-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
Jenkins: 2.452.1 (LTS)
OpenShift Login Plugin: Version1.1.0.248.v1908df5c4f5e
Matrix Authorization Strategy Plugin: Version3.2.2
Issue
With Version 3 of the Matrix Authorization Strategy Plugin permission entries have to have a "type" to distinguished between "GROUP" and "USER". Otherwise Jenkins Flags those permission entries as "ambiguous" and the following Text is displayed (in Jenkins -> Manage Jenkins) below the permission matrix:
This table contains rows with ambiguous entries. This means that they apply both to users with the specified ID, and groups with the specified name. If the current security realm does not distinguish between user IDs and group names unambiguously, and if users can either choose their own user ID or create new groups, this configuration may allow them to obtain greater permissions. It is recommended that all ambiguous entries are replaced with ones that are either explicitly a user or group.
Relevant changelog entries of Matrix Auth. Stragtegy Plugin : see
- https://github.com/jenkinsci/matrix-auth-plugin/releases/tag/matrix-auth-3.0
- maybe: https://github.com/jenkinsci/matrix-auth-plugin/releases/tag/matrix-auth-3.2
- maybe: https://github.com/jenkinsci/matrix-auth-plugin/releases/tag/matrix-auth-3.2.2
I did not inspect the code in detail (so might be missing more relevant lines). What i found, is that currently the OpenShift Plugin uses the method
add(Permission permission, String sid)
which is deprecated with the remark "Since 3.0, use add(Permission, PermissionEntry) instead."
It would be helpful if the OpenShift Login Plugin could be updated to not use the deprecated Method and so that Jenkins no longer flags ambiguous permission entries.
- links to