[JIRA] (JENKINS-60508) Nodes Patterns

[nahuel.cassinari@jamf.com (JIRA)]

Nahuel Cassinari created an issue

Jenkins / JENKINS-60508 Nodes Patterns Issue Type: Bug Assignee: Oleg Nenashev Attachments: Screenshot 2019-12-16 at 16.41.23.png, Screenshot 2019-12-16 at 16.41.43.png, Screenshot 2019-12-16 at 16.42.06.png, Screenshot 2019-12-16 at 16.42.13.png Components: authorize-project-plugin, role-strategy-plugin Created: 2019-12-16 15:52 Labels: plugin jenkins Priority: Minor Reporter: Nahuel Cassinari Hello, Im trying to restrict the nodes in jenkins but doesn't matters what i do, always shows me that the user has lack of permission. Jenkins v2.190.3 Role-based Authorization Strategy v2.15 Authorize Project v1.3.0   So for this example is: Acces Control: Role-Based Strategy  Access Control for Builds: Project default Build Authorization    - Strategy Run as anonymous (the idea is make it work with Run as the user who triggered the build)   Later, I have this configuration: A global role called general which just have view A Slave role which the pattern is "gradle-.* (I tested with gradle*, gradle.* and even with .*) Both roles assigned to anonymous   So when i run a pipeline with a dynamic agent in kubernetes shows me: Started by user XXXXXX Running as anonymous which is ok, after this, the agent is created, connected to jenkins but the job is waiting forever for the agent and if the agent is already connected shows: ‘anonymous’ lacks permission to run on ‘gradle-xxxxxx’   The only way to fix this is run as SYSTEM or add build privileges to "general" global role.   From jenkins logs, nothing relevant is showed up. Add Comment

This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)

[nahuel.cassinari@jamf.com (JIRA)]

Nahuel Cassinari commented on JENKINS-60508

Re: Nodes Patterns One important thing. The agent is created in kubernetes using the plugin. But i guess that in the end has not influence because jenkins see the pod in kubernetes as a physical node which is an agent.

Add Comment

[faucher.benp@gmail.com (JIRA)]

Ben Faucher updated an issue

Jenkins / JENKINS-60508 Nodes Patterns

Change By: Ben Faucher Priority: Minor Major

Add Comment

This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)

[faucher.benp@gmail.com (JIRA)]

Ben Faucher commented on JENKINS-60508

Re: Nodes Patterns I am also seeing this exact issue with a non-kubernetes deployment. Jenkins master is running out of a docker container on an Ubuntu host, agent is an Ubuntu VM permanently connected over SSH. Jenkins v2.222.1 (alpine docker image) Role-strategy v2.16 Authorize-project v1.3.0 Agent is named "foo" Create a user with global read-only access called "builder" In Security > Manage and Assign Roles > Mange roles, create a node role Name: "foo-access" Pattern: "foo" In Security > Manage and Assign Roles > Assign Roles, assign the role to "builder" Create a new pipeline job set to use agent "foo" Configure pipeline to run as user "builder" Run pipeline. Build stalls indefinitely with this error: 19:34:07 Started by user Ben Faucher 19:34:07 Running as builder 19:34:07 Running in Durability level: PERFORMANCE_OPTIMIZED 19:34:09 [Pipeline] Start of Pipeline 19:34:22 [Pipeline] node 19:34:37 Still waiting to schedule task 19:34:37 ‘builder’ lacks permission to run on ‘foo’; ‘build-1’ doesn’t have label ‘foo’

Add Comment