Release Notes

macOS - Plastic: path permissions now editable in the GUI!

Continuing our work to bring feature parity across all platforms, we have added the ability to configure path permissions in macOS Plastic.

See here for more info on using path permissions to secure user access to your codebase: https://www.plasticscm.com/documentation/security/plastic-scm-version-control-security-guide#Preventusersfrommodifyingspecificitems

The path permissions dialog is launched by selecting "Path permissions" on a file or directory in the Workspace Explorer view.

You can then set access permissions on this path for users or groups.

Permissions can be set for all branches, individual branches, or groups of branches.

Enjoy!

macOS - Plastic: Manage path permissions for a repository from the GUI

We added a new menu option to the repositories view that lets you manage all the path permissions for a repository directly from one place.

You can add, edit, and remove secured paths, as well as specific branches for each one.

All platforms - Server: Added support for allow list to restrict connections to certain IPs.

This new feature works both for on-premises servers (only .net core build) and Plastic Cloud.

In Plastic Cloud a web interface will soon be available to configure the allow list.

== How it works ==

Create a networkallowlist.conf file as follows:

// this is a sample file
127.0.0.1 user1

Then as user1, from localhost, run the following:

cm repo list

You'll see the following log in the server

2020-11-11 17:40:51,970 18 INFO networkallowlist - . allowlist rules:
2020-11-11 17:40:51,971 18 INFO networkallowlist - . allowlist entry: 127.0.0.1 -> user1

Which means the networkallowlist was loaded and the command succeeds.

Now modify the networkallowlist.conf to contain the following lines:

// this is a sample file
127.0.0.1 pablo

Wait at least 60 seconds for the server to notice the configuration change (at this point we only check for changes every minute), and rerun the cm repo list command.

You'll find this in the server log:

2020-11-11 17:42:14,791 20 INFO  networkallowlist - . allowlist rules:
2020-11-11 17:42:14,791 20 INFO  networkallowlist - . allowlist entry: 127.0.0.1 -> pablo

Which means the file was reloaded. And then:

2020-11-11 17:42:45,620 20 INFO  PlasticProto.ConnectionFromClient - conn   12 is not allowed according to the allow list rules. Closing connection.

And your command will fail as follows:

> .\cm.exe repo list
Error: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.

For security reasons, no extra info is sent to the client, the connection is simply closed at the server side.

== What rules networkallowlist.conf currently supports? ==

The following is a valid config file.

// means connections from 81.32.221.43 are allowed
81.32.221.43 

// means connections from 81.32.221.41 are also allowed but only for these users
81.32.221.41 pablo@codice.es ruben@codice.es 

// any IP address starting with 81.32.224 will match (CIDR patterns not supported yet)
81.32.224    

== Restrictions ==

* It can't restrict groups, just users.

* It can't use patterns to specify users.

* IPs are specified as strings, no CIDR patterns supported yet.

* Negation rules are supported yet.

Command-line help: We are making a complete review of the command-line help.

This review consists of fixing formats and editing texts and descriptions. For example, before this task, the usage of the 'cm lock list' was:

cm lock list [revspec [revspec ...]] [options]

and now is:

cm lock list | ls [<revspec> [ ...]] [--server=<server>]
                      [--onlycurrentuser] [--onlycurrentworkspace]
                      [--ignorecase]

Windows - Plastic: partial workspace notification bar!

Plastic and Gluon use different kinds of workspace: a full workspace and a partial workspace, respectively.

It can be a bit confusing for users if they use Plastic and Gluon on the same workspace, because you have to remember to update the workspace in each tool to switch between workspace types.

We've made that a whole lot easier now. If you open a partial workspace in Plastic you now get a notification message, from which you can easily update the workspace and continue working.

It looks like this

Jenkins plugin: We added multiple cleanup options for build checkout

Thanks to the contributions of Krzysztof Knapik from Housemarque, we just released a new version of our Jenkins plugin that enables you to select the cleanup action to perform before your build checkout. There are four options to choose from: minimal (just undo), standard (undo and remove privates), full (undo, remove privates and remove ignored) and delete (removes the whole workspace directory).