[FOLIO-885] Change Jenkins Security Realm to support GitHub authentication Created: 06/Oct/17  Updated: 12/Nov/18  Resolved: 30/Nov/17

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Task Priority: P3
Reporter: John Malconian Assignee: John Malconian
Resolution: Done Votes: 0
Labels: ci, sprint24, sprint25, sprint26, sprint27
Remaining Estimate: Not Specified
Time Spent: 7 hours
Original estimate: Not Specified

Sprint:

 Description   

Rather than relying on local Jenkins database for authentication, configure support for authentication via GitHub OAUTH and configure project-based matrix authorization accordingly. This will make it easily for developers to run jobs in Jenkins without having to manage a separate set of credentials.



 Comments   
Comment by John Malconian [ 29/Nov/17 ]

I've changed the FOLIO security realm to use GitHub OAUTH authentication instead of maintaining a local user database in Jenkins. This should simplify user management in Jenkins as well as access to job configuration, running builds, and so forth. Authentication is based on the "Github Committer Authorization Strategy" which essentially means access to a job is dictated by your level of access to the GitHub repository in folio-org. Hopefully this simplifies things and doesn't create additional problems.

Comment by John Malconian [ 29/Nov/17 ]

Looks like there are some issues with this authorization strategy. As an authenticated non-admin user I am able to:

  • Configure and run jobs that I shouldn't have access to.
  • Not able to access the Github folio-org folder at all (works for anonymous users).
Comment by John Malconian [ 30/Nov/17 ]

Switched to role-based authentication and tested various permissions using a test user. Everything seems to be in order. Closing.

Generated at Thu Feb 08 23:09:02 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.