role-strategy-plugin icon indicating copy to clipboard operation
role-strategy-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

Add security setting to allow PermissionHelper to log instead of throw

Open thomasnemer opened this issue 3 years ago • 10 comments

This PR intends to add a security setting called 'logDangerousPermissions' for the role strategy plugin which allows the PermissionHelper class to log a WARNING instead of throwing a SecurityException. In any way, the dangerous permission is not added to the Permission Set created by the PermissionHelper, the only behavior that is changed is the logging instead of throwing.

The default behavior stays the same as before.

This allows to properly import/export this plugin's configuration with the configuration-as-code plugin.

Tests written:

  • Configuration creation, saving, loading from disk.
  • Configuration imported and exported as code .

Fixes : JENKINS-58227

  • [x] Make sure you are opening from a topic/feature/bugfix branch (right side) and not your master branch!
  • [x] Ensure that the pull request title represents the desired changelog entry
  • [x] Please describe what you did
  • [x] Link to relevant issues in GitHub or Jira
  • [ ] Link to relevant pull requests, esp. upstream and downstream changes
  • [x] Ensure you have provided tests - that demonstrates feature works or fixes the issue

thomasnemer avatar Mar 18 '21 12:03 thomasnemer

Sorry, missed the PR. Added to my review queue

oleg-nenashev avatar Apr 28 '21 08:04 oleg-nenashev

@oleg-nenashev : Did you had by any chance some time to review this?

thomasnemer avatar May 10 '21 15:05 thomasnemer

My "busy" status on GitHub is for a reason :( Sorry for the delays

oleg-nenashev avatar May 29 '21 09:05 oleg-nenashev

I didn't see your busy status before! Hope you'll get well soon :) Take care of yourself.

thomasnemer avatar May 31 '21 12:05 thomasnemer

Hi @oleg-nenashev : I've read your story on tweeter, wish you luck and sending good vibes ;) to the topic: CasC export is not working for me :( Did you had by any chance some time to review this?

SamSpiri avatar Aug 24 '21 15:08 SamSpiri

Hi! It is on my list. Note that I have stepped down as a maintainer of this plugin. I'm currently looking for new maintainers, and I cannot provide enough time to this plugin as caretaker. Just best effort

oleg-nenashev avatar Aug 24 '21 16:08 oleg-nenashev

My apologies, it slipped my review queue

oleg-nenashev avatar Oct 19 '21 21:10 oleg-nenashev

Any progress on merging this? I am still experiencing this issue as of:

Jenkins version: 2.319
role-strategy: 3.2.0
configuration-as-code: 1.54

alexanderjohn avatar Nov 18 '21 18:11 alexanderjohn

Still on my list. Massive formatting changes make maintaining this PR complicated indeed

oleg-nenashev avatar Jan 08 '22 17:01 oleg-nenashev

The massive reformatting is due to a rebase needed after other commits pushed on master. Part of the plugin's code has 4 space indentation and part has 2 space indentation, this make linters hard to use. Since I need to rebase again, I'll try to reduce the reformatting to a minimum.

I've sent you an e-mail concerning this plugin's maintenance, if you have some time to read it :)

thomasnemer avatar Jan 10 '22 13:01 thomasnemer

With #236 this becomes obsolete

mawinter69 avatar Aug 18 '22 19:08 mawinter69