diff options
author | Adam Romanek <romanek.adam@gmail.com> | 2020-05-11 13:31:50 +0200 |
---|---|---|
committer | Adam Romanek <romanek.adam@gmail.com> | 2020-05-13 14:16:45 +0200 |
commit | 074985c7ff9360bb58be80ffab686746267f814f (patch) | |
tree | 750db91aeac4e3ad190ae40d745f2b45ef4d4668 | |
parent | dc36dca4791897521cc19203267656eb8d736183 (diff) | |
download | python-jenkins-job-builder-074985c7ff9360bb58be80ffab686746267f814f.tar.gz python-jenkins-job-builder-074985c7ff9360bb58be80ffab686746267f814f.tar.xz python-jenkins-job-builder-074985c7ff9360bb58be80ffab686746267f814f.zip |
Fix Authorization Matrix property support on jobs in a folder
Without the fix:
> 2020-05-11 10:56:12.238+0000 [id=29522] WARNING
> o.e.j.s.h.ContextHandler$Context#log: Error while serving http://localhost/job/someFolder/createItem
> java.lang.ClassCastException: com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty cannot be cast to hudson.model.JobProperty
It turns out com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty
should only be applied to Folders, not Jobs. The latter should use
hudson.security.AuthorizationMatrixProperty.
Task: 39760
Story: 2007666
Change-Id: I64907265b214fb1e489e1e657a30c90d6ee08c3f
3 files changed, 40 insertions, 7 deletions
diff --git a/jenkins_jobs/modules/properties.py b/jenkins_jobs/modules/