[JIRA] [authorize-project-plugin] (JENKINS-30574) Support global default authorization strategy in Authorize Project
Title: Message Title ikedam closed an issue as Fixed This feature is provided in authorize-project-1.2.0. It will be available in the update center in a day. Jenkins / JENKINS-30574 Support global default authorization strategy in Authorize Project Change By: ikedam Status: Resolved Closed Assignee: ikedam Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [authorize-project-plugin] (JENKINS-30574) Support global default authorization strategy in Authorize Project
Title: Message Title SCM/JIRA link daemon commented on JENKINS-30574 Re: Support global default authorization strategy in Authorize Project Code changed in jenkins User: ikedam Path: src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategyDescriptor.java src/main/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator.java src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/config.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator/config.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/form/dropdownDescriptorSelector.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy/config.jelly http://jenkins-ci.org/commit/authorize-project-plugin/52e06499e89d8dcf7819f74623d9f56167cbc61a Log: JENKINS-30574 Strategies can change the configuration behavior for GlobalQueueItemAuthenticator. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [authorize-project-plugin] (JENKINS-30574) Support global default authorization strategy in Authorize Project
Title: Message Title SCM/JIRA link daemon commented on JENKINS-30574 Re: Support global default authorization strategy in Authorize Project Code changed in jenkins User: ikedam Path: src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectUtil.java src/main/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator.java src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java http://jenkins-ci.org/commit/authorize-project-plugin/932d35fdc5ff8766f95f0af6e62e32959b36fc8c Log: JENKINS-30574 Make GlobalQueueItemAuthenticator work with SpecificUsersAuthorizationStrategy Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [authorize-project-plugin] (JENKINS-30574) Support global default authorization strategy in Authorize Project
Title: Message Title SCM/JIRA link daemon commented on JENKINS-30574 Re: Support global default authorization strategy in Authorize Project Code changed in jenkins User: ikedam Path: src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java http://jenkins-ci.org/commit/authorize-project-plugin/61371537451d2e9fe02997ea1799e97ad3118c2f Log: JENKINS-30574 Added tests to configuration of GlobalQueueItemAuthenticator. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [authorize-project-plugin] (JENKINS-30574) Support global default authorization strategy in Authorize Project
Title: Message Title SCM/JIRA link daemon resolved as Fixed Jenkins / JENKINS-30574 Support global default authorization strategy in Authorize Project Change By: SCM/JIRA link daemon Status: Open Resolved Resolution: Fixed Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [authorize-project-plugin] (JENKINS-30574) Support global default authorization strategy in Authorize Project
Title: Message Title SCM/JIRA link daemon commented on JENKINS-30574 Re: Support global default authorization strategy in Authorize Project Code changed in jenkins User: Stephen Connolly Path: src/main/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator.java src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/config.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator/config.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator/help.html src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages.properties src/main/resources/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator/config.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator/help.html src/main/resources/org/jenkinsci/plugins/authorizeproject/form/dropdownDescriptorSelector.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/form/taglib src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java http://jenkins-ci.org/commit/authorize-project-plugin/20d2ba35fa7aebd062987a7e9c3070d597c1a4c6 Log: [FIXED JENKINS-30574] Support global default authorization strategy in Authorize Project Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [authorize-project-plugin] (JENKINS-30574) Support global default authorization strategy in Authorize Project
Title: Message Title SCM/JIRA link daemon commented on JENKINS-30574 Re: Support global default authorization strategy in Authorize Project Code changed in jenkins User: Stephen Connolly Path: src/main/resources/org/jenkinsci/plugins/authorizeproject/form/dropdownDescriptorSelector.jelly http://jenkins-ci.org/commit/authorize-project-plugin/1999e626b2ece4f7169b9c05552a1afd98cf3366 Log: JENKINS-30574 Note tag unneeded after Jenkins 1.645+ Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [authorize-project-plugin] (JENKINS-30574) Support global default authorization strategy in Authorize Project
Title: Message Title SCM/JIRA link daemon commented on JENKINS-30574 Re: Support global default authorization strategy in Authorize Project Code changed in jenkins User: Stephen Connolly Path: src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java http://jenkins-ci.org/commit/authorize-project-plugin/136fe6120e721c3302baf8bfba2d1917171b68cc Log: JENKINS-30574 Fix compilation errors Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [authorize-project-plugin] (JENKINS-30574) Support global default authorization strategy in Authorize Project
