[JENKINS-21390] [Inheritance Plugin] - Not able to build using build button when creating a job by using Inheritance Project together with ownership + project role configuration - Jenkins Jira

Type: Bug
Resolution: Unresolved
Priority: Blocker
Component/s: project-inheritance-plugin
Labels:
- job
- plugins
- security
- stacktrace
Environment:
Platforms: Linux-64
Security Realm: LDAP
Authorization: Role-Based Strategy,
Plugin: Project-Inheritance, Ownership, Role Strategy
Browser: firefox

Similar Issues:
Powered by SuggestiMate

Show

I plan to manage and assign roles as below attachments (ManageRole.png, AssignRole.png).
For Global role, Admin is "siclee" and project role has been assigned based on project owner (using ownership plugin).

The problem is I can delete, configure, cancel JOB "A" (using Inheritance Project) but not able to run/build it under swbuild user (keep prompt me "Access Denied: swbuild is missing the Job/Build permission").
Note: Only have this issue when I using Inheritance method to create a job.

Any ideas for this issue? Is configuration or plugin issue?
Your advices needed.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

AccessDeniedError.png
16 kB
2016-05-16 11:46
AssignRoles.png
18 kB
2014-01-15 13:26
JobA.png
46 kB
2014-01-15 13:26
ManageRoles.png
31 kB
2014-01-15 13:26

is related to

JENKINS-21021 StackOverflowError while switching versions

Open

Alex Ouzounis added a comment - 2014-08-03 14:11 - edited

Hi Martin,

Some good news.
I noticed your recent changes and I pulled them to my fork ( https://github.com/alexouzounis/jenkins-inheritance-plugin ) which in turn is a fork of https://github.com/afitz/jenkins-inheritance-plugin because I need the changes for the SCM trigger etc.
As a quick Sunday project I pulled your changes from https://github.com/i-m-c/jenkins-inheritance-plugin and apart from a few conflicts in the InheritanceGovernor the merge went fine.
Rebooted Jenkins and it seems that now the Role Strategy plugins works as expected. Creating a role for some inheritance projects to have build rights works now as expected.

As far as I am concerned the issue is now resolved from your latest changes and the ticket can be closed.

It would be nice though for you to merge the changes from https://github.com/afitz/jenkins-inheritance-plugin ( I think there is a pull request from him already ) so that we can stop maintaining our own forks.

Thanks,

Alex

======

UPATE: see comment below, still it does not work

Alex Ouzounis added a comment - 2014-08-03 14:11 - edited Hi Martin, Some good news. I noticed your recent changes and I pulled them to my fork ( https://github.com/alexouzounis/jenkins-inheritance-plugin ) which in turn is a fork of https://github.com/afitz/jenkins-inheritance-plugin because I need the changes for the SCM trigger etc. As a quick Sunday project I pulled your changes from https://github.com/i-m-c/jenkins-inheritance-plugin and apart from a few conflicts in the InheritanceGovernor the merge went fine. Rebooted Jenkins and it seems that now the Role Strategy plugins works as expected. Creating a role for some inheritance projects to have build rights works now as expected. As far as I am concerned the issue is now resolved from your latest changes and the ticket can be closed. It would be nice though for you to merge the changes from https://github.com/afitz/jenkins-inheritance-plugin ( I think there is a pull request from him already ) so that we can stop maintaining our own forks. Thanks, Alex ====== UPATE: see comment below, still it does not work

Alex Ouzounis added a comment - 2014-08-03 14:16 - edited

please ignore the above comment..

unfortunately I spoke too soon.. I just had a misconfiguration in the role strategies.. Well it was worth the try anyway..
All I get is:

INFO: While serving http://JENKINS_HOME/job/JOB_TO_BUILD/build: hudson.security.AccessDeniedException2: USER is missing the Job/Build permission

no exception or anything which is rather confusing

Alex Ouzounis added a comment - 2014-08-03 14:16 - edited please ignore the above comment.. unfortunately I spoke too soon.. I just had a misconfiguration in the role strategies.. Well it was worth the try anyway.. All I get is: INFO: While serving http://JENKINS_HOME/job/JOB_TO_BUILD/build: hudson.security.AccessDeniedException2: USER is missing the Job/Build permission no exception or anything which is rather confusing

Alex Ouzounis added a comment - 2014-08-03 15:24 - edited

found the bug and fixed it in my fork. The problem was in the doBuild method of the InheritanceProject where you call the ACL to see if the user has permissions to build. Problem was you were not using the super method checkPermission from the AbstractItem but implementing it your self.

here is my commit: https://github.com/alexouzounis/jenkins-inheritance-plugin/commit/05263af27577387f8c4b014a60a11ec94a0a81ef

As you can see, what was currently happening is:

ACL acl = Jenkins.getInstance().getACL();
acl.checkPermission(BUILD);

whereas the super.checkPermission does:

Jenkins.getInstance().getAuthorizationStrategy().getACL(this).checkPermission(BUILD);

The difference is that before the ROOT ACL was used (i.e. the global config) whereas now it also takes into account permissions available specifically for that project.

