Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-73234

Set Jenkins permissions with explizit type (USER or GROUP)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • openshift-login-plugin
    • None
    • Jenkins: 2.452.1 (LTS)
      OpenShift Login Plugin: Version1.1.0.248.v1908df5c4f5e
      Matrix Authorization Strategy Plugin: Version3.2.2

      Issue

      With Version 3 of the Matrix Authorization Strategy Plugin permission entries have to have a "type" to distinguished between "GROUP" and "USER". Otherwise Jenkins Flags those permission entries as "ambiguous" and the following Text is displayed (in Jenkins -> Manage Jenkins) below the permission matrix:

      This table contains rows with ambiguous entries. This means that they apply both to users with the specified ID, and groups with the specified name. If the current security realm does not distinguish between user IDs and group names unambiguously, and if users can either choose their own user ID or create new groups, this configuration may allow them to obtain greater permissions. It is recommended that all ambiguous entries are replaced with ones that are either explicitly a user or group.

      Relevant changelog entries of Matrix Auth. Stragtegy Plugin : see

      JavaDoc: https://javadoc.jenkins.io/plugin/matrix-auth/org/jenkinsci/plugins/matrixauth/AuthorizationContainer.html#add(hudson.security.Permission,java.lang.String)

      I did not inspect the code in detail (so might be missing more relevant lines). What i found, is that currently the OpenShift Plugin uses the method

          add​(Permission permission, String sid)

      which is deprecated with the remark "Since 3.0, use add(Permission, PermissionEntry) instead."

      It would be helpful if the OpenShift Login Plugin could be updated to not use the deprecated Method and so that Jenkins no longer flags ambiguous permission entries.

            adambkaplan Adam Kaplan
            avysha Avy
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: