Get list of users who has access to a project role

[LnT]

Hi -

requirement came up from the audit team , fetch list of users having access to production environment Jenkins jobs.

Our Jenkins setup has predefined project roles  and able to see the list of users who has access to different environments. since the list of users are dynamic and audit is required monthly. Instead fetching the user information manually looking at Jenkins ,wish to write an automation script .

Tried to access api url  http://<<MyJenkinsURL>>/role-strategy/api/

Giving 404 Error. Does this mean , jenkins not provided API for urer roles?

Input is required, the best way to get this information - in writing the script.

Precisely ,

List of Project Roles are

PRD-JOB-READ

PRD-JOB-RUN

PRD-JOB-ADMIN

Need to fetch the list of users who has access PRD-JOB-RUN. Could you show somelight

Regards,

LnT

[Victor Martinez]

Might https://github.com/jenkinsci/jenkins-scripts/blob/master/scriptler/export-role-strategy-permissions-to-csv.groovy provide those details?

Cheers

[gotvi...@gmail.com]

@Victor - Excuse me here.  I'm kind of new to this stuff.  Could you please brief on how to use this groovy script?

[Victor Martinez]

I have not executed that particular groovy script at all, but based on the description and name I guess that's something you could use.

How to use the groovy script?

• https://wiki.jenkins.io/display/JENKINS/Scriptler+Plugin

That's one way to gather those details.

Besides that, I just went through the role-strategy api and found https://wiki.jenkins.io/display/JENKINS/Role+Strategy+Plugin#RoleStrategyPlugin-Version2.9.0(Aug27,2018) , I guess, that particular API url might work for your use case, although I have not tried it

Cheers

[LnT]

Thanks to All,

I found workaround. Written python script, takes input of <Jenkins-home>/config.xml , parse and get the users. Hope this will help someone like me.

from xml.dom import minidom

xmldoc = minidom.parse('config.xml')

roleList = xmldoc.getElementsByTagName('role')

for role in roleList:

    roleName = role.attributes['name'].value

if roleName == "prj_user_prd":

    print "roleName:",roleName

    userList = role.getElementsByTagName("assignedSIDs")[0].getElementsByTagName("sid")

    break

for user in userList:

    print user.firstChild.nodeValue

[Jose Diaz]

This worked for me on python 3:

from xml.dom import minidom


xmldoc = minidom.parse('config.xml')

roleList = xmldoc.getElementsByTagName('role')

for role in roleList:
    roleName = role.attributes['name'].

value
    print("Role:" + roleName)

    userList = role.getElementsByTagName("assignedSIDs")[0].getElementsByTagName("sid")

    for user in userList:
        print(user.firstChild.nodeValue)
    print()