How to trigger build via REST with specific user
In connection with a pre-commit test, we wish to run a compilation and a few fast tests triggered from the review system (P4 Swarm in our case).
Unfortunately, I cannot find a way to run the builds with a specific user as "trigger" - and thus get any notifications sent directly to the original developer. I have tried the following, but this is completely ignored by TeamCity:
<build>
<buildType id="XXXX"/>
<triggered type="user">
<user username="tmad"/>
</triggered>
<triggeringOptions queueAtTop="true"/>
<properties>
<property name="reverse.dep.*.env.SHELVED_CHANGELIST" value="xxxx"/>
<property name="env.PCT_REVIEW_ID" value="xxxx"/>
<property name="env.PCT_PASS_CALLBACK" value="xxxx"/>
<property name="env.PCT_FAIL_CALLBACK" value="xxxx"/>
</properties>
</build>
(I have also tried adding the attribute user.id - but to no avail...)
Is it possible to set the "trigger" user? If yes, how can it be done?
Please sign in to leave a comment.
Hi Tonny,
instead of trying to modify the triggered user, it should authenticate via that user, as TeamCity will recognize that user as the one actually triggering the build.
Hi Denis,
Thanks for the suggestion. Unfortunately, that would require, that the review system is able to login to TeamCity... IFAIK, that is not possible. Or?
/Tonny
Hi Tonny,
I'm not sure what "review system" you mean. Every REST request is authenticated and sends auth data, the XML you shared has to be sent somewhere, and that likely uses some authentication mechanism. Am I missing something here?
The review system in question is Perforce Swarm ("Helix Swarm" now-a-days).
When a new review is started, Swarm will send a HTTP POST with a limited set of arguments - see Swarm documentation.
Unfortunately
So... I have made a small REST server that should
But, as I don't have the password of the user, then I don't know how to start the build as the specific user. Right now, I use a robot user made for the occasion with sufficient permissions to start the build.
An alternative would have been to have my small REST server be a trusted system for TeamCity - but there seems to be no support for this either.
So I could ask the question in a different way: if you only have the user name from TeamCity (and no password), can you then start a build in TeamCity triggered by that user?
How is all this handled for other review systems like Gerrit?
Hi Tonny,
that makes sense. Unfortunately, allowing to send a REST request to trigger a build impersonating a different user would create a number of issues. If the goal of having the builds "triggered by" a user is notifications, they can mark the builds as favourites and they will be notified about it. That should indeed be possible for a different user, as its impact is much lower.
Is the "make build a favorite" functionality available via the REST API - I cannot find this. (Remember that we are still working as the robot user)
Have you given any thoughts to the possible addition of trusted clients in TeamCity? (Atlassian uses this big time in their products...) The idea would be that you register a new client in the TeamCity server and is then given a special token that can be used with all REST calls. Thus we will use "trusted-client-token+impersonation user-id" (or whatever) - e.g. "b91dab5a97d1bee0f5f324af3f5841342f6e7d31+tmad" - in all REST calls. The TeamCity REST server will validate the token and then switch to the specified user... Almost simple :-) (to make it more secure, one can add an md5 that includes a secret part that is never communicated over the wire....)
Hi Tonny,
sorry for the delay. I missed that the feature is not documented but it exists: https://youtrack.jetbrains.com/issue/TW-45745
Denis,
As far as I can see, the private tags can only be set by the user himself - so this does not work for our robot user :-(
The more I look at this, the more a trusted client concept seems to be the best possible solution :-) It is a relatively simple concept and will be just as secure as the current HTTP Auth is... Do you want me to create a ticket on this?
/Tonny
Hi Tonny,
I've been trying it out and it works just fine, you only need the username in TeamCity to be able to fav builds for other users. Use this sample command to derive your request:
curl -v -u <user>:<pass> --request PUT "<url>/app/rest/builds/<locator>/tags" --data '<tags><tag name=".teamcity.star" private="true"><owner username="<target_username>" /></tag></tags>' --header "Content-Type: application/xml"
This said, please feel free to open a feature request in our tracker. I'd recommend copying back all the details about your use case, as this is, as mentioned, a rather strange scenario and our devs will be interested in learning more about it before implementing such a feature.
Hi Denis,
Thanks for the reply. I will test it tomorrow (if I can find the time ;-))
I will open a request for the trusted agent part.
But... what do you do for other review systems like gerrit? Do you know? Do they run the builds as a robot user or as the "change" user?
I'm honestly not aware of such situations, to be honest. We usually don't check on who has triggered a build, but on who has committed the changes that were applied in the build instead. The "triggered by" helps more in identifying manually triggered builds vs automatic builds. In situations where an automated system wants to run a build, usually running them with a generic user for that system is fine. It's also possible to trigger it with a parameter that includes the username or any other message that provides relevant information.
This is for a pre-commit test. For Git, Mecurial, and possibly other VCS's, that can be handled via feature branches, but not so for Perforce. Here you have the ability to shelve files instead (somewhat like in PyCharm), and then use P4 Swarm to perform a review on the shelved files (not yet commited).
So the normal VCS (commit) trigger used in TeamCity will not work - as nothing has been committed yet.
I really wanted to see this as a private build, hence the use of "triggered by".
Are there any other way to to get notification mails to a specific user? (because, that is really the most important part of the story...)
How is the Pre-Commit Run in TeamCity handled normally? You send a zip with the changed files (we have nothing to send) and the sender gets the notifications?
Hi Tonny, and sorry for the delay, I completely missed the last notification.
I'm afraid there is no way to accomplish this with the default functionality, beyond what we suggested which won't fit your scenario. This said, there might be a way around this. You can create your own custom notifier: https://confluence.jetbrains.com/display/TCD18/Custom+Notifier
By creating your own custom notifier, you should be able to create your own custom set of notifications, be it email or any other system.