Feel free to merge back.

Alex

Alex Ouzounis added a comment - 2014-08-03 15:24 - edited found the bug and fixed it in my fork. The problem was in the doBuild method of the InheritanceProject where you call the ACL to see if the user has permissions to build. Problem was you were not using the super method checkPermission from the AbstractItem but implementing it your self. here is my commit: https://github.com/alexouzounis/jenkins-inheritance-plugin/commit/05263af27577387f8c4b014a60a11ec94a0a81ef As you can see, what was currently happening is: ACL acl = Jenkins.getInstance().getACL(); acl.checkPermission(BUILD); whereas the super.checkPermission does: Jenkins.getInstance().getAuthorizationStrategy().getACL(this).checkPermission(BUILD); The difference is that before the ROOT ACL was used (i.e. the global config) whereas now it also takes into account permissions available specifically for that project. Feel free to merge back. Alex

Helmut Schaa added a comment - 2015-08-04 14:35

I've just ran into the same issue where the inheritance plugin in conjunction with the project based matrix authorization plugin causes a stack overflow due to an infinite recursion.

The fix mentioned by Alex in the previous commit does however not fix the problem.

Here's part of the strack trace. I've cut it since it's repeating anyway.

java.lang.StackOverflowError
        at hudson.model.ParameterDefinition.<init>(ParameterDefinition.java:111)
        at hudson.model.SimpleParameterDefinition.<init>(SimpleParameterDefinition.java:19)
        at hudson.model.ChoiceParameterDefinition.<init>(ChoiceParameterDefinition.java:44)
        at hudson.model.ChoiceParameterDefinition.copyWithDefaultValue(ChoiceParameterDefinition.java:53)
        at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.copyAndSortParametersByName(InheritanceParametersDefinitionProperty.java:212)
        at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.<init>(InheritanceParametersDefinitionProperty.java:181)
        at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.createMerged(InheritanceParametersDefinitionProperty.java:245)
        at hudson.plugins.project_inheritance.projects.inheritance.ParameterSelector.merge(ParameterSelector.java:71)
        at hudson.plugins.project_inheritance.projects.inheritance.ParameterSelector.merge(ParameterSelector.java:29)
        at hudson.plugins.project_inheritance.projects.inheritance.InheritanceSelector.applyAgainstList(InheritanceSelector.java:264)
        at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.reduceByMergeWithDuplicates(InheritanceGovernor.java:324)
        at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.reduceByMerge(InheritanceGovernor.java:343)
        at hudson.plugins.project_inheritance.projects.InheritanceProject$9.reduceFromFullInheritance(InheritanceProject.java:3062)
        at hudson.plugins.project_inheritance.projects.InheritanceProject$9.reduceFromFullInheritance(InheritanceProject.java:3038)
        at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.retrieveFullyDerivedField(InheritanceGovernor.java:204)
        at hudson.plugins.project_inheritance.projects.InheritanceProject.getAllProperties(InheritanceProject.java:3068)
        at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:3202)
        at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:3194)
        at hudson.security.ProjectMatrixAuthorizationStrategy.getACL(ProjectMatrixAuthorizationStrategy.java:54)
        at hudson.model.Job.getACL(Job.java:1482)
        at hudson.model.AbstractItem.hasPermission(AbstractItem.java:505)
