Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Critical
Component/s: role-strategy-plugin
Labels:
None
Environment:
Jenkins 2.319.1
Role-based Authorization Strategy plugin 3.2.0
Azure AD plugin upgraded from 185.v3b416408dcb1 to 188.v2369adb95a31
Matrix Authorization Strategy plugin upgraded from 2.6.11 to 3.0

Similar Issues:

Show
Released As:
484.v8a_a_e4b_d785fd

Upgrading the Azure AD plugin to 188.v2369adb95a31 and the Matrix Authorization Strategy plugin to 3.0 stopped Role-based Authorization Strategy from recognizing me as a Jenkins administrator.

Reproduction steps

The Configuration as Code jenkins.yaml file included:

jenkins:
  authorizationStrategy:
    roleBased:
      roles:
        global:
        - assignments:
          - "REDACTED@REDACTED.com" # my Azure AD account without any "USER:" or "GROUP:" prefix
          name: "admin"
          pattern: ".*"
          permissions:
          - "Job/Create"
          - "Overall/Administer"

jenkins.yaml also defined a few more global roles and item roles, but those should only be able to grant more permissions rather than remove any, so they don't seem relevant to this issue.

Before the upgrade, I was able to log in as REDACTED@REDACTED.com and get administrator access to Jenkins.

I then upgraded Jenkins plugins:

matrix-auth from 2.6.11 to 3.0
azure-ad from 185.v3b416408dcb1 to 188.v2369adb95a31

restarted Jenkins, and logged in.

Expected result

Should still have been able to log in and have administrator access to Jenkins.

Actual result

I was able to log in again but no longer had administrator access.

I edited jenkins.yaml, added the "USER:" prefix to the email address, and restarted Jenkins again. I was still able to log in but did not have administrator access.

I downloaded the previous versions of azure-ad.hpi and matrix-auth.hpi from https://plugins.jenkins.io/, copied them to JENKINS_HOME/plugins as described in https://www.jenkins.io/doc/book/managing/plugins/#on-the-controller, restored jenkins.yaml, and restarted Jenkins. I was able to log in and got administrator access again.

Notes

According to ~~JENKINS-67387~~ and https://github.com/jenkinsci/azure-ad-plugin/issues/179#issuecomment-999004161, role-strategy is not yet compatible with matrix-auth 3.0. I didn't find any other role-strategy-plugin issue about this incompatibility (~~JENKINS-67413~~, ~~JENKINS-67393~~, and ~~JENKINS-67406~~ describe less serious problems), so I'm filing this one.

duplicates

JENKINS-67760 No Type prefix in Assign Role for Role based strategy

Closed

JENKINS-68241 After upgrading to the latest version of jenkins, the prompt "No type prefix: XXX" appears.

Closed

is duplicated by

JENKINS-67760 No Type prefix in Assign Role for Role based strategy

Closed

is related to

JENKINS-67760 No Type prefix in Assign Role for Role based strategy

Closed

JENKINS-67387 "No type prefix: " in "Assign roles:" after updating "Matrix Authorization Strategy" to 3.0

Closed

JENKINS-68241 After upgrading to the latest version of jenkins, the prompt "No type prefix: XXX" appears.

Closed

links to

remove dependency to matrix-auth plugin by mawinter69 · Pull Request #172 · jenkinsci/role-strategy-plugin

(1 is related to, 1 links to)

Assignee:: Oleg Nenashev

Reporter:: Kalle Niemitalo

Votes:: 36 Vote for this issue

Watchers:: 48 Start watching this issue

Created:: 2021-12-21 18:58

Updated:: 2022-06-15 07:00

Resolved:: 2022-05-23 10:17

Details

Description

Reproduction steps

Expected result

Actual result

Notes

Attachments

Issue Links

Activity

People

Dates