Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60508

Nodes Patterns

XMLWordPrintable

      Hello,

      Im trying to restrict the nodes in jenkins but doesn't matters what i do, always shows me that the user has lack of permission.

      Jenkins v2.190.3

      Role-based Authorization Strategy v2.15

      Authorize Project v1.3.0

       

      So for this example is:

      Acces Control:

      • Role-Based Strategy 

      Access Control for Builds:

      • Project default Build Authorization
           - Strategy Run as anonymous

      (the idea is make it work with Run as the user who triggered the build)

       

      Later, I have this configuration:

      • A global role called general which just have view
      • A Slave role which the pattern is "gradle-.* (I tested with gradle*, gradle.* and even with .*)
      • Both roles assigned to anonymous

       

      So when i run a pipeline with a dynamic agent in kubernetes shows me:

      Started by user XXXXXX
      Running as anonymous

      which is ok, after this, the agent is created, connected to jenkins but the job is waiting forever for the agent and if the agent is already connected shows:

      ‘anonymous’ lacks permission to run on ‘gradle-xxxxxx’

       

      The only way to fix this is run as SYSTEM or add build privileges to "general" global role.

       

      From jenkins logs, nothing relevant is showed up.

        1. Screenshot 2019-12-16 at 16.41.23.png
          20 kB
          Nahuel Cassinari
        2. Screenshot 2019-12-16 at 16.41.43.png
          28 kB
          Nahuel Cassinari
        3. Screenshot 2019-12-16 at 16.42.06.png
          10 kB
          Nahuel Cassinari
        4. Screenshot 2019-12-16 at 16.42.13.png
          9 kB
          Nahuel Cassinari

            oleg_nenashev Oleg Nenashev
            matandomuertos Nahuel Cassinari
            Votes:
            3 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: