Quantcast

Tracking/auditing uploads to Artifactory ? Managing POM versions ?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Tracking/auditing uploads to Artifactory ? Managing POM versions ?

Evgeny Goldin

Hello!

Is there any way to track or audit who's making an upload to Artifactory?
When each developer can upload a file that's Ok, we allow that (although,
it's Hudson who's usually running "mvn clean deploy").

But I have a case where some POM is overriden somehow by it's old content,
as if someone was uploading an older version. I don't think someone is
actually doing that, but then I can't understand how come I get an outdated
POM version in Artifactory (it's a SNAPSHOT).

In addition to tracking user uploads (with, probably, host IP and date/time)
- is there a way to manage file versions ? I mean, to see all versions (or
last N versions) of the POM that were uploaded ? Not sure it's useful but
just an idea ..
--
View this message in context: http://www.nabble.com/Tracking-auditing-uploads-to-Artifactory---Managing-POM-versions---tp23909627p23909627.html
Sent from the Artifactory-Users mailing list archive at Nabble.com.


------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
Artifactory-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/artifactory-users
Best regards,
Evgeny
http://evgeny-goldin.com/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Tracking/auditing uploads to Artifactory ? Managing POM versions ?

Yoav Landman
Administrator
Hi,

The access.log should have records for every action, including artifacts upload - with origin IP, timestamp and action details.
You can restrict overriding of non-snapshot artifacts by revoking the DELETE permission on them for the relevant users/groups, but for snapshots we assume the DEPLOY permission also means ability to overwrite (since that's the meaning of a moving snapshot).
I am not sure I understand exactly the use case for versions management - where would you like to see this information? Do you mean having just a simple table of versions by date + deployer when selecting a group node?

Thanks,

Yoav

On Sun, Jun 7, 2009 at 1:30 PM, Evgeny Goldin <[hidden email]> wrote:

Hello!

Is there any way to track or audit who's making an upload to Artifactory?
When each developer can upload a file that's Ok, we allow that (although,
it's Hudson who's usually running "mvn clean deploy").

But I have a case where some POM is overriden somehow by it's old content,
as if someone was uploading an older version. I don't think someone is
actually doing that, but then I can't understand how come I get an outdated
POM version in Artifactory (it's a SNAPSHOT).

In addition to tracking user uploads (with, probably, host IP and date/time)
- is there a way to manage file versions ? I mean, to see all versions (or
last N versions) of the POM that were uploaded ? Not sure it's useful but
just an idea ..
--
View this message in context: http://www.nabble.com/Tracking-auditing-uploads-to-Artifactory---Managing-POM-versions---tp23909627p23909627.html
Sent from the Artifactory-Users mailing list archive at Nabble.com.


------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
Artifactory-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/artifactory-users


------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Artifactory-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/artifactory-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Tracking/auditing uploads to Artifactory ? Managing POM versions ?

Evgeny Goldin
In reply to this post by Evgeny Goldin


Found the guy who was running "mvn deploy" for outdated POM and changed
Artifactory permissions to not allow any deploys of this file for regular
users. Only "Super-Users" group can do so from now on :)
--
View this message in context: http://www.nabble.com/Tracking-auditing-uploads-to-Artifactory---Managing-POM-versions---tp23909627p23929155.html
Sent from the Artifactory-Users mailing list archive at Nabble.com.


------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Artifactory-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/artifactory-users
Best regards,
Evgeny
http://evgeny-goldin.com/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Tracking/auditing uploads to Artifactory ? Managing POM versions ?

Evgeny Goldin

But still - adding "Uploaded by [host]" and "Uploaded at [timestamp]" rows to
"General" tab -> "Info" would be terrific I suppose!
--
View this message in context: http://www.nabble.com/Tracking-auditing-uploads-to-Artifactory---Managing-POM-versions---tp23909627p23929213.html
Sent from the Artifactory-Users mailing list archive at Nabble.com.


------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Artifactory-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/artifactory-users
Best regards,
Evgeny
http://evgeny-goldin.com/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Tracking/auditing uploads to Artifactory ? Managing POM versions ?

Evgeny Goldin
In reply to this post by Yoav Landman

Yes, a history of versions by date/time + host/deployer would be very nice.
So that for each artifact one can see when it was deployed and by whom
(host/username for the case where lot's of people may use the same username)


Yoav  Landman wrote:

>
> Hi,
>
> The access.log should have records for every action, including artifacts
> upload - with origin IP, timestamp and action details.
> You can restrict overriding of *non-snapshot *artifacts by revoking the
> DELETE permission on them for the relevant users/groups, but for snapshots
> we assume the DEPLOY permission also means ability to overwrite (since
> that's the meaning of a moving snapshot).
> I am not sure I understand exactly the use case for versions management -
> where would you like to see this information? Do you mean having just a
> simple table of versions by date + deployer when selecting a group node?
>
> Thanks,
>
> Yoav
>
> On Sun, Jun 7, 2009 at 1:30 PM, Evgeny Goldin <[hidden email]> wrote:
>
>>
>> Hello!
>>
>> Is there any way to track or audit who's making an upload to Artifactory?
>> When each developer can upload a file that's Ok, we allow that (although,
>> it's Hudson who's usually running "mvn clean deploy").
>>
>> But I have a case where some POM is overriden somehow by it's old
>> content,
>> as if someone was uploading an older version. I don't think someone is
>> actually doing that, but then I can't understand how come I get an
>> outdated
>> POM version in Artifactory (it's a SNAPSHOT).
>>
>> In addition to tracking user uploads (with, probably, host IP and
>> date/time)
>> - is there a way to manage file versions ? I mean, to see all versions
>> (or
>> last N versions) of the POM that were uploaded ? Not sure it's useful but
>> just an idea ..
>> --
>> View this message in context:
>> http://www.nabble.com/Tracking-auditing-uploads-to-Artifactory---Managing-POM-versions---tp23909627p23909627.html
>> Sent from the Artifactory-Users mailing list archive at Nabble.com.
>>
>>
>>
>> ------------------------------------------------------------------------------
>> OpenSolaris 2009.06 is a cutting edge operating system for enterprises
>> looking to deploy the next generation of Solaris that includes the latest
>> innovations from Sun and the OpenSource community. Download a copy and
>> enjoy capabilities such as Networking, Storage and Virtualization.
>> Go to: http://p.sf.net/sfu/opensolaris-get
>> _______________________________________________
>> Artifactory-users mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/artifactory-users
>>
>
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> _______________________________________________
> Artifactory-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/artifactory-users
>
>

--
View this message in context: http://www.nabble.com/Tracking-auditing-uploads-to-Artifactory---Managing-POM-versions---tp23909627p23997710.html
Sent from the Artifactory-Users mailing list archive at Nabble.com.


------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Artifactory-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/artifactory-users
Best regards,
Evgeny
http://evgeny-goldin.com/
Loading...