Add support for allowing anonymous ViewStatus permission by pascalw · Pull Request #29 · jenkinsci/github-oauth-plugin

pascalw · 2014-08-31T21:54:23Z

This PR adds support for allowing anonymous ViewStatus permissions.

This is especially useful to work with plugins that require these permissions, for example for the Embeddable Build Status Plugin that requires this permission if you want badges to be reachable for anonymous users.

Fixes JENKINS-24010.

cloudbees-pull-request-builder · 2014-08-31T21:56:15Z

plugins » github-oauth-plugin #59 SUCCESS
This pull request looks good

jenkinsadmin · 2014-09-01T00:01:34Z

Thank you for a pull request! Please check this document for how the Jenkins project handles pull requests

jglick · 2014-09-01T21:38:47Z

Is this intended to be the continuation of #8?

jglick · 2014-09-01T21:39:14Z

(And also see jenkinsci/embeddable-build-status-plugin#4.)

pascalw · 2014-09-02T04:05:33Z

@jglick yes it is. With this PR applied you can embed status badges in Github README's etc without granting any other access to anonymous users.

Currently with this plugin you can only give the READ permission to anonymous users but that opens up a lot of information to see for anonymous users.

jyjohnson · 2014-10-01T14:26:02Z

Hi folks. Will this be merged into the master any time soon?

Thanks!

pascalw · 2014-10-02T06:27:39Z

Would like to know this as well.

@jyjohnson if you really needs this functionality but can live without using the Github Commiter Authorization Strategy you could instead use the Project-based Matrix Authorization Strategy in combination with the Github Authentication Plugin Security Realm.
This allows you to grant the ViewStatus permission to anonymous and define other permissions per Github user and organisation.
It doesn't give you the ease of automatically having CI access arranged by how you've setup Github repository access, but I've found it to be much more flexible and it's not as much of a pain if you don't have too many different users and repos.

njam · 2015-01-18T13:04:58Z

+1

czalidis · 2015-01-27T05:14:01Z

+1

wavded · 2015-01-28T16:23:43Z

FWIW, I've dropped this and went to Project Matrix Security instead and have been much happier overall.

pascalw · 2015-01-28T19:31:58Z

@wavded agreed that using the matrix security is much more powerful. Perhaps this PR can be replaced by a doc patch that documents that workflow.

njam · 2015-02-03T13:48:32Z

I can confirm the "matrix security" works well!

My config.xml contains:

  <authorizationStrategy class="hudson.security.GlobalMatrixAuthorizationStrategy">
    <permission>hudson.model.Item.ViewStatus:anonymous</permission>
    <permission>hudson.model.Item.Read:[GITHUB-ORG-FOR-READ-ACCESS]</permission>
    <permission>hudson.model.Hudson.Read:[GITHUB-ORG-FOR-READ-ACCESS]</permission>
    <permission>hudson.model.Hudson.Administer:[GITHUB-USER-FOR-ADMIN-ACCESS]</permission>
  </authorizationStrategy>

samrocketman · 2015-07-06T02:09:26Z

When merging this into master it would not compile. Here's version information from my environment.

^_^[sam@blaster:~/git/github/github-oauth-plugin]$ mvn --version
Apache Maven 3.2.5 (12a6b3acb947671f09b81f49094c53f426d8cea1; 2014-12-14T12:29:23-05:00)
Maven home: /home/sam/src/maven/apache-maven-3.2.5
Java version: 1.6.0_45, vendor: Sun Microsystems Inc.
Java home: /home/sam/src/java/jdk1.6.0_45/jre
Default locale: en_US, platform encoding: UTF-8
OS name: "linux", version: "3.13.0-55-generic", arch: "amd64", family: "unix"
^_^[sam@blaster:~/git/github/github-oauth-plugin]$ java -version
java version "1.6.0_45"
Java(TM) SE Runtime Environment (build 1.6.0_45-b06)
Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode)
^_^[sam@blaster:~/git/github/github-oauth-plugin]$ head -n1 /etc/issue
Ubuntu 14.04.2 LTS \n \l

Here's the error I see. I ran mvn test.

