foo" from="sreekanth#foo.com" includeDetails="true">
<users>
<user name="BuildGuru" group="buildmaster" address="buildguru#mycompany.com"/>
<user name="JoeDeveloper" group="developers" address="joedeveloper#thoughtworks.com"/>
</users>
<groups>
<group name="developers">
<notifications>
<NotificationType>Change</NotificationType>
</notifications>
</group>
<group name="buildmaster">
<notifications>
<NotificationType>Change</NotificationType>
</notifications>
</group>
</groups>
</email>
</publishers>
</project>
</cruisecontrol>
There is no "schedule" element available under the "project" element: http://confluence.public.thoughtworks.org/display/CCNET/Project+Configuration+Block

CruiseControl secure a build project node

Is there a way to secure a build project node in cruisecontrol? I would like to restrict the use of force build to specific users.
This can be done by adding a <security> tag in the project config.
<project name="TestProject">
<security type="defaultProjectSecurity" defaultRight="Deny">
<permissions>
<rolePermission name="TestProjectAdmin" ref="FractionFactionAdmin" />
</permissions>
</security>
</project>
<internalSecurity>
<cache type="inMemoryCache" duration="30" mode="sliding"/>
<users>
<passwordUser name="user1" password="change"/>
<passwordUser name="user2" password="change"/>
</users>
<permissions>
<rolePermission name="TestProjectAdmin" defaultRight="Allow" forceBuild="Allow" viewProject="Allow" startProject="Allow">
<users>
<userName name="user1"/>
<userName name="user2"/>
</users>
</rolePermission>
</permissions>
</internalSecurity>
try like this

Resources