[FOLIO-885] Change Jenkins Security Realm to support GitHub authentication Created: 06/Oct/17 Updated: 12/Nov/18 Resolved: 30/Nov/17 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Task | Priority: | P3 |
| Reporter: | John Malconian | Assignee: | John Malconian |
| Resolution: | Done | Votes: | 0 |
| Labels: | ci, sprint24, sprint25, sprint26, sprint27 | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | 7 hours | ||
| Original estimate: | Not Specified | ||
| Sprint: |
| Description |
|
Rather than relying on local Jenkins database for authentication, configure support for authentication via GitHub OAUTH and configure project-based matrix authorization accordingly. This will make it easily for developers to run jobs in Jenkins without having to manage a separate set of credentials. |
| Comments |
| Comment by John Malconian [ 29/Nov/17 ] |
|
I've changed the FOLIO security realm to use GitHub OAUTH authentication instead of maintaining a local user database in Jenkins. This should simplify user management in Jenkins as well as access to job configuration, running builds, and so forth. Authentication is based on the "Github Committer Authorization Strategy" which essentially means access to a job is dictated by your level of access to the GitHub repository in folio-org. Hopefully this simplifies things and doesn't create additional problems. |
| Comment by John Malconian [ 29/Nov/17 ] |
|
Looks like there are some issues with this authorization strategy. As an authenticated non-admin user I am able to:
|
| Comment by John Malconian [ 30/Nov/17 ] |
|
Switched to role-based authentication and tested various permissions using a test user. Everything seems to be in order. Closing. |