        at jenkins.model.Jenkins.getItem(Jenkins.java:2344)
        at hudson.plugins.project_inheritance.projects.InheritanceProject.getProjectByName(InheritanceProject.java:521)
        at hudson.plugins.project_inheritance.projects.references.AbstractProjectReference.reloadProjectObject(AbstractProjectReference.java:90)
        at hudson.plugins.project_inheritance.projects.references.AbstractProjectReference.<init>(AbstractProjectReference.java:71)
        at hudson.plugins.project_inheritance.projects.references.SimpleProjectReference.<init>(SimpleProjectReference.java:43)
        at hudson.plugins.project_inheritance.projects.InheritanceProject.getAllParentReferences(InheritanceProject.java:2599)
        at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.getAllScopedParameterDefinitions(InheritanceParametersDefinitionProperty.java:551)
        at hudson.plugins.project_inheritance.projects.parameters.InheritableStringParameterReferenceDefinition.getParent(InheritableStringParameterReferenceDefinition.java:80)
        at hudson.plugins.project_inheritance.projects.parameters.InheritableStringParameterReferenceDefinition.getDescription(InheritableStringParameterReferenceDefinition.java:168)
        at hudson.model.StringParameterDefinition.getDefaultParameterValue(StringParameterDefinition.java:68)
        at hudson.plugins.project_inheritance.projects.parameters.InheritableStringParameterDefinition.getDefaultParameterValue(InheritableStringParameterDefinition.java:641)
        at hudson.plugins.project_inheritance.projects.parameters.InheritableStringParameterDefinition.getDefaultParameterValue(InheritableStringParameterDefinition.java:56)
        at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.copyAndSortParametersByName(InheritanceParametersDefinitionProperty.java:212)
        at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.<init>(InheritanceParametersDefinitionProperty.java:181)
        at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.createMerged(InheritanceParametersDefinitionProperty.java:245)
        at hudson.plugins.project_inheritance.projects.inheritance.ParameterSelector.merge(ParameterSelector.java:71)
        at hudson.plugins.project_inheritance.projects.inheritance.ParameterSelector.merge(ParameterSelector.java:29)
        at hudson.plugins.project_inheritance.projects.inheritance.InheritanceSelector.applyAgainstList(InheritanceSelector.java:264)
        at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.reduceByMergeWithDuplicates(InheritanceGovernor.java:324)
        at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.reduceByMerge(InheritanceGovernor.java:343)
        at hudson.plugins.project_inheritance.projects.InheritanceProject$9.reduceFromFullInheritance(InheritanceProject.java:3062)
        at hudson.plugins.project_inheritance.projects.InheritanceProject$9.reduceFromFullInheritance(InheritanceProject.java:3038)
        at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.retrieveFullyDerivedField(InheritanceGovernor.java:204)
        at hudson.plugins.project_inheritance.projects.InheritanceProject.getAllProperties(InheritanceProject.java:3068)
        at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:3202)
        at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:3194)
        at hudson.security.ProjectMatrixAuthorizationStrategy.getACL(ProjectMatrixAuthorizationStrategy.java:54)
        at hudson.model.Job.getACL(Job.java:1482)
        at hudson.model.AbstractItem.hasPermission(AbstractItem.java:505)
        at jenkins.model.Jenkins.getItem(Jenkins.java:2344)

Helmut Schaa added a comment - 2015-08-04 14:35 I've just ran into the same issue where the inheritance plugin in conjunction with the project based matrix authorization plugin causes a stack overflow due to an infinite recursion. The fix mentioned by Alex in the previous commit does however not fix the problem. Here's part of the strack trace. I've cut it since it's repeating anyway. java.lang.StackOverflowError at hudson.model.ParameterDefinition.<init>(ParameterDefinition.java:111) at hudson.model.SimpleParameterDefinition.<init>(SimpleParameterDefinition.java:19) at hudson.model.ChoiceParameterDefinition.<init>(ChoiceParameterDefinition.java:44) at hudson.model.ChoiceParameterDefinition.copyWithDefaultValue(ChoiceParameterDefinition.java:53) at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.copyAndSortParametersByName(InheritanceParametersDefinitionProperty.java:212) at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.<init>(InheritanceParametersDefinitionProperty.java:181) at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.createMerged(InheritanceParametersDefinitionProperty.java:245) at hudson.plugins.project_inheritance.projects.inheritance.ParameterSelector.merge(ParameterSelector.java:71) at hudson.plugins.project_inheritance.projects.inheritance.ParameterSelector.merge(ParameterSelector.java:29) at hudson.plugins.project_inheritance.projects.inheritance.InheritanceSelector.applyAgainstList(InheritanceSelector.java:264) at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.reduceByMergeWithDuplicates(InheritanceGovernor.java:324) at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.reduceByMerge(InheritanceGovernor.java:343) at hudson.plugins.project_inheritance.projects.InheritanceProject$9.reduceFromFullInheritance(InheritanceProject.java:3062) at hudson.plugins.project_inheritance.projects.InheritanceProject$9.reduceFromFullInheritance(InheritanceProject.java:3038) at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.retrieveFullyDerivedField(InheritanceGovernor.java:204) at hudson.plugins.project_inheritance.projects.InheritanceProject.getAllProperties(InheritanceProject.java:3068) at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:3202) at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:3194) at hudson.security.ProjectMatrixAuthorizationStrategy.getACL(ProjectMatrixAuthorizationStrategy.java:54) at hudson.model.Job.getACL(Job.java:1482) at hudson.model.AbstractItem.hasPermission(AbstractItem.java:505) at jenkins.model.Jenkins.getItem(Jenkins.java:2344) at hudson.plugins.project_inheritance.projects.InheritanceProject.getProjectByName(InheritanceProject.java:521) at hudson.plugins.project_inheritance.projects.references.AbstractProjectReference.reloadProjectObject(AbstractProjectReference.java:90) at hudson.plugins.project_inheritance.projects.references.AbstractProjectReference.<init>(AbstractProjectReference.java:71) at hudson.plugins.project_inheritance.projects.references.SimpleProjectReference.<init>(SimpleProjectReference.java:43) at hudson.plugins.project_inheritance.projects.InheritanceProject.getAllParentReferences(InheritanceProject.java:2599) at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.getAllScopedParameterDefinitions(InheritanceParametersDefinitionProperty.java:551) at hudson.plugins.project_inheritance.projects.parameters.InheritableStringParameterReferenceDefinition.getParent(InheritableStringParameterReferenceDefinition.java:80) at hudson.plugins.project_inheritance.projects.parameters.InheritableStringParameterReferenceDefinition.getDescription(InheritableStringParameterReferenceDefinition.java:168) at hudson.model.StringParameterDefinition.getDefaultParameterValue(StringParameterDefinition.java:68) at hudson.plugins.project_inheritance.projects.parameters.InheritableStringParameterDefinition.getDefaultParameterValue(InheritableStringParameterDefinition.java:641) at hudson.plugins.project_inheritance.projects.parameters.InheritableStringParameterDefinition.getDefaultParameterValue(InheritableStringParameterDefinition.java:56) at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.copyAndSortParametersByName(InheritanceParametersDefinitionProperty.java:212) at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.<init>(InheritanceParametersDefinitionProperty.java:181) at hudson.plugins.project_inheritance.projects.parameters.InheritanceParametersDefinitionProperty.createMerged(InheritanceParametersDefinitionProperty.java:245) at hudson.plugins.project_inheritance.projects.inheritance.ParameterSelector.merge(ParameterSelector.java:71) at hudson.plugins.project_inheritance.projects.inheritance.ParameterSelector.merge(ParameterSelector.java:29) at hudson.plugins.project_inheritance.projects.inheritance.InheritanceSelector.applyAgainstList(InheritanceSelector.java:264) at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.reduceByMergeWithDuplicates(InheritanceGovernor.java:324) at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.reduceByMerge(InheritanceGovernor.java:343) at hudson.plugins.project_inheritance.projects.InheritanceProject$9.reduceFromFullInheritance(InheritanceProject.java:3062) at hudson.plugins.project_inheritance.projects.InheritanceProject$9.reduceFromFullInheritance(InheritanceProject.java:3038) at hudson.plugins.project_inheritance.projects.inheritance.InheritanceGovernor.retrieveFullyDerivedField(InheritanceGovernor.java:204) at hudson.plugins.project_inheritance.projects.InheritanceProject.getAllProperties(InheritanceProject.java:3068) at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:3202) at hudson.plugins.project_inheritance.projects.InheritanceProject.getProperty(InheritanceProject.java:3194) at hudson.security.ProjectMatrixAuthorizationStrategy.getACL(ProjectMatrixAuthorizationStrategy.java:54) at hudson.model.Job.getACL(Job.java:1482) at hudson.model.AbstractItem.hasPermission(AbstractItem.java:505) at jenkins.model.Jenkins.getItem(Jenkins.java:2344)

