[JENKINS-56229] Use the correct access token when impersonating a user#109
Conversation
The token retrieved will be for the caller of the user.impersonate() method (ie, could be SYSTEM), rather than that of the target of the impersonation.
Wadeck
left a comment
There was a problem hiding this comment.
This PR seems to correct a bug that was not discovered before due to lack of impersonation called on GH-oauth I imagine.
@samrocketman Could you please run your usual tests and determine if this PR is breaking expected behavior?
Thank you in advance
Co-Authored-By: agentgonzo <sarch@cloudbees.com>
|
@samrocketman are you still maintaining this plugin? |
|
@samrocketman Is there anything we can do to help here? It is still showing you as the maintainer so I wanted to check if this could be approved and merged |
|
Hello, I’ve been away a few months due to a cross country move. I’m getting back into the open source groove. I will be testing this change this week. |
|
@samrocketman welcome back 🚢 |
This octomerge simplifies merging multiple pull requests. They've all been tested in conjunction and don't cause any upgrade issues.
|
This has been released in github-oauth 0.32 |
|
Thanks @samrocketman !!! |
|
Thanks for the fix. I verified it worked by using a freestyle job and impersonating to a user with a system groovy script. import jenkins.model.Jenkins
Jenkins.instance.as(User.get('samrocketman')).with { ctx ->
try {
// access Jenkins job only user has access
} finally {
ctx.close()
}
}Before the fix it would throw an error that anonymous does not have read permissions. After, behaves as expected. |
That was what we saw too |
|
@agentgonzo mind taking a look at https://issues.jenkins-ci.org/browse/JENKINS-57154 ? |
|
@Wadeck @agentgonzo |
|
Reverting this change seems to fix things locally on my test machine. Impersonation is still broken without it, though. |
The token retrieved will be for the caller of the user.impersonate()
method (ie, could be SYSTEM), rather than that of the target of the
impersonation.
@reviewbybees