User.CanonicalIdResolver Questions

[Gavin]

Hey,

I'm working on writing a new plugin to hook up jenkins to our internal company authentication system. I've gotten the Security Realm working, but I'm curious how exactly the User.CanonicalIdResolver stuff works.

I'm trying to support mapping new users created by the git plugin to our internal setup.

So looking at 

https://github.com/jenkinsci/git-plugin/blob/cb6f13a3e3158332f76a45e853b3766fe83d5828/src/main/java/hudson/plugins/git/GitChangeSet.java#L254

I figure if I enable creating accounts based on email, then User.CanonicalIdResolver's resolveCanonicalId method will pass in an email or my normal username. Then I can do a lookup if the idOrFullName contains a @ symbol (or a regex or something). 

Is that the right use of this function? Will that prevent the creation of the user...@domain.com accounts?

Gavin

[nicolas de loof]

This extension point indeed is designed to let you retrieve existing jenkins user from SCM events and not create duplicates. 

https://wiki.jenkins-ci.org/display/JENKINS/Additional+Identities+Plugin let you manually set such SCM identity to existing jenkins users, but if you have some alternate algorithm to resolve them from email that's a better option.

see https://issues.jenkins-ci.org/browse/JENKINS-10258

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/ebbf1b0c-f371-4011-9a10-f0e9aaa7213b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Gavin]

Awesome. Those are essentially how I found out about the extension point in the first place.

Is there any indication on what context might provide?

Gavin

[nicolas de loof]

context was design to help you resolve the user identity from another source, for sample user claim to be "john" from svn repository "svn://foo.bar" so you resolve him as "John Doe" on jenkins user database.

.... but this info is actually harder than expected to extract from SCM, so probably always empty :'(

--

You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/b45b758b-9810-4093-bfed-717a188c8f82%40googlegroups.com.

[Gavin]

So I've noticed that the "system" (ex: User.unknown()) accounts get passed through the resolver as well.

Right now I've added a chunk of code that ignores the system accounts using raw strings.

        if ("system".equals(id) || "unknown".equals(id) || "anonymous".equals(id) || "authenticated".equals(id)) {

            return idOrFullName; // skip all known system accounts

        }

I have done a very very quick search and haven't found any constants or anything else that would make that code better. Since this code is internal its really not a big deal, but I'm curious if anything exists.

Gavin