| Hi, we were able to locate what's happening, seems that efectively there's a bug introduced in latests LTS / role-strategy-plugin versions:
- The user id we were using on our API calls was "INETIC" (uppercased, as it is how it is set up on the active directory); this could be seen while debugging curl's request headers: "* Server auth using Basic with user 'INETIC'".
- Response headers told something a bit different, though: "< X-You-Are-Authenticated-As: inetic" (note user id is lowercased here).
- The "Manage Roles" screen assigns roles to INETIC no matter how you introduce the ID. Most probably, the user id is being fetched from the AD, which makes sense.
- From within the API call, being authenticated as inetic, there are no roles assigned to it, as they are assigned to INETIC. Seems that this lowercasing wasn't happening before.
- We've changed the API user (with its associated token) to another with a lowercased user id and our problems are gone.
This wasn't happening on our previous Jenkins instance (2.204.2 LTS with role-strategy-plugin 2.14, IIRC). The issue seems to happen with newer Jenkins LTS instances + role-strategy plugin 2.15 and 2.16, don't know specifically where the bug / regression is lying.. |
