Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-44920

New GitHub nested teams breaks auth

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      GitHub now support having nested teams: https://github.com/blog/2378-nested-teams-add-depth-to-your-team-structure

      But it seems like membership information now doesn't work as expected. In my particular case I had teams Parent and Child, and Bob was part of both Parent and Child and Bill was part of Parent only (so Parent = {Bob, Bill} | Child = {Bob}). I had then Parent as a jenkins group to give access to users.

      To switch to nested groups I set Parent as the parent team for Child and removed Bob from Parent, as he is part of it transitively now (so Parent = {Bill, Child = {Bob} }).

      Now Bob can't get into Jenkins. I guess that the GitHub API is now not reporting Bob as a member of Parent, I don't know if the API calls changed or if a new API call should be used to check for inherited membership.

      I contacted GtiHub support about this too, but maybe the issue here is in Jenkins, so reporting here too.

        Attachments

          Activity

          Hide
          sag47 Sam Gleske added a comment -

          Thanks for reporting.  I'll investigate as well.  This is the first I've seen this feature.

          Show
          sag47 Sam Gleske added a comment - Thanks for reporting.  I'll investigate as well.  This is the first I've seen this feature.
          Hide
          lucasocio Leandro Lucarella added a comment -

          It went out very recently. Thanks for the quick response!

          Show
          lucasocio Leandro Lucarella added a comment - It went out very recently. Thanks for the quick response!
          Hide
          lucasocio Leandro Lucarella added a comment -

          There is a new GitHub API for nested teams: https://developer.github.com/changes/2017-08-30-preview-nested-teams/

          I guess that should be used to be able to see if a user belongs to a team when he is not directly part of it, but he is in the team hierarchy.

          Show
          lucasocio Leandro Lucarella added a comment - There is a new GitHub API for nested teams: https://developer.github.com/changes/2017-08-30-preview-nested-teams/ I guess that should be used to be able to see if a user belongs to a team when he is not directly part of it, but he is in the team hierarchy.
          Hide
          lucasocio Leandro Lucarella added a comment -

          OTOH:

          The List team members and Get team membership endpoints will now include both direct and child team members.

          So probably another option is to wait for this preview to be final and let this fix itself

          Show
          lucasocio Leandro Lucarella added a comment - OTOH: The List team members and Get team membership endpoints will now include both direct and child team members. So probably another option is to wait for this preview to be final and let this fix itself
          Hide
          lucasocio Leandro Lucarella added a comment -

          How hard would it be to use the `hellcat-preview` to check if the new API behaviour fixes this issue?

          Show
          lucasocio Leandro Lucarella added a comment - How hard would it be to use the ` hellcat-preview ` to check if the new API behaviour fixes this issue?
          Hide
          sag47 Sam Gleske added a comment -

          What is hellcat-preview?

          Show
          sag47 Sam Gleske added a comment - What is hellcat-preview ?
          Hide
          lucasocio Leandro Lucarella added a comment -

          Is a github api preview you can use to get the future behaviour. You have to use a special Accept to enable it (application/vnd.github.hellcat-preview+json).

          See https://developer.github.com/changes/2017-08-30-preview-nested-teams/ for more details.

          Show
          lucasocio Leandro Lucarella added a comment - Is a github api preview you can use to get the future behaviour. You have to use a special Accept to enable it ( application/vnd.github.hellcat-preview+json ). See https://developer.github.com/changes/2017-08-30-preview-nested-teams/ for more details.
          Hide
          sag47 Sam Gleske added a comment -

          Since GitHub teams API has become more stable the plugin works with nested teams again. Feel free to re-open this if you disagree and provide evidence. I was successfully using nested teams with plugin version 0.31.

          Show
          sag47 Sam Gleske added a comment - Since GitHub teams API has become more stable the plugin works with nested teams again. Feel free to re-open this if you disagree and provide evidence. I was successfully using nested teams with plugin version 0.31.

            People

            Assignee:
            sag47 Sam Gleske
            Reporter:
            lucasocio Leandro Lucarella
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: