[JIRA] (JENKINS-27134) Permission for input approval, or choice of Jenkins-specific group as submitter
Title: Message Title Jean-Pierre Fouche edited a comment on JENKINS-27134 Re: Permission for input approval, or choice of Jenkins-specific group as submitter Please would you be able to address the issue with RBAC stated in the description?i.e. {code:java}"Currently the input step allows you to specify a submitter, which may be a user ID or an external group ("granted authority"). This does not work well with authorization strategies, especially those that allow you to group together users inside Jenkins, such as (but not limited to) nectar-rbac in Jenkins Enterprise by CloudBees."{code}I find that the 'submitter' attribute does not work on the input step. We are using Keycloak role-based AuthorizationStrategy. (Our code for the input step has not changed, but we recently changed Jenkins setup from a matrix based authorisation strategy to Keycloak). Code below. Expected result is that if there is a * user * in Keycloak, it should verify that the logged in user matches. Similarly, if there is a * group * in Keycloak, the logged in user should be a member of the specified group.{code:java}isApproved = input(id: 'someId',message: 'Approve?',submitter: 'someuser', // <== 'does not query Keycloak; ignores this parameters: [choice(choices: ['No', 'Yes'],description: 'some description',name: 'some name')]) == 'Yes'{code} Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails fr
[JIRA] (JENKINS-27134) Permission for input approval, or choice of Jenkins-specific group as submitter
Title: Message Title Jean-Pierre Fouche edited a comment on JENKINS-27134 Re: Permission for input approval, or choice of Jenkins-specific group as submitter Please would you be able to address the issue with RBAC stated in the description?i.e. {code:java}"Currently the input step allows you to specify a submitter, which may be a user ID or an external group ("granted authority"). This does not work well with authorization strategies, especially those that allow you to group together users inside Jenkins, such as (but not limited to) nectar-rbac in Jenkins Enterprise by CloudBees."{code}I find that the 'submitter' attribute does not work on the input step. We are using Keycloak role-based AuthorizationStrategy. (Our code for the input step has not changed, but we recently changed Jenkins setup from a matrix based authorisation strategy to Keycloak). Code below. Expected result is that if there is a *user* in Keycloak, it should verify that the logged in user matches. Similarly, if there is a *group* in Keycloak, the logged in user should be a member of the specified group.{code:java}isApproved = input(id: 'applyPlan',message: 'Approve?',submitter: 'someuser', // <== 'does not query Keycloak; ignores this parameters: [choice(choices: ['No', 'Yes'],description: config. 'some description ' ,name: config. 'some name ' )]) == 'Yes'{code} Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop
[JIRA] (JENKINS-27134) Permission for input approval, or choice of Jenkins-specific group as submitter
Title: Message Title Jean-Pierre Fouche edited a comment on JENKINS-27134 Re: Permission for input approval, or choice of Jenkins-specific group as submitter Please would you be able to address the issue with RBAC stated in the description?i.e. {code:java}"Currently the input step allows you to specify a submitter, which may be a user ID or an external group ("granted authority"). This does not work well with authorization strategies, especially those that allow you to group together users inside Jenkins, such as (but not limited to) nectar-rbac in Jenkins Enterprise by CloudBees."{code}I find that the 'submitter' attribute does not work on the input step. We are using Keycloak role-based AuthorizationStrategy. (Our code for the input step has not changed, but we recently changed Jenkins setup from a matrix based authorisation strategy to Keycloak). Code below. Expected result is that if there is a *user* in Keycloak, it should verify that the logged in user matches. Similarly, if there is a *group* in Keycloak, the logged in user should be a member of the specified group.{code:java}isApproved = input(id: ' applyPlan someId ',message: 'Approve?',submitter: 'someuser', // <== 'does not query Keycloak; ignores this parameters: [choice(choices: ['No', 'Yes'],description: 'some description',name: 'some name')]) == 'Yes'{code} Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving email
[JIRA] (JENKINS-27134) Permission for input approval, or choice of Jenkins-specific group as submitter
Title: Message Title Jean-Pierre Fouche edited a comment on JENKINS-27134 Re: Permission for input approval, or choice of Jenkins-specific group as submitter Please would you be able to address the issue with RBAC stated in the description?i.e. {code:java}"Currently the input step allows you to specify a submitter, which may be a user ID or an external group ("granted authority"). This does not work well with authorization strategies, especially those that allow you to group together users inside Jenkins, such as (but not limited to) nectar-rbac in Jenkins Enterprise by CloudBees."{code}I find that the 'submitter' attribute does not work on the input step. We are using Keycloak role-based AuthorizationStrategy. (Our code for the input step has not changed, but we recently changed Jenkins setup from a matrix based authorisation strategy to Keycloak). Code below. Expected result is that if there is a *user* in Keycloak, it should verify that the logged in user matches. Similarly, if there is a *group* in Keycloak, the logged in user should be a member of the specified group.{code:java}isApproved = input(id: 'applyPlan',message: 'Approve?',submitter: 'someuser', // <== 'does not query Keycloak; ignores this parameters: [choice(choices: ['No', 'Yes'],description: config.description,name: config.name)]) == 'Yes'{code} Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from
[JIRA] (JENKINS-27134) Permission for input approval, or choice of Jenkins-specific group as submitter
Title: Message Title Jean-Pierre Fouche edited a comment on JENKINS-27134 Re: Permission for input approval, or choice of Jenkins-specific group as submitter Please would you be able to address the issue with RBAC stated in the description?i.e. {code:java}"Currently the input step allows you to specify a submitter, which may be a user ID or an external group ("granted authority"). This does not work well with authorization strategies, especially those that allow you to group together users inside Jenkins, such as (but not limited to) nectar-rbac in Jenkins Enterprise by CloudBees."{code}I find that the 'submitter' attribute does not work on the input step. We are using Keycloak role-based AuthorizationStrategy. (Our code for the input step has not changed, but we recently changed Jenkins setup from a matrix based authorisation strategy to Keycloak). Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.160927.1424899264000.15844.1587558661054%40Atlassian.JIRA.
[JIRA] (JENKINS-27134) Permission for input approval, or choice of Jenkins-specific group as submitter
Title: Message Title Jean-Pierre Fouche commented on JENKINS-27134 Re: Permission for input approval, or choice of Jenkins-specific group as submitter Please would you be able to address the issue with RBAC stated in the description? i.e. "Currently the input step allows you to specify a submitter, which may be a user ID or an external group ("granted authority"). This does not work well with authorization strategies, especially those that allow you to group together users inside Jenkins, such as (but not limited to) nectar-rbac in Jenkins Enterprise by CloudBees." I find that the 'submitter' attribute does not work on the input step. We are using Keycloak role-based AuthorizationStrategy. (Our code has not changed, but we recently changed from a matrix based authorisation strategy to Keycloak). Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.160927.1424899264000.15790.1587558120584%40Atlassian.JIRA.
[JIRA] (JENKINS-56520) Support for Bearer Token (needed for REST-Api calls from scripts)
Title: Message Title Jean-Pierre Fouche updated an issue Jenkins / JENKINS-56520 Support for Bearer Token (needed for REST-Api calls from scripts) Change By: Jean-Pierre Fouche Priority: Minor Blocker Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.198128.1552378214000.9504.1580480100414%40Atlassian.JIRA.