-
Bug
-
Resolution: Fixed
-
Major
-
Jenkins ver. 1.656
Role-based Authorization Strategy 2.2.0
-
-
548.vb_60076577ec7
We use the "Restrict project naming - Role-Based Strategy" feature. This option works fine for restricting the name of a job as we cannot create jobs where names doesn't match our regular expressions set in "Project roles".
The problem we encounter is that no restriction is enforced to prevent creation/renaming of a job where a user doesn't have any rights.
ie:
- user A is allowed to name his job as "^project-A_.*$"
- user B is allowed to name his job as "^project-B_.*$"
-> user A or B cannot create projects with name "project-C_test" == good
-> user A is allowed to create a job "project-A_test" == good
-> user A is allowed to create a job "project-B_test" == bad
-> user A is allowed to rename a job "project-A_test" to "project-B_test" == bad
Do we miss an option? Is this a bug?
This has an impact on our security scheme...
[JENKINS-34337] Job Naming Strategy doesn't enforce restriction on rename
I've started taking a look at this as my first foray into Jenkins. Looks like it's still a defect with recent versions (2.11 of the plugin and 2.177 of Jenkins). After some digging, I think there's already an old PR that just needs some tidying up and bringing up to date: https://github.com/jenkinsci/role-strategy-plugin/pull/16
https://github.com/jenkinsci/role-strategy-plugin/pull/74 opened pending review.
Markus Winter
added a comment - With latest version of the plugin, renaming of jobs is only possible when the new name matches the pattern. Requires that the naming strategy is set to role base project naming strategy in jenkins config.
Markus Winter
added a comment - With latest version of the plugin, renaming of jobs is only possible when the new name matches the pattern. Requires that the naming strategy is set to role base project naming strategy in jenkins config. 
Renaming... Uhm... Most likely it's a Jenkins core bug. It is supposed to invoke Project naming strategies on renames