[JIRA] (JENKINS-58096) Authorize Project plugin not working for pipeline

0 views
Skip to first unread message

michael.marcucilli@hpspartners.com (JIRA)

unread,
Jun 19, 2019, 10:21:02 AM6/19/19
to jenkinsc...@googlegroups.com
Mike Marcucilli created an issue
 
Jenkins / Bug JENKINS-58096
Authorize Project plugin not working for pipeline
Issue Type: Bug Bug
Assignee: Unassigned
Components: authorize-project-plugin
Created: 2019-06-19 14:20
Environment: Windows Server 2012 R2
Priority: Major Major
Reporter: Mike Marcucilli

When I run a pipeline build with the Authorization set to either "Run as User who Triggered Build" or "Run as Specific User", the commands still execute as the account my Jenkins service is running as (hps\svcBuildAdmin).  The below script demonstrates the problem

pipeline {    
   agent any    
   stages {     
      stage ('Check User') {            
         steps {     
            bat "whoami"            
         }     
      }    
   }
}

Output:

Started by user Michael Marcucilli
Running as Michael Marcucilli
Running in Durability level: MAX_SURVIVABILITY
[Pipeline] Start of Pipeline
[Pipeline] node
Running on Jenkins in C:\Program Files (x86)\Jenkins\workspace\ApplicationADSyncer-Deploy
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Check User)
[Pipeline] bat

C:\Program Files (x86)\Jenkins\workspace\ApplicationADSyncer-Deploy>whoami
hps\svcbuildadmin
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS

I classified this as "Major" because to me this is a severe loss of function, i.e. the core function of the plugin does not appear to be working.  

 

 

 
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

dbeck@cloudbees.com (JIRA)

unread,
Aug 2, 2019, 5:44:03 AM8/2/19
to jenkinsc...@googlegroups.com
Daniel Beck closed an issue as Not A Defect
 

This isn't how this works.

Authorize Project changes the virtual user identity of the build running inside Jenkins, which controls the actions the build can take inside Jenkins (such as triggering other builds).

It does not magically cause processes to su to a different user that may not even exist in the OS.
Change By: Daniel Beck
Status: Open Closed
Resolution: Not A Defect

dbeck@cloudbees.com (JIRA)

unread,
Aug 2, 2019, 5:46:02 AM8/2/19
to jenkinsc...@googlegroups.com
Daniel Beck commented on Bug JENKINS-58096
 
Re: Authorize Project plugin not working for pipeline

The same way you could complain (even without the plugin) that the user name in the shell is svcbuildadmin and not Michael Marcucilli.

Note that Jenkins's SYSTEM user has nothing to do with Windows's SYSTEM (or LocalSystem now?) user.
Reply all
Reply to author
Forward
0 new messages