Can we disable build runners per agent/pool?

Avatar
Andrew Moyse82
Created

In order to make sure developers can't build certain types of software on our on-prem TeamCity, we'd like to be able to disable specific available runners on specific agents or agent pools. I couldn't see a way to do this or any documentation indicating it's possible so I just wanted to confirm whether my interpretation is correct.

 

Votes

0

Share

2 comments
Avatar
Guilherme Barbosa
Created
Hello,
Your idea is to deny the access of developers to some build configuration types, or do you actually want to limit their access to certain agents?
In any case, it seems to me that the best approach to manage what developers can do within TeamCity would be to use the User Management (you can find it under Administration) to set the appropriate permissions per Project, and to set the build configurations that use specific build runners under the appropriate project. Finally you can also set your pools per project with the agents you want. This way you could control what developers can build with your TeamCity.
You can find more information about Per Project Authorization Mode here:
 
Guilherme
0
Avatar
Andrew Moyse82
Created

Hi Guilherme,

Thanks for the answer. I'm aware of all of those features but none of them provide the level of granularity as far as security is concerned that I'm looking for. I'm basically looking for the ability to have agents that can only run docker builds. Right now, even if I create an LDAP sync'd group that has a scoped down role, a developer could attempt to build a project using any of the wrappers/plugins that are registered on the TeamCity server. In our case that's ~20 different types of builds. So I'd like to be able configure an agent, or really an agent pool, to only present the docker wrapper/runner to compatible build configs.

It sounds like that's not a possibility though. Could be a new feature request?

Thanks,
Andrew

0

Please sign in to leave a comment.