-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for fine-grained access control #514
Add support for fine-grained access control #514
Conversation
Signed-off-by: Sayali Gaikawad <gaiksaya@amazon.com>
], | ||
}, | ||
}, | ||
}; | ||
|
||
jenkinsYaml.jenkins.authorizationStrategy = rolesAndPermissions; | ||
|
||
if (typeof fineGrainedAccessItems !== 'undefined') { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does !== undefined
better than === true
or similar?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Both have different purpose. One checks if value is undefined and other one checks if value is truly assigned to the variable.
@@ -452,7 +453,8 @@ export class JenkinsMainNode { | |||
agentNodeObject: AgentNodeConfig, props: AgentNodeNetworkProps, agentNode: AgentNodeProps[], macAgent: string): string { | |||
let updatedConfig = agentNodeObject.addAgentConfigToJenkinsYaml(stack, agentNode, props, macAgent); | |||
if (loginAuthProps.authType !== 'default') { | |||
updatedConfig = AuthConfig.addOidcConfigToJenkinsYaml(updatedConfig, loginAuthProps.authType, loginAuthProps.adminUsers); | |||
updatedConfig = AuthConfig.addOidcConfigToJenkinsYaml(updatedConfig, loginAuthProps.authType, | |||
loginAuthProps.adminUsers, loginAuthProps.fineGrainedAccessSpecs); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will admins have all the permissions defined in above?
And what about read only users?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Admin users will have admin permissions. Same applies for readonly users. The roles are divided into 2 types. global and items at jenkins level. Admin and readonly falls under global
and fineGrainedAccess falls under items
category.
Can you please explain if I want to add a new user and give them build acess to a particular job, how would I achieve that? |
Like this https://github.com/opensearch-project/opensearch-ci/pull/514/files#diff-26e449f9955e460d5aabdf24a751a58d9aaace1a73226f143618601a18d0af32R52-R57 |
Asking @rishabh6788 to do another pass before merging. Thanks! |
Description
This change adds support for fine grained access control. Access can now be controlled at workflow levels per user.
Also fixes the test cases where earlier an already committed Yaml was being parsed. However, we need to actually parse the YAML object.
Deletes the unused test data.
Issues Resolved
#507
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.