Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-30574

Support global default authorization strategy in Authorize Project

      Due to security reasons, sometimes Jenkins admins may want to completely restrict running jobs as a system/anonymous and setup custom security limitations. In such case it would be useful to add the following features:

      • Global default strategy (if no one configured at the project level)
      • Enforced global strategy, which prevents setting other strategies on the project level

          [JENKINS-30574] Support global default authorization strategy in Authorize Project

          jglick FYI the authorize project plugin currently assumes a strategy returning null will get run as SYSTEM:

          https://github.com/jenkinsci/authorize-project-plugin/blob/master/src/test/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticatorTest.java#L145

          (of course that is incorrect, returning null means fall through to the next strategy... and if you fall off the end of all strategies then you default to SYSTEM modulo JENKINS-22949 because of backwards compatability)

          Stephen Connolly added a comment - jglick FYI the authorize project plugin currently assumes a strategy returning null will get run as SYSTEM: https://github.com/jenkinsci/authorize-project-plugin/blob/master/src/test/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticatorTest.java#L145 (of course that is incorrect, returning null means fall through to the next strategy... and if you fall off the end of all strategies then you default to SYSTEM modulo JENKINS-22949 because of backwards compatability)

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator.java
          src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/config.jelly
          src/main/resources/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator/config.jelly
          src/main/resources/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator/help.html
          src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages.properties
          src/main/resources/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator/config.jelly
          src/main/resources/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator/help.html
          src/main/resources/org/jenkinsci/plugins/authorizeproject/form/dropdownDescriptorSelector.jelly
          src/main/resources/org/jenkinsci/plugins/authorizeproject/form/taglib
          src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java
          http://jenkins-ci.org/commit/authorize-project-plugin/20d2ba35fa7aebd062987a7e9c3070d597c1a4c6
          Log:
          [FIXED JENKINS-30574] Support global default authorization strategy in Authorize Project

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator.java src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/config.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator/config.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator/help.html src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages.properties src/main/resources/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator/config.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator/help.html src/main/resources/org/jenkinsci/plugins/authorizeproject/form/dropdownDescriptorSelector.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/form/taglib src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java http://jenkins-ci.org/commit/authorize-project-plugin/20d2ba35fa7aebd062987a7e9c3070d597c1a4c6 Log: [FIXED JENKINS-30574] Support global default authorization strategy in Authorize Project

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/resources/org/jenkinsci/plugins/authorizeproject/form/dropdownDescriptorSelector.jelly
          http://jenkins-ci.org/commit/authorize-project-plugin/1999e626b2ece4f7169b9c05552a1afd98cf3366
          Log:
          JENKINS-30574 Note tag unneeded after Jenkins 1.645+

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/resources/org/jenkinsci/plugins/authorizeproject/form/dropdownDescriptorSelector.jelly http://jenkins-ci.org/commit/authorize-project-plugin/1999e626b2ece4f7169b9c05552a1afd98cf3366 Log: JENKINS-30574 Note tag unneeded after Jenkins 1.645+

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator.java
          http://jenkins-ci.org/commit/authorize-project-plugin/9f626de2e7403a4f8c20d4a50be0e87a3ade443e
          Log:
          JENKINS-30574 Fix form binding and change default to anonymous

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator.java http://jenkins-ci.org/commit/authorize-project-plugin/9f626de2e7403a4f8c20d4a50be0e87a3ade443e Log: JENKINS-30574 Fix form binding and change default to anonymous

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java
          http://jenkins-ci.org/commit/authorize-project-plugin/136fe6120e721c3302baf8bfba2d1917171b68cc
          Log:
          JENKINS-30574 Fix compilation errors

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java http://jenkins-ci.org/commit/authorize-project-plugin/136fe6120e721c3302baf8bfba2d1917171b68cc Log: JENKINS-30574 Fix compilation errors

