-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nicer JCasC syntax for defining permissions #145
Nicer JCasC syntax for defining permissions #145
Conversation
...st/resources/org/jenkinsci/plugins/matrixauth/integrations/casc/configuration-as-code-v3.yml
Outdated
Show resolved
Hide resolved
@timja Just in case, any thoughts about this? |
It looks good to me, just some tests to sort out by the looks of it? (a bunch of commented unit tests) |
...org/jenkinsci/plugins/matrixauth/integrations/casc/ExportTest/ExportTest-exportTest-node.yml
Outdated
Show resolved
Hide resolved
assertEquals( | ||
toStringFromYamlFile( | ||
this, | ||
"/org/jenkinsci/plugins/matrixauth/integrations/casc/ExportTest/ExportTest-exportTestLegacy-global.yml"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the classpath entry should be relative, I would have thought ExportTest-exportTestLegacy-global.yml
would work but this stuff can be a real pain sometimes and very hard to debug
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wanted these files in the folder corresponding to the class, not in the folder for the package. (Kinda redundant with the file name now though 🤔 )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ExportTest/exportTestLegacy-global.yml
would work then I think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Huh. Never tried that. Javadoc indicates this could work.
Hi, I saw the breaking-change warning in the 3.2 release notes. jenkins:
authorizationStrategy:
azureAdMatrix:
permissions:
- "USER:Overall/Administer:My Account (356726a4-2127-4e27-a763-483511f9aee1)" I think JCasC for node permissions might even break completely until azure-ad-plugin is updated, as OpenShift Login also depends on matrix-auth but I don't know what kind of JCasC structure it uses or what methods it calls. |
FWIW I've attempted to maintain backward compatibility with older versions of the JCasC syntax (the YAML part, not the Job DSL Groovy part) and it should work with those older configs, but I still recommend caution when updating. The Job DSL and Pipeline syntaxes aren't as configurable and those are fully incompatible.
With regards to |
I see; then the referenced classes of matrix-auth will need to be essentially forked into azure-ad so that it doesn't rely on private APIs. |
@daniel-beck Do you happen to know if any other plugins, in particular (What's that "law" that anything will become depended upon by someone 😓.) |
@PiersRBME, there is no "SuppressRestrictedWarnings" in the https://github.com/jenkinsci/oic-auth-plugin/ and https://github.com/jenkinsci/saml-plugin/ repositories, not even in history. |
@PiersRBME They don't show up on https://plugins.jenkins.io/matrix-auth/dependencies/ as dependants, so do not use any APIs of this plugin, except of those defined in core. Looks to me like y'all need staging environments 😉 |
(in progress for AzureAD) |
Yeah, have non-prod envs and was able to check and update the CASC format - it is clearer. But, yeah backwards compat is hard. Someone somewhere will come to rely on everything, private or not. To an outsider a change in one plugin that breaks another is an irritation (at best) -- that the dev of one doesn't care about breaking the other at all is not much comfort, whatever the reason! |
Not done yet but I've opened a draft PR: jenkinsci/azure-ad-plugin#460 |
Alternative to #111 with (IMO) nicer structure.
Complements #144 (which is for Job DSL / Pipeline).
Feedback welcome.