Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16956

Require authentication for build triggers

    XMLWordPrintable

Details

    Description

      Various build steps (or other code run during builds) ought to be checking permissions. For example, you should only be able to trigger a downstream build if "you" would otherwise have permission to schedule that job manually. Similarly for accessing artifacts, running on secure slave nodes, and so on.

      Unfortunately in Jenkins currently all builds run in SYSTEM, i.e. effectively having all permissions, and it is up to each build step to do its own checks. Worse, there is no clear authentication to associate with the build. If it was started manually by a particular user, you could use that authentication, but other causes do not lead to a clear user name.

      There should be some (probably extensible) system of associating an Authentication with a given Run, either based on its Cause or something else such as the last User to configure the Job.

      Attachments

        Issue Links

          depends on

          New Feature - A new feature of the product, which has yet to be developed. JENKINS-18285 Executor should carry Authentication for better access control

          • Major - Major loss of function.
          • Resolved

          Task - A task that needs to be done. JENKINS-22949 QueueItemAuthenticator fallback behavior cleanup

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. JENKINS-22397 A Trigger should be able to be a DependencyDeclarer

          • Major - Major loss of function.
          • Resolved
          is blocking

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-13502 Editing any job removes inaccessible downstream jobs from all accessible jobs

          • Blocker - Blocks development and/or testing work, production could not run.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-14999 Copy Artifact plugin: Unable to find project for artifact copy when using a build parameter

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. JENKINS-13222 Allow job selection with fixed job names to contain variables without requiring job permissions for authenticated users

          • Major - Major loss of function.
          • Closed
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-19922 "Build after other projects are built" job trigger causes permission check errors in case of enabled security

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-22472 CommandDuringBuild not automatically authenticated

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-22821 NPE when triggering downstream job

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-23191 ReverseBuildTrigger.threshold not consistently saved

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-23686 Trigger "Build after other projects" does not work

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-25758 NPE when triggering downstream job (again)

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-14992 Can add "build other projects" trigger to a project we cannot otherwise configure

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              jglick Jesse Glick
              jglick Jesse Glick
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: