Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-18485

Use fine-grained permissions for node manipulation via REST API & CLI

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Major Major
    • cli, core

      Reading and updating configuration via $JENKINS/computer/$NODE/config.xml requires Jenkins.ADMINISTER permission. Dedicated permissions should be used instead.

          [JENKINS-18485] Use fine-grained permissions for node manipulation via REST API & CLI

          Oliver Gondža added a comment - Pull request: https://github.com/jenkinsci/jenkins/pull/855

          Code changed in jenkins
          User: Oliver Gondža
          Path:
          core/src/main/java/hudson/cli/CreateNodeCommand.java
          core/src/main/java/hudson/cli/GetNodeCommand.java
          core/src/main/java/hudson/model/Computer.java
          core/src/main/resources/hudson/model/Messages.properties
          test/src/test/java/hudson/cli/CreateNodeCommandTest.java
          test/src/test/java/hudson/cli/GetNodeCommandTest.java
          test/src/test/java/hudson/cli/UpdateNodeCommandTest.java
          test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java
          test/src/test/resources/hudson/cli/node.xml
          test/src/test/resources/hudson/model/node.xml
          http://jenkins-ci.org/commit/jenkins/3e45ce9a2c72ed5119f5810168e8e16afd27c7bd
          Log:
          [FIXED JENKINS-18485] Use correct node permissions in remote API

          From now on user needs:
          Computer.CREATE to use 'create-node' CLI command
          Computer.DELETE to use 'delete-node' CLI command
          Computer.CONFIGURE to use 'update-node' CLI command and its REST alternative
          Computer.READ to use 'get-node' CLI command and its REST alternative

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oliver Gondža Path: core/src/main/java/hudson/cli/CreateNodeCommand.java core/src/main/java/hudson/cli/GetNodeCommand.java core/src/main/java/hudson/model/Computer.java core/src/main/resources/hudson/model/Messages.properties test/src/test/java/hudson/cli/CreateNodeCommandTest.java test/src/test/java/hudson/cli/GetNodeCommandTest.java test/src/test/java/hudson/cli/UpdateNodeCommandTest.java test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java test/src/test/resources/hudson/cli/node.xml test/src/test/resources/hudson/model/node.xml http://jenkins-ci.org/commit/jenkins/3e45ce9a2c72ed5119f5810168e8e16afd27c7bd Log: [FIXED JENKINS-18485] Use correct node permissions in remote API From now on user needs: Computer.CREATE to use 'create-node' CLI command Computer.DELETE to use 'delete-node' CLI command Computer.CONFIGURE to use 'update-node' CLI command and its REST alternative Computer.READ to use 'get-node' CLI command and its REST alternative

          Code changed in jenkins
          User: Oliver Gondža
          Path:
          core/src/main/java/hudson/cli/GetNodeCommand.java
          core/src/main/java/hudson/model/Computer.java
          core/src/main/resources/hudson/model/Messages.properties
          test/src/test/java/hudson/cli/GetNodeCommandTest.java
          test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java
          http://jenkins-ci.org/commit/jenkins/5db147e85802c75bac19320383dcaeed88bc77ba
          Log:
          [FIXED JENKINS-18485] Introduce Computer.EXTENDED_READ permission

          From now on user needs:
          Computer.CREATE to use 'create-node' CLI command
          Computer.DELETE to use 'delete-node' CLI command
          Computer.CONFIGURE to use 'update-node' CLI command and its REST alternative
          Computer.EXTENDED_READ to use 'get-node' CLI command and its REST alternative

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oliver Gondža Path: core/src/main/java/hudson/cli/GetNodeCommand.java core/src/main/java/hudson/model/Computer.java core/src/main/resources/hudson/model/Messages.properties test/src/test/java/hudson/cli/GetNodeCommandTest.java test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java http://jenkins-ci.org/commit/jenkins/5db147e85802c75bac19320383dcaeed88bc77ba Log: [FIXED JENKINS-18485] Introduce Computer.EXTENDED_READ permission From now on user needs: Computer.CREATE to use 'create-node' CLI command Computer.DELETE to use 'delete-node' CLI command Computer.CONFIGURE to use 'update-node' CLI command and its REST alternative Computer.EXTENDED_READ to use 'get-node' CLI command and its REST alternative

          Code changed in jenkins
          User: Oliver Gondža
          Path:
          core/src/main/java/hudson/model/Computer.java
          test/src/main/java/hudson/cli/CLICommandInvoker.java
          test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java
          http://jenkins-ci.org/commit/jenkins/83d5ac10a5b97162d201ad01d79c8811f32a3049
          Log:
          JENKINS-18485 Enable Computer.EXTENDED_READ permission using "hudson.security.ExtendedReadPermission".