Abhishek Joshi added a comment - 2016-05-16 11:47

I am also facing the same issue, with Inheritance and Role strategy plug-in; I have project roles for some specific jobs and everything works fine except Build, when you try to build the job( Build with parameters link is displayed correctly) it shows Access Denied error -

Has anyone tried the fix provided by Alex Ouzounis?

Abhishek Joshi added a comment - 2016-05-16 11:47 I am also facing the same issue, with Inheritance and Role strategy plug-in; I have project roles for some specific jobs and everything works fine except Build, when you try to build the job( Build with parameters link is displayed correctly) it shows Access Denied error - Has anyone tried the fix provided by Alex Ouzounis?

Suvir Pavin added a comment - 2017-09-12 03:38

We are also having similar issue. Can this be fixed ASAP? We have to give user's Global Permission as a workaround which is not good. Please fix this ASAP.

Suvir Pavin added a comment - 2017-09-12 03:38 We are also having similar issue. Can this be fixed ASAP? We have to give user's Global Permission as a workaround which is not good. Please fix this ASAP.

Oleg Nenashev added a comment - 2017-09-12 06:32

suvir_pavin feel free to contribute.

Oleg Nenashev added a comment - 2017-09-12 06:32 suvir_pavin feel free to contribute.

Suvir Pavin added a comment - 2017-10-27 12:29

oleg_nenashev I tested change done by alex_ouzounis https://github.com/alexouzounis/jenkins-inheritance-plugin/commit/05263af27577387f8c4b014a60a11ec94a0a81ef

This seems to be working, can we include this as part of next release

Suvir Pavin added a comment - 2017-10-27 12:29 oleg_nenashev I tested change done by alex_ouzounis https://github.com/alexouzounis/jenkins-inheritance-plugin/commit/05263af27577387f8c4b014a60a11ec94a0a81ef This seems to be working, can we include this as part of next release

Oleg Nenashev added a comment - 2017-10-27 14:35

suvir_pavin I am not a maintainer of the Inheritance Project plugin, so I cannot help much. Currently the plugin is being hosted outside the jenkinsci organization on GitHub, and I am not sure that mhschroe is reachable. I would recommend reaching out to the maintainer somehow.

Oleg Nenashev added a comment - 2017-10-27 14:35 suvir_pavin I am not a maintainer of the Inheritance Project plugin, so I cannot help much. Currently the plugin is being hosted outside the jenkinsci organization on GitHub, and I am not sure that mhschroe is reachable. I would recommend reaching out to the maintainer somehow.

Suvir Pavin added a comment - 2017-10-28 07:28

Thanks oleg_nenashev for the info.

mhschroe can you please include the fix as part of next release?

Suvir Pavin added a comment - 2017-10-28 07:28 Thanks oleg_nenashev for the info. mhschroe can you please include the fix as part of next release?

Assignee:: Martin Schröder

Reporter:: Siang Choon Lee

Votes:: 8 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2014-01-15 13:26

Updated:: 2017-10-28 07:28

Details

Description

Attachments

Attachments

Issue Links

Activity

[JENKINS-21390] [Inheritance Plugin] - Not able to build using build button when creating a job by using Inheritance Project together with ownership + project role configuration

Collapse comment: Alex Ouzounis added a comment - 2014-08-03 14:11, Edited by Alex Ouzounis - 2014-08-03 14:16

Expand comment: Alex Ouzounis added a comment - 2014-08-03 14:11, Edited by Alex Ouzounis - 2014-08-03 14:16

Collapse comment: Alex Ouzounis added a comment - 2014-08-03 14:16, Edited by Alex Ouzounis - 2014-08-03 14:25

Expand comment: Alex Ouzounis added a comment - 2014-08-03 14:16, Edited by Alex Ouzounis - 2014-08-03 14:25

Collapse comment: Alex Ouzounis added a comment - 2014-08-03 15:24, Edited by Alex Ouzounis - 2014-08-03 15:25

Expand comment: Alex Ouzounis added a comment - 2014-08-03 15:24, Edited by Alex Ouzounis - 2014-08-03 15:25

Collapse comment: Helmut Schaa added a comment - 2015-08-04 14:35

Expand comment: Helmut Schaa added a comment - 2015-08-04 14:35

Collapse comment: Abhishek Joshi added a comment - 2016-05-16 11:47

Expand comment: Abhishek Joshi added a comment - 2016-05-16 11:47

Collapse comment: Suvir Pavin added a comment - 2017-09-12 03:38

Expand comment: Suvir Pavin added a comment - 2017-09-12 03:38

Collapse comment: Oleg Nenashev added a comment - 2017-09-12 06:32

Expand comment: Oleg Nenashev added a comment - 2017-09-12 06:32

Collapse comment: Suvir Pavin added a comment - 2017-10-27 12:29

Expand comment: Suvir Pavin added a comment - 2017-10-27 12:29

Collapse comment: Oleg Nenashev added a comment - 2017-10-27 14:35

Expand comment: Oleg Nenashev added a comment - 2017-10-27 14:35

Collapse comment: Suvir Pavin added a comment - 2017-10-28 07:28

Expand comment: Suvir Pavin added a comment - 2017-10-28 07:28

People

Dates