[INFO] Scanning for projects...
[WARNING] The POM for org.jenkins-ci.tools:maven-hpi-plugin:jar:1.93 is missing, no dependency information available
[WARNING] Failed to build parent project for org.jenkins-ci.plugins:github-oauth:hpi:0.21-SNAPSHOT
[WARNING] 
[WARNING] Some problems were encountered while building the effective model for org.jenkins-ci.plugins:github-oauth:hpi:0.21-SNAPSHOT
[WARNING] 'parent.relativePath' points at org.jenkins-ci.plugins:slack instead of org.jenkins-ci.plugins:plugin, please verify your project structure @ line 4, column 13
[WARNING] 
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING] 
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING] 
[INFO]                                                                         
[INFO] ------------------------------------------------------------------------
[INFO] Building Github Authentication plugin 0.21-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO] 
[INFO] --- maven-hpi-plugin:1.109:validate (default-validate) @ github-oauth ---
[INFO] 
[INFO] --- maven-enforcer-plugin:1.0.1:enforce (enforce-maven) @ github-oauth ---
[INFO] 
[INFO] --- maven-enforcer-plugin:1.0.1:display-info (display-info) @ github-oauth ---
[INFO] Maven Version: 3.2.5
[INFO] JDK Version: 1.6.0_45 normalized as: 1.6.0-45
[INFO] OS Info: Arch: amd64 Family: unix Name: linux Version: 3.13.0-55-generic
[INFO] 
[INFO] --- maven-localizer-plugin:1.14:generate (default) @ github-oauth ---
[INFO] 
[INFO] --- maven-resources-plugin:2.5:resources (default-resources) @ github-oauth ---
[debug] execute contextualize
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.5:compile (default-compile) @ github-oauth ---
[INFO] Compiling 9 source files to /home/sam/git/github/github-oauth-plugin/target/classes
[INFO] 
[INFO] --- access-modifier-checker:1.7:enforce (default-enforce) @ github-oauth ---
[INFO] 
[INFO] --- maven-hpi-plugin:1.109:insert-test (default-insert-test) @ github-oauth ---
[INFO] 
[INFO] --- gmaven-plugin:1.3:generateTestStubs (test-in-groovy) @ github-oauth ---
[INFO] No sources found for Java stub generation
[INFO] 
[INFO] --- maven-resources-plugin:2.5:testResources (default-testResources) @ github-oauth ---
[debug] execute contextualize
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /home/sam/git/github/github-oauth-plugin/src/test/resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.5:testCompile (default-testCompile) @ github-oauth ---
[INFO] Compiling 3 source files to /home/sam/git/github/github-oauth-plugin/target/test-classes
[INFO] -------------------------------------------------------------
[ERROR] COMPILATION ERROR : 
[INFO] -------------------------------------------------------------
[ERROR] /home/sam/git/github/github-oauth-plugin/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java:[258,53] cannot find symbol
symbol  : constructor GithubRequireOrganizationMembershipACL(java.lang.String,java.lang.String,boolean,boolean,boolean,boolean,boolean,boolean)
location: class org.jenkinsci.plugins.GithubRequireOrganizationMembershipACL
[INFO] 1 error
[INFO] -------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 7.344 s
[INFO] Finished at: 2015-07-05T22:06:00-04:00
[INFO] Final Memory: 34M/251M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:2.5:testCompile (default-testCompile) on project github-oauth: Compilation failure
[ERROR] /home/sam/git/github/github-oauth-plugin/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java:[258,53] cannot find symbol
[ERROR] symbol  : constructor GithubRequireOrganizationMembershipACL(java.lang.String,java.lang.String,boolean,boolean,boolean,boolean,boolean,boolean)
[ERROR] location: class org.jenkinsci.plugins.GithubRequireOrganizationMembershipACL
[ERROR] -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException

I don't feel comfortable merging this unless I can get it to build and pass mvn test.

samrocketman · 2015-07-12T01:42:23Z

@pascalw can you please update this pull request? Rebase it on the current master as well as ensure no unit tests are failing.

pascalw · 2015-07-12T07:17:54Z

@samrocketman I'll try to have a look at it this week.

This is especially useful to work with plugins that require these permissions, for example for the [Embeddable Build Status Plugin](https://wiki.jenkins-ci.org/display/JENKINS/Embeddable+Build+Status+Plugin) that requires this permission if you want badges to be reachable for anonymous users.

pascalw · 2015-07-12T10:09:55Z

@samrocketman I rebased against master, tests are green.

ViewStatus permission

samrocketman · 2015-07-12T16:01:54Z

I successfully tested it.

samrocketman · 2015-07-12T16:08:32Z

I have created a new minor release 0.21.1 which contains only this fix. It should be available in the Jenkins update center typically within 8-9 hours.

ericduran mentioned this pull request Nov 28, 2014

Add embeddable-build-status-plugin support #31

Closed

pascalw force-pushed the feature-viewstatus-permission-for-anonymous-users branch 2 times, most recently from 716ad3f to 0913867 Compare July 12, 2015 10:07

samrocketman merged commit 0913867 into jenkinsci:master Jul 12, 2015

samrocketman added a commit that referenced this pull request Jul 12, 2015

Merge PR #29 Add support for allowing anonymous

218a6ff

ViewStatus permission

Uh oh!

Conversation

pascalw commented Aug 31, 2014

Uh oh!

cloudbees-pull-request-builder commented Aug 31, 2014

Uh oh!

jenkinsadmin commented Sep 1, 2014

Uh oh!

jglick commented Sep 1, 2014

Uh oh!

jglick commented Sep 1, 2014

Uh oh!

pascalw commented Sep 2, 2014

Uh oh!

jyjohnson commented Oct 1, 2014

Uh oh!

pascalw commented Oct 2, 2014

Uh oh!

njam commented Jan 18, 2015

Uh oh!

czalidis commented Jan 27, 2015

Uh oh!

wavded commented Jan 28, 2015

Uh oh!

pascalw commented Jan 28, 2015

Uh oh!

njam commented Feb 3, 2015

Uh oh!

samrocketman commented Jul 6, 2015

Uh oh!

samrocketman commented Jul 12, 2015

Uh oh!

pascalw commented Jul 12, 2015

Uh oh!

pascalw commented Jul 12, 2015

Uh oh!

samrocketman commented Jul 12, 2015

Uh oh!

samrocketman commented Jul 12, 2015

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

9 participants