-
Bug
-
Resolution: Fixed
-
Major
-
Jenkins ver. 1.656
Role-based Authorization Strategy 2.2.0
-
-
548.vb_60076577ec7
We use the "Restrict project naming - Role-Based Strategy" feature. This option works fine for restricting the name of a job as we cannot create jobs where names doesn't match our regular expressions set in "Project roles".
The problem we encounter is that no restriction is enforced to prevent creation/renaming of a job where a user doesn't have any rights.
ie:
- user A is allowed to name his job as "^project-A_.*$"
- user B is allowed to name his job as "^project-B_.*$"
-> user A or B cannot create projects with name "project-C_test" == good
-> user A is allowed to create a job "project-A_test" == good
-> user A is allowed to create a job "project-B_test" == bad
-> user A is allowed to rename a job "project-A_test" to "project-B_test" == bad
Do we miss an option? Is this a bug?
This has an impact on our security scheme...
[JENKINS-34337] Job Naming Strategy doesn't enforce restriction on rename
kumy kumy
created issue -
| Component/s | New: core [ 15593 ] | |
| Component/s | Original: role-strategy-plugin [ 15758 ] |
| Workflow | Original: JNJira [ 170421 ] | New: JNJira + In-Review [ 183889 ] |
| Assignee | Original: Oleg Nenashev [ oleg_nenashev ] |
| Labels | New: newbie-friendly |
| Summary | Original: Job Naming Strategy doesn't enforce restriction | New: Job Naming Strategy doesn't enforce restriction on rename |
| Assignee | New: James Milligan [ nightowlengineer ] |
| Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
I've started taking a look at this as my first foray into Jenkins. Looks like it's still a defect with recent versions (2.11 of the plugin and 2.177 of Jenkins). After some digging, I think there's already an old PR that just needs some tidying up and bringing up to date: https://github.com/jenkinsci/role-strategy-plugin/pull/16
Renaming... Uhm... Most likely it's a Jenkins core bug. It is supposed to invoke Project naming strategies on renames