Role Strategy Plugin performance

Goal: Improve performance of one of the most popular authorization plugins in Jenkins

Status: Completed

Team

Details

The Role Strategy Plugin is one of the most popular Jenkins authorization plugin. On adding a large number of roles to the plugin, a significant slowdown is visible in the Jenkins Web UI. The project aims to improve the end user experience by improving the performance of the plugin and creating a reliable performance testing framework which can be used in other Jenkins plugins.

The project is being tracked on Jenkins Jira:

Please follow our link:https://app.gitter.im/#/room/#jenkinsci_role-strategy-Gitter chat for more details.

Project Proposal

You can find more details at the project proposal Google Doc.

Project Meeting Schedule

Project Specific meetings: Tuesdays and Fridays at 7:00 AM UTC from May 14, 2019 to August 2, 2019. Tuesdays and Thursdays at 3:00 PM UTC from August 5 onwards.

Jenkins GSoC Office Hours: Wednesdays at 2:00 PM UTC

Performance Testing for Jenkins using JMH

The micro-benchmarking framework was made available to everyone through Jenkins Test Harness 2.51 and Plugin POM 3.46. A blog post summarizing how to use the framework was published and can be seen here.

A demo of the framework was held on May 31 and can be found at: https://www.youtube.com/watch?v=sr28UADG1AE . Another demo was held at the Platform SIG meeting on June 6, this can be found at https://www.youtube.com/watch?v=lyfbmhQd0Ag

Benchmarks using this framework can now also be created inside Jenkins Core. Please see https://github.com/jenkinsci/jenkins/pull/4135 for more details.

Performance improvements to Role Strategy Plugin

To improve the performance of the Role Strategy Plugin, a couple of changes were made. First, a cache for the matching roles for each project was created. This avoids iterating through all regular expressions every time a permission is needed to be checked. The other change that brought performance improvements was to pre-calculate implying permissions. In Jenkins, the ADMINISTRATOR permission, for example, gives the user the permission to read any Job. This change avoids having to calculate all implying permissions whenever a permission needed to be checked. These performance improvements were released for everyone in Role Strategy Plugin 2.13. To learn more about the changes made to the plugin and the improvements in performance, please check out the blog post.

The new Folder Authorization Plugin

A new authorization plugin for Jenkins was created and can be found at https://github.com/jenkinsci/folder-auth-plugin. The plugin allows assigning permissions for Jobs through inheritance in 'folders' from CloudBees' Folders plugin and does not use regular expressions. The plugin also supports Global Roles (like from the Role Strategy plugin) and 'Agent Roles' which can be used for restricting permissions for agents connected to Jenkins. The first public release of the plugin can be found at GitHub. The plugin can be installed on your Jenkins through the Update Center.

The demo for the Phase 2 evaluations can be found at https://youtu.be/tnoObQqGhyM?t=1101 and the slides for the presentation are available at https://drive.google.com/file/d/1IVe3T8WdTILmb62PAIJveR4KbBWzPt1k/view?usp=sharing

To know more about this plugin, please check out the blog post. The demo for the final evaluations can be found at https://www.youtube.com/watch?v=tAUHfYYQrpo

Getting the Code

The Folder Auth plugin was created from scratch during GSoC. The code contributions to other Jenkins' repositories can be found using this GitHub search query which lists all the pull requests that were created.

Links