Implement JENKINS-28010 Use Google Apps group for Authorization #18
Conversation
juulderuysscher
force-pushed
the
feature/gsuite-groups
branch
from
8c2cdbc
to
139a00f
Compare
|
Hey. Any news here? Do you have any date when this feature will be released? It will be really useful. |
|
Any news here? |
|
Given that #17 remains unmerged I am guessing this plugin is abandoned. (@Vlatombe + @recampbell listed as having push permission) |
| @@ -326,5 +421,20 @@ public FormValidation doCheckApiSecret(@QueryParameter String clientId, @QueryPa | |||
| } | |||
| */ | |||
|
|
|||
| @RequirePOST | |||
| public ListBoxModel doFillGsuiteServiceAccountCredentialsIdItems(@QueryParameter String serverUrl) { | |||
| Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER); | |||
There was a problem hiding this comment.
I think this is incorrect.
if the user does not have admin (system read) then they should get a postbox with the current credential?
There was a problem hiding this comment.
There was a problem hiding this comment.
If they do not have admin they should not be configuring the security realm to begin with. I see nothing amiss here.
There was a problem hiding this comment.
SYSTEM_READ allows rendering this but not configuring - and if the listbox does not contain the current credential it will be rednered incorrectly IIRC.
https://github.com/jenkinsci/credentials-plugin/blob/master/docs/consumer.adoc#providing-a-ui-form-element-to-let-a-user-select-credentials the first doFillXZ annotated example
There was a problem hiding this comment.
If the plugin is using a new core dep, yes. Currently using an obsolete parent POM which does not even declare jenkins.version, so something old.
|
|
||
| do { | ||
| Groups groupsResult = googleAdminDirectoryService.groups().list() | ||
| .setUserKey(email) |
There was a problem hiding this comment.
Shouldn't pageToken be used in this request?
There was a problem hiding this comment.
Indeed .setPageToken(pageToken) should be used here. When the user has 200+ groups it will fail badly now.
|
Then the feature will release? |
|
ping |
|
|
|
Ping!! |
|
this is why cloudbees / jenkins is dying. |
|
I switched to github login instead, it works with github team perfectly. |
|
Ping! |
|
Please do not add ping-type comments to issues. https://www.jenkins.io/doc/developer/plugin-governance/adopt-a-plugin/ if you want to do something about it. |
|
@jglick Obviously you're right, obnoxious behaviour from people who don't understand nor care how open source works, nor do they care about everyone getting pinged every time they feel they have to add their useless comment when a thumbs-up on the original would presumably have done (I hope so anyway). However, there is actually some code here, and nothing is happening. The link you sent includes the following:
This plugin is already hosted within the jenkinsci GitHub organization. So now what? How do we even know who the maintainers are? What can the community expect from plugins hosted in the jenkinsci org? |
|
There is a precident here. It's not exactly fair to say "hey stop pinging"
when the submitter and community is actually waiting for someone to ack
this request.
I for one would love to see this approved as I don't have to have custom
code everywhere when this one plugin could actually deal with it.
…On Sat, 30 Oct 2021, 12:08 Antony Gelberg, ***@***.***> wrote:
@jglick <https://github.com/jglick> Obviously you're right, obnoxious
behaviour from people who don't understand nor care how open source works,
nor do they care about everyone getting pinged every time they feel they
have to add their useless comment when a thumbs-up on the original would
presumably have done (I hope so anyway).
However, there is actually some code here, and nothing is happening. The
link you sent includes the following:
Adopting abandoned plugins. Sometimes plugin maintainers move on without
marking plugins for adoption, due to various reasons. In such case we can
transfer ownership for plugins being hosted within the jenkinsci GitHub
organization. Such transfer may take a while.
This plugin is already hosted within the jenkinsci GitHub organization. So
now what? How do we even know who the maintainers are? What can the
community expect from plugins hosted in the jenkinsci org?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#18 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACN2BMW52WSBAYGAKJHTGKLUJPN5XANCNFSM4KDZAZXQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
|
|
I think the point is that the useless comments are not the way to make progress. |
You can look it up: https://github.com/jenkins-infra/repository-permissions-updater/blob/ba97350a9a74756f5e5f23780b40f146d1952647/permissions/plugin-google-login.yml#L8-L10 and if you want something shipped but a maintainer is not responsive, the page on jenkins.io documents how to propose taking over maintainership of the plugin (either with immediate approval from the old maintainer, or failing that, a two-week grace period IIRC). In this case there actually is a maintainer review (#18 (comment)) which was never addressed. So if you care to move things along, best to file a subsuming PR which addresses any open review issues, or explain why they are misplaced. |
|
Thanks @jglick , for me at least the comment got lost in the noise. @juulderuysscher Are you willing and able to address the comment? @Vlatombe I see you're active with the thumbs up, can you maybe elaborate on the comment for those of us who are new to Jenkins dev but would be happy to help out? Is the idea that there may be a lot of groups hence pagination is necessary? |
Yes exactly. Unfortunately I don't have a setup with google that would allow me to validate this change, but as it is, it is clear that pagination wouldn't work so the change isn't correct. |
|
@Vlatombe Thanks! I'll see if we can take a look at that code and polish it, although we are new to Jenkins dev. For the avoidance of doubt, you're active and consider the plugin maintained? |
Currently I don't have time to validate and test an improvement to this PR myself. pageToken should be fixed before merging this indeed. Regarding the remarks on the Jenkins specific config at the time when I needed this it worked for me. However not sure how this can be improved? I'm not familiar with Jenkins internal APIs. |
|
Scrap that, it works! |
|
any chance to get it merged? |
|
@ArtemChekunov When I said "it works", I meant that I got the local Jenkins dev environment up and running. Sadly I haven't gotten further than that. Perhaps in coming weeks we may have time, but don't wait for me... |
|
|
I created an enhancement which makes it possible to fetch the Google Groups for an user via the Google Admin SDK.
https://developers.google.com/admin-sdk/directory/v1/reference/groups/list
https://issues.jenkins-ci.org/browse/JENKINS-28010