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oliver Gondža Path: core/src/main/java/hudson/model/Computer.java test/src/main/java/hudson/cli/CLICommandInvoker.java test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java http://jenkins-ci.org/commit/jenkins/83d5ac10a5b97162d201ad01d79c8811f32a3049 Log: JENKINS-18485 Enable Computer.EXTENDED_READ permission using "hudson.security.ExtendedReadPermission".

          dogfood added a comment -

          Integrated in jenkins_main_trunk #2876
          [FIXED JENKINS-18485] Use correct node permissions in remote API (Revision 3e45ce9a2c72ed5119f5810168e8e16afd27c7bd)
          [FIXED JENKINS-18485] Introduce Computer.EXTENDED_READ permission (Revision 5db147e85802c75bac19320383dcaeed88bc77ba)
          JENKINS-18485 Enable Computer.EXTENDED_READ permission using "hudson.security.ExtendedReadPermission". (Revision 83d5ac10a5b97162d201ad01d79c8811f32a3049)

          Result = SUCCESS
          ogondza : 3e45ce9a2c72ed5119f5810168e8e16afd27c7bd
          Files :

          • test/src/test/java/hudson/cli/UpdateNodeCommandTest.java
          • test/src/test/resources/hudson/cli/node.xml
          • test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java
          • test/src/test/java/hudson/cli/GetNodeCommandTest.java
          • test/src/test/resources/hudson/model/node.xml
          • core/src/main/java/hudson/cli/GetNodeCommand.java
          • core/src/main/resources/hudson/model/Messages.properties
          • test/src/test/java/hudson/cli/CreateNodeCommandTest.java
          • core/src/main/java/hudson/model/Computer.java
          • core/src/main/java/hudson/cli/CreateNodeCommand.java

          ogondza : 5db147e85802c75bac19320383dcaeed88bc77ba
          Files :

          • test/src/test/java/hudson/cli/GetNodeCommandTest.java
          • core/src/main/resources/hudson/model/Messages.properties
          • core/src/main/java/hudson/model/Computer.java
          • test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java
          • core/src/main/java/hudson/cli/GetNodeCommand.java

          ogondza : 83d5ac10a5b97162d201ad01d79c8811f32a3049
          Files :

          • core/src/main/java/hudson/model/Computer.java
          • test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java
          • test/src/main/java/hudson/cli/CLICommandInvoker.java

          dogfood added a comment - Integrated in jenkins_main_trunk #2876 [FIXED JENKINS-18485] Use correct node permissions in remote API (Revision 3e45ce9a2c72ed5119f5810168e8e16afd27c7bd) [FIXED JENKINS-18485] Introduce Computer.EXTENDED_READ permission (Revision 5db147e85802c75bac19320383dcaeed88bc77ba) JENKINS-18485 Enable Computer.EXTENDED_READ permission using "hudson.security.ExtendedReadPermission". (Revision 83d5ac10a5b97162d201ad01d79c8811f32a3049) Result = SUCCESS ogondza : 3e45ce9a2c72ed5119f5810168e8e16afd27c7bd Files : test/src/test/java/hudson/cli/UpdateNodeCommandTest.java test/src/test/resources/hudson/cli/node.xml test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java test/src/test/java/hudson/cli/GetNodeCommandTest.java test/src/test/resources/hudson/model/node.xml core/src/main/java/hudson/cli/GetNodeCommand.java core/src/main/resources/hudson/model/Messages.properties test/src/test/java/hudson/cli/CreateNodeCommandTest.java core/src/main/java/hudson/model/Computer.java core/src/main/java/hudson/cli/CreateNodeCommand.java ogondza : 5db147e85802c75bac19320383dcaeed88bc77ba Files : test/src/test/java/hudson/cli/GetNodeCommandTest.java core/src/main/resources/hudson/model/Messages.properties core/src/main/java/hudson/model/Computer.java test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java core/src/main/java/hudson/cli/GetNodeCommand.java ogondza : 83d5ac10a5b97162d201ad01d79c8811f32a3049 Files : core/src/main/java/hudson/model/Computer.java test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java test/src/main/java/hudson/cli/CLICommandInvoker.java

          Code changed in jenkins
          User: Oliver Gondža
          Path:
          test/src/main/java/hudson/cli/CLICommandInvoker.java
          http://jenkins-ci.org/commit/jenkins-test-harness/265a98a99dfcefd8f40d66205ab3b988229f87ae
          Log:
          JENKINS-18485 Enable Computer.EXTENDED_READ permission using "hudson.security.ExtendedReadPermission".

          Originally-Committed-As: 83d5ac10a5b97162d201ad01d79c8811f32a3049

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oliver Gondža Path: test/src/main/java/hudson/cli/CLICommandInvoker.java http://jenkins-ci.org/commit/jenkins-test-harness/265a98a99dfcefd8f40d66205ab3b988229f87ae Log: JENKINS-18485 Enable Computer.EXTENDED_READ permission using "hudson.security.ExtendedReadPermission". Originally-Committed-As: 83d5ac10a5b97162d201ad01d79c8811f32a3049

            olivergondza Oliver Gondža
            olivergondza Oliver Gondža
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: