-
Bug
-
Resolution: Won't Fix
-
Major
-
None
-
Jenkins 2.151.0
Pipeline Input Step: 2.9
-
-
pipeline-input-step-2.12
I use the following snippet in my DSL pipeline
operators = "ldapUserGroup" ChoiceParameterDefinition choice = new ChoiceParameterDefinition('continue', ['YES'] as String[], 'Description') returnValue = input message: 'DEPLOY ?', parameters: [choice], submitter: operators, submitterParameter: 'approver'
I am not part of the ldapUserGroup thus I would expect the pipeline not to continue. However the pipeline continues anyway.
07:39:05 Approved by Surname Lastname [Pipeline] }
The same happens if i use a particular userID or list of userIDs rather than an ldapGroup
operators = "userID0001,userID0002" ChoiceParameterDefinition choice = new ChoiceParameterDefinition('continue', ['YES'] as String[], 'Description') returnValue = input message: 'DEPLOY ?', parameters: [choice], submitter: operators, submitterParameter: 'approver'
- is caused by
-
-
- Resolved
-
- links to
[JENKINS-56016] Input step submitter parameter is ignored for administrators
Attila Tamas Zimler
added a comment - Hi, I've run into the same issue as being an Administrator allows me to approve my own processes. In my case this a problem, because I'm trying to implement a system where an additional administrator needs to approve the process, and the one that is requesting the process run is actually not in the list of the approvers acceptable. However, because of the issue mentioned above, this still allows the user to approve the process.
Attila Tamas Zimler
added a comment - Hi, I've run into the same issue as being an Administrator allows me to approve my own processes. In my case this a problem, because I'm trying to implement a system where an additional administrator needs to approve the process, and the one that is requesting the process run is actually not in the list of the approvers acceptable. However, because of the issue mentioned above, this still allows the user to approve the process. atzimler that could be an interesting scenario. Perhaps adding an option to allow/disallow admin in addition to the submitter list could do the trick. dnusbaum Do you think it's valuable to re-open this ticket or creating a new one? (or "refusing the scenario", also an option).
To me, it still seems pointless, because an admin could always approve the input indirectly through tools like the script console with their elevated permissions, or create a new job that does what they want, and just run that. Anyone with admin permissions should be considered trusted, and if you do not trust them, then they should not be an admin. If you do trust them, then this just seems like something to be enforced socially by making sure the message for the input requests that a different admin approve the input.
Attila Tamas Zimler
added a comment - Hi, I've worked around the issue with actually adding cycles into the groovy description of the pipeline. I just wanted to add a note on the fact that for my scenario is not a trust issue, it is more of avoiding potential accidents with production systems. Our admin team can freely adjust the build process too, but we are responsible and don't do that either for the purpose of circumventing protective measures.
Attila Tamas Zimler
added a comment - Hi, I've worked around the issue with actually adding cycles into the groovy description of the pipeline. I just wanted to add a note on the fact that for my scenario is not a trust issue, it is more of avoiding potential accidents with production systems. Our admin team can freely adjust the build process too, but we are responsible and don't do that either for the purpose of circumventing protective measures. When will this released? As resolution is "fixed" I cannot vote and watch for this issue.
tkleiber You can find the releases including that correction at the top of the page https://github.com/jenkinsci/pipeline-input-step-plugin/commit/b0c006ed1be9bb5a55114d9239085ba4bfc48a82
To access that page, you can scroll down in the PR page, and click on the link just after "merged commit".
This ticket's status was forgotten, I will update it, thanks 
Then you should reopen the issue because of regression.
I have installed version 449.v77f0e8b_845c4 of the plugin and administrator can approve the input step despite he is not part of the submitter parameter.
tkleiber The resolution here should have been "Won't fix". If you look at the commit that Wadeck linked, you will see that the change is only to update the documentation to mention the current behavior. We will not change the behavior to prevent admins from approving the input, because it just does not make sense with the Jenkins security model.
I think the nicest thing we could do would be to copy this logic into a new method that is used to add text like " (Admin override)" to the end of the "Proceed" button if the current user is only allowed to click the button because they are an admin (similar to what GitHub does when you bypass branch protections using your admin permissions to merge a PR on a repo). I do not have any time or plans to look into that myself, but anyone else is welcome to do so and file a PR.
Thanks Devin for the information, changed the resolution to "Won't fix" 
A PR was merged to update the documentation, but it has not been released yet.