          Code changed in jenkins
          User: ikedam
          Path:
          src/main/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator.java
          src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/config.jelly
          src/main/resources/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator/config.jelly
          src/main/resources/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator/help.html
          src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages.properties
          src/main/resources/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator/config.jelly
          src/main/resources/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator/help.html
          src/main/resources/org/jenkinsci/plugins/authorizeproject/form/dropdownDescriptorSelector.jelly
          src/main/resources/org/jenkinsci/plugins/authorizeproject/form/taglib
          src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java
          http://jenkins-ci.org/commit/authorize-project-plugin/5f567fcfb978ce39fea263c5b10e34d67ef60a00
          Log:
          Merge pull request #14 from stephenc/jenkins-30574-redux

          [FIXED JENKINS-30574] Support global default authorization strategy in Authorize Project

          Compare: https://github.com/jenkinsci/authorize-project-plugin/compare/c6507c759b15...5f567fcfb978

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/main/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator.java src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/config.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator/config.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator/help.html src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages.properties src/main/resources/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator/config.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator/help.html src/main/resources/org/jenkinsci/plugins/authorizeproject/form/dropdownDescriptorSelector.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/form/taglib src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java http://jenkins-ci.org/commit/authorize-project-plugin/5f567fcfb978ce39fea263c5b10e34d67ef60a00 Log: Merge pull request #14 from stephenc/jenkins-30574-redux [FIXED JENKINS-30574] Support global default authorization strategy in Authorize Project Compare: https://github.com/jenkinsci/authorize-project-plugin/compare/c6507c759b15...5f567fcfb978

          Code changed in jenkins
          User: ikedam
          Path:
          src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java
          http://jenkins-ci.org/commit/authorize-project-plugin/61371537451d2e9fe02997ea1799e97ad3118c2f
          Log:
          JENKINS-30574 Added tests to configuration of GlobalQueueItemAuthenticator.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java http://jenkins-ci.org/commit/authorize-project-plugin/61371537451d2e9fe02997ea1799e97ad3118c2f Log: JENKINS-30574 Added tests to configuration of GlobalQueueItemAuthenticator.

          Code changed in jenkins
          User: ikedam
          Path:
          src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java
          src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectUtil.java
          src/main/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator.java
          src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java
          http://jenkins-ci.org/commit/authorize-project-plugin/932d35fdc5ff8766f95f0af6e62e32959b36fc8c
          Log:
          JENKINS-30574 Make GlobalQueueItemAuthenticator work with SpecificUsersAuthorizationStrategy

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectUtil.java src/main/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator.java src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java http://jenkins-ci.org/commit/authorize-project-plugin/932d35fdc5ff8766f95f0af6e62e32959b36fc8c Log: JENKINS-30574 Make GlobalQueueItemAuthenticator work with SpecificUsersAuthorizationStrategy

          Code changed in jenkins
          User: ikedam
          Path:
          src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategyDescriptor.java
          src/main/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator.java
          src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java
          src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/config.jelly
          src/main/resources/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator/config.jelly
          src/main/resources/org/jenkinsci/plugins/authorizeproject/form/dropdownDescriptorSelector.jelly
          src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy/config.jelly
          http://jenkins-ci.org/commit/authorize-project-plugin/52e06499e89d8dcf7819f74623d9f56167cbc61a
          Log:
          JENKINS-30574 Strategies can change the configuration behavior for GlobalQueueItemAuthenticator.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategyDescriptor.java src/main/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator.java src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/config.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator/config.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/form/dropdownDescriptorSelector.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy/config.jelly http://jenkins-ci.org/commit/authorize-project-plugin/52e06499e89d8dcf7819f74623d9f56167cbc61a Log: JENKINS-30574 Strategies can change the configuration behavior for GlobalQueueItemAuthenticator.

          ikedam added a comment -

          This feature is provided in authorize-project-1.2.0.
          It will be available in the update center in a day.

          ikedam added a comment - This feature is provided in authorize-project-1.2.0. It will be available in the update center in a day.

            ikedam ikedam
            oleg_nenashev Oleg Nenashev
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: