-
Improvement
-
Resolution: Fixed
-
Minor
-
None
-
Jenkins 2.426.1
Microsoft Entra ID (previously Azure AD) Plugin Version 442.v355cca_6b_c169
Role-based Authorization Strategy Version 689.v731678c3e0eb_
-
-
717.v6a_69a_fe98974
Role-based Authorization Strategy plugin works excellent with azure-ad plugin if add users and groups via object_id.
If you add user using object_id, then plugin performs check_name request (validation) and if user was found validation response returns user fullname for representation - source. If you add group using object_id, then validation won't return group display name and will be represented as it was requested - source.
It's hard to manage access when dozens of group added to the table.
Please add ability to represent Azure groups by group name if the AzureSecurityRealm in use or just simple check if groupName property is available for group object (AzureAdGroup class). Another option is ability to provide notes for Users/Groups, then we can describe what exact name stands behind the id.
[JENKINS-72984] Improve representation for EntraID (AzureAD) groups when add them via cryptic oid string
Oleksandr K.
created issue -
Oleksandr K.
made changes -
| Issue Type | Original: New Feature [ 2 ] | New: Improvement [ 4 ] |
Oleksandr K.
made changes -
| Description |
Original:
Role-based Authorization Strategy plugin works excellent with azure-ad plugin if add users and groups via object_id.
If you add user using object_id, then plugin performs check_name request (validation) and if user was found validation response returns user fullname for representation - [source|https://github.com/jenkinsci/role-strategy-plugin/blob/689.v731678c3e0eb_/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/ValidationUtil.java#L135].If you add group using object_id, then validation won't return group display name and will be represented as it was requested - [source|https://github.com/jenkinsci/role-strategy-plugin/blob/689.v731678c3e0eb_/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/ValidationUtil.java#L96]. It's hard to manage access when dozens of group added to the table. Please add ability to represent Azure groups by group name if the AzureSecurityRealm in use or just simple check if groupName property is available for group object ([AzureAdGroup class|https://github.com/jenkinsci/azure-ad-plugin/blob/471.vdfa_2441c67a_f/src/main/java/com/microsoft/jenkins/azuread/AzureAdGroup.java]). Another option is ability to provide notes for Users/Groups, then we can describe what exact name stands behind the id. |
New:
Role-based Authorization Strategy plugin works excellent with azure-ad plugin if add users and groups via object_id.
If you add user using object_id, then plugin performs check_name request (validation) and if user was found validation response returns user fullname for representation - [source|https://github.com/jenkinsci/role-strategy-plugin/blob/689.v731678c3e0eb_/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/ValidationUtil.java#L135]. If you add group using object_id, then validation won't return group display name and will be represented as it was requested - [source|https://github.com/jenkinsci/role-strategy-plugin/blob/689.v731678c3e0eb_/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/ValidationUtil.java#L96]. It's hard to manage access when dozens of group added to the table. Please add ability to represent Azure groups by group name if the AzureSecurityRealm in use or just simple check if groupName property is available for group object ([AzureAdGroup class|https://github.com/jenkinsci/azure-ad-plugin/blob/471.vdfa_2441c67a_f/src/main/java/com/microsoft/jenkins/azuread/AzureAdGroup.java]). Another option is ability to provide notes for Users/Groups, then we can describe what exact name stands behind the id. |
Markus Winter
made changes -
| Assignee | Original: Oleg Nenashev [ oleg_nenashev ] | New: Markus Winter [ mawinter69 ] |
boston_aqua can you please check if https://repo.jenkins-ci.org/artifactory/incrementals/org/jenkins-ci/plugins/role-strategy/716.va_519735f6b_7c/role-strategy-716.va_519735f6b_7c.hpi resolves the problem?
I don't have access to Azure so I can't test this myself.
Markus Winter
added a comment - - edited boston_aqua can you please check if https://repo.jenkins-ci.org/artifactory/incrementals/org/jenkins-ci/plugins/role-strategy/716.va_519735f6b_7c/role-strategy-716.va_519735f6b_7c.hpi resolves the problem?
I don't have access to Azure so I can't test this myself. Oleksandr K.
added a comment - Thank you! I tested it and now it represents group by display name! That's exactly what we wanted.
Oleksandr K.
added a comment - Thank you! I tested it and now it represents group by display name! That's exactly what we wanted. Markus Winter
made changes -
| Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
Markus Winter
made changes -
| Released As | New: 717.v6a_69a_fe98974 | |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: In Progress [ 3 ] | New: Resolved [ 5 ] |
There is no API in Jenkins security realm that allows to get a 'display name' for a group.The groupDetails actually do provide a display name.
I will provide a change