Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Oct 26 07:57
    AbhyudayaSharma commented #69
  • Oct 26 07:19

    dependabot-preview[bot] on maven

    (compare)

  • Oct 26 07:19
    dependabot-preview[bot] closed #144
  • Oct 26 07:19
    dependabot-preview[bot] commented #144
  • Oct 26 07:19
    dependabot-preview[bot] review_requested #147
  • Oct 26 07:19
    dependabot-preview[bot] review_requested #147
  • Oct 26 07:19
    dependabot-preview[bot] labeled #147
  • Oct 26 07:19
    dependabot-preview[bot] opened #147
  • Oct 26 07:19

    dependabot-preview[bot] on maven

    Bump configuration-as-code.vers… (compare)

  • Oct 26 06:33

    dependabot[bot] on maven

    (compare)

  • Oct 26 06:33
    dependabot[bot] closed #68
  • Oct 26 06:33
    dependabot[bot] commented #68
  • Oct 26 06:33
    dependabot[bot] review_requested #70
  • Oct 26 06:33
    dependabot[bot] review_requested #70
  • Oct 26 06:33
    dependabot[bot] labeled #70
  • Oct 26 06:33
    dependabot[bot] opened #70
  • Oct 26 06:33

    dependabot[bot] on maven

    Bump configuration-as-code.vers… (compare)

  • Oct 26 04:52
    AbhyudayaSharma labeled #69
  • Oct 26 04:52
    AbhyudayaSharma labeled #69
  • Oct 26 04:52
    AbhyudayaSharma labeled #69
Oleg Nenashev
@oleg-nenashev
Congrats with the release anyway!
Abhyudaya Sharma
@AbhyudayaSharma
Oh right. Will take care of that. Thanks!
zcooler
@zcooler
Greetings! Is anyone managed to work folder-auth-plugin and jenkins-swarm?
33 replies
allan-silverstein
@allan-silverstein
Hello. I’m currently using the Jenkins Folder-based Authorization plugin. It seems to work pretty well so far but one thing I can’t figure out is how to modify the permissions of a global role or folder role after it has been created. You can click on “View Permissions” and see the permissions that were set up initially, but how do you update/modify them if you want to make changes?? I have about 20 users assigned to a role and I need to update the permissions… I don’t want to have to delete the role and then recreate it with the updated permissions and then re-add all 20 users. There must be a way but I’m just missing it?? Thx
Abhyudaya Sharma
@AbhyudayaSharma
@allan-silverstein Hi. It is not currently possible to update permissions for a role from the UI. I'm working on a complete overhaul of the UI in jenkinsci/folder-auth-plugin#58 which should be ready soon. In the meanwhile, you can use Configuration as code plugin. Otherwise, you can edit $JENKINS_HOME/config.xml and reload the configuration from the UI.
Renato Marcandier
@rmarcandier
Hello guys, I have a quick question regarding this role-strategy-plugin
Does the plugin allow configuration through the Configuration as Code plugin? This will enable simple definition of role/permissions that can easily be kept in sync between environments.
Tim Jacomb
@timja
@rmarcandier read one message up
Renato Marcandier
@rmarcandier
@timja thank you, just another question: Do/Can the roles provide sufficient granularity in terms of access? Considering 3 levels of role, admin, builder, viewer. Where admin can do anything, the viewer can only view jobs, and builder can view and run jobs.
Tim Jacomb
@timja
yes it can do that
Renato Marcandier
@rmarcandier
great, thank you for all help
Abhyudaya Sharma
@AbhyudayaSharma
allan-silverstein
@allan-silverstein
Hello Abhyudaya, thx for the update. Editing the config.xml file is should work for now. Looking forward to the update. Thx
Tobias Meyer
@meyertobias1989_gitlab
Heyho, is there no plan to make the plugin case insensitive? I really like the Plugin but i do not like to add every User 3 or 4 times, because i cannot control how these Users login in Jenkins.
Abhyudaya Sharma
@AbhyudayaSharma
@meyertobias1989_gitlab Role Strategy or folder auth? For role strategy there is jenkinsci/role-strategy-plugin#43 but case insensitive username implementation there had a large performance penalty
Tobias Meyer
@meyertobias1989_gitlab

Hey again,
perhaps i am wrong but why don't do following:

1) for every folder permission, user is saved with toLowerCase() into config.xml
2) while getUserPermissions, check with currentUser.toLowerCase()

there should be not a big performance impact

there is no need of case insensitivity if everything is lowered :D
Gregory Paciga
@gpaciga

Is there any docs on how the permission set for a user is determined, if that user can also be in groups? I'm in a situation where I'm not getting the global roles assigned that I expected with a setup like this:

  • group-X assigned to global role-A and item role-B
  • user-Y assigned to global role-C
  • user-Y is also a member of group-X

expected: user-Y has permissions of all three roles A, B, and C
actual behaviour: user-Y does not have the permissions granted to role-C, only role A and B

Abhyudaya Sharma
@AbhyudayaSharma
@gpaciga You can check your permissions at https://$JENKINS_URL/whoAmI/
It could be that you made a typo
Gregory Paciga
@gpaciga
@AbhyudayaSharma that tells me my "authorities" (which groups I'm in) but not which roles I have; I don't see any evidence of a typo
Gregory Paciga
@gpaciga
(i.e. when signed in as user-Y, /whoAmI confirms I am in group-X, and the UI at /role-strategy/assign-roles confirms I should have role-C, but in practice I do not have any of the permissions assigned to roe-C)
Tobias Meyer
@meyertobias1989_gitlab

Hey again,
perhaps i am wrong but why don't do following:

1) for every folder permission, user is saved with toLowerCase() into config.xml
2) while getUserPermissions, check with currentUser.toLowerCase()

there should be not a big performance impact

any comment on that?

Gregory Paciga
@gpaciga

Is there any docs on how the permission set for a user is determined, if that user can also be in groups? I'm in a situation where I'm not getting the global roles assigned that I expected with a setup like this:

  • group-X assigned to global role-A and item role-B
  • user-Y assigned to global role-C
  • user-Y is also a member of group-X

expected: user-Y has permissions of all three roles A, B, and C
actual behaviour: user-Y does not have the permissions granted to role-C, only role A and B

FWIW, the issue seemed to be related to case sensitivity when using LDAP. If I specify "USER-Y" gets global role-C instead of "user-y", it worked as expected.

Abhyudaya Sharma
@AbhyudayaSharma
@meyertobias1989_gitlab if I remember correctly, the case sensitive behaviour should be consistent with that of the security realm and that we don't have a listener for the security realm changes. Also, we would need to invalidate all caches that the plugin uses.
Torsten Kleiber
@tkleiber
Is there a way to report the user assigned roles and the role configuration to a file?
Abhyudaya Sharma
@AbhyudayaSharma
@tkleiber the configuration is persisted in config.xml
If you want it in YAML, use Configuration as Code Plugin.
Torsten Kleiber
@tkleiber
@AbhyudayaSharma Is there no access over the script console? I need this for our auditors, so have to quickly create a formatted report.
Torsten Kleiber
@tkleiber
If I change the role assignments, do I have to restart Jenkins realy everytime? Or can I enforce this withourt restart?
satya67
@satya67
Hi All , Is there a script to get all the groups who have access on a particular folder ( Just like it shows in the Item roles I want to get all the groups that have access to a folder)
Gleb
@NudeNULL
image.png

Hello

I uninstalled the plugin and I am getting this error when I start the Jenkins

Please help me fix this, we can't use Jenkins at this moment because of it.

Abhyudaya Sharma
@AbhyudayaSharma
@NudeNULL You deleted the plugin but did not remove configuration from config.xml in JENKINS_HOME
You can edit the file and change the authorizationStrategy. Or you install the plugin, change to another authorization strategy and then you can safely delete the plugin
@satya67 Which plugin? You can use the plugin API to get the configuration and calculate the roles.
@tkleiber the script console requires admin permission if I recall correctly.
@tkleiber If you change the configuration, you can perform the 'Reload Jenkins configuration' action
Steve Jensen
@stevejensen22
@AbhyudayaSharma I've been using your Folder Authorization Strategy plugin at our company for a while now and it has solved our authorization needs wonderfully! Thanks for the work you have done/are doing. Here's my current project: I'm trying to write a slackbot that can run Jenkins builds. I want the slackbot to only perform operations that the user interacting with the slackbot is allowed to perform. Is there a way to determine by username if a user is allowed to run a build? I see your API is primarily for adding/assigning/deleting roles. Is there a plan to add an endpoint to determine what roles a user has assigned to it? Or is there another way to solve this? Thanks in advance!
2 replies
This message was deleted
This message was deleted
G.M. Abdullah-Al-Mamun
@awsdevopro

Hi there,

Is there any way to manage folder/jobs using Role Strategy Plugin? I tried with "Folders can be matched using expressions like ^foo/bar.*". Still it's not working. Helpful directions will be appreciated

If I use "^ENV_STAGE(/.*)?", it shows all the jobs in the folder.
which is expected, but if I use "^ENV_STAGE(/.)?/project-." not working too
G.M. Abdullah-Al-Mamun
@awsdevopro
Anyone around?
based2
@based2
try .ENV_STAGE.
try .*ENV_STAGE.*
^ENV_STAGE.*
Semih Şenvardar
@senvardarsemih
image.png
hi there, does anybody have an idea why i can't see project roles section ?
1 reply