Hi, I’m Ikedam, a maintainer of authorize-project-plugin. https://plugins.jenkins.io/authorize-project
Authorize-project-plugin doesn’t support features of modern Jenkins, such as pipelines, multibranch and JCaC. Making things worse, authorize-project-plugin is the only implementation for QueueItemAuthenticator as far as I know. Authorize-project-plugin is originally designed for legacy Jenkins, that is, expected to use with freestyle projects and matrix projects, and expected to configured with web browsers. And I believe it’s fundamentally incompatible with modern Jenkins. It might be possible to extend or redesign this plugin and to have it applicable to modern Jenkins, but I’m afraid that it’s not reasonable as it mainly costs not for new features, but rather for preserving backward compatibilities. What I want to do here are: * Request a new plugin implementing QueueItemAuthenticator, supporting modern Jenkins and which will replace and deprecate authorize-project-plugin. * Unfortunately I won’t join that development. Sorry. * Ask depelopers whether QueueItemAuthenticator is what we actually want, or there can be alternate ways to control permissions of builds: * I originally developed authorize-project-plugin for copyartifact-plugin to control the permission to copy artifacts from other builds. But I believe it’s easier to control that permission with CopyArtifactPermissionProperty, which defines jobs allowed to access to artifacts. * I believe users want to define permissions not bound to actual specific users such as those in LDAP, or Active Directory. But Jenkins doesn’t provide mechanisms for authentications not bound to specific users, like sevice accounts in Google Cloud Platform. * I expect QueueItemAuthenticator can be replaced with other permission mechanisms not bound to specific users, like permissions between jobs (generalizing CopyArtifactPermissionProperty) or permissions for credentials from jobs (folder-scoped credentials might meet that). * I don’t know actual usecases of QueueItemAuthenticatorcan and there might be usecases that cannot be replaced with other mechanisms. Regards, Ikedam -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/d0bed924-83ec-4c5e-9ce4-04a03363fd27%40googlegroups.com.