Title: Message Title SCM/JIRA link daemon commented on JENKINS-30574 Re: Support global default authorization strategy in Authorize Project Code changed in jenkins User: ikedam Path: src/main/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator.java src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/config.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator/config.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator/help.html src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages.properties src/main/resources/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator/config.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator/help.html src/main/resources/org/jenkinsci/plugins/authorizeproject/form/dropdownDescriptorSelector.jelly src/main/resources/org/jenkinsci/plugins/authorizeproject/form/taglib src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java http://jenkins-ci.org/commit/authorize-project-plugin/5f567fcfb978ce39fea263c5b10e34d67ef60a00 Log: Merge pull request #14 from stephenc/jenkins-30574-redux [FIXED JENKINS-30574] Support global default authorization strategy in Authorize Project Compare: https://github.com/jenkinsci/authorize-project-plugin/compare/c6507c759b15...5f567fcfb978 Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [authorize-project-plugin] (JENKINS-30574) Support global default authorization strategy in Authorize Project
Title: Message Title SCM/JIRA link daemon commented on JENKINS-30574 Re: Support global default authorization strategy in Authorize Project Code changed in jenkins User: Stephen Connolly Path: src/main/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticator.java http://jenkins-ci.org/commit/authorize-project-plugin/9f626de2e7403a4f8c20d4a50be0e87a3ade443e Log: JENKINS-30574 Fix form binding and change default to anonymous Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [authorize-project-plugin] (JENKINS-30574) Support global default authorization strategy in Authorize Project
Title: Message Title stephenconnolly commented on JENKINS-30574 Re: Support global default authorization strategy in Authorize Project Jesse Glick FYI the authorize project plugin currently assumes a strategy returning null will get run as SYSTEM: https://github.com/jenkinsci/authorize-project-plugin/blob/master/src/test/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticatorTest.java#L145 (of course that is incorrect, returning null means fall through to the next strategy... and if you fall off the end of all strategies then you default to SYSTEM modulo JENKINS-22949 because of backwards compatability) Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [authorize-project-plugin] (JENKINS-30574) Support global default authorization strategy in Authorize Project
Title: Message Title stephenconnolly commented on JENKINS-30574 Re: Support global default authorization strategy in Authorize Project https://github.com/jenkinsci/authorize-project-plugin/pull/13 Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [authorize-project-plugin] (JENKINS-30574) Support global default authorization strategy in Authorize Project
Title: Message Title Oleg Nenashev created an issue Jenkins / JENKINS-30574 Support global default authorization strategy in Authorize Project Issue Type: New Feature Assignee: Unassigned Components: authorize-project-plugin Created: 21/Sep/15 3:57 PM Labels: security Priority: Major Reporter: Oleg Nenashev Due to security reasons, sometimes Jenkins admins may want to completely restrict running jobs as a system. In such case it would be useful to add the following features: Global default strategy (if no one configured at the project level) Enforced global strategy, which prevents setting other strategies on the project level
[JIRA] [authorize-project-plugin] (JENKINS-30574) Support global default authorization strategy in Authorize Project
Title: Message Title Oleg Nenashev updated an issue Jenkins / JENKINS-30574 Support global default authorization strategy in Authorize Project Change By: Oleg Nenashev Due to security reasons, sometimes Jenkins admins may want to completely restrict running jobs as a system /anonymous and setup custom security limitations . In such case it would be useful to add the following features:* Global default strategy (if no one configured at the project level)* Enforced global strategy, which prevents setting other strategies on the project level Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [authorize-project-plugin] (JENKINS-30574) Support global default authorization strategy in Authorize Project
Title: Message Title Oleg Nenashev commented on JENKINS-30574 Re: Support global default authorization strategy in Authorize Project Jesse Glick, I definitely vote for JENKINS-22949, but I doubt it can be deployed soon due to the serious regressions scope (if we don't use a new system property). This feature request presumes a more generic approach, which would allow to globally set ACL.ANONYMOUS or set up another custom strategy e.g. on my previous installations I would authorize builds by the job owner using the strategy in Ownership plugin. another use-case it to use a generic "jenkins" account on restricted instances, where anonymous user is even unable to READ anything. This approach is more flexible than JENKINS-22949 Second bullet... In particular cases it is useful to totally prevent the manual strategy management in jobs at all => it's a justification for the second bullet (could be a separate JIRA issue BTW). Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [authorize-project-plugin] (JENKINS-30574) Support global default authorization strategy in Authorize Project
Title: Message Title Jesse Glick commented on JENKINS-30574 Re: Support global default authorization strategy in Authorize Project I think the motivation here is misstated. If you have configured the ProjectQueueItemAuthenticator, then if any project lacks an AuthorizeProjectProperty, it will be given no authentication, and callers of Tasks.getDefaultAuthenticationOf are obliged to treat this condition as if the associated authentication were ACL.ANONYMOUS (cf. JENKINS-22949), so there is no security risk in a particular project being unconfigured—it merely will not be able to do anything requiring special permissions. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [authorize-project-plugin] (JENKINS-30574) Support global default authorization strategy in Authorize Project
Title: Message Title Jesse Glick commented on JENKINS-30574 Re: Support global default authorization strategy in Authorize Project I doubt it can be deployed soon due to the serious regressions scope (if we don't use a new system property). I think you misunderstand. Code checking permissions during builds (such as BuildTrigger) already replaces “undefined” with anonymous. JENKINS-22949 would simply make that more automatic and thus easier to implement for new code checking permissions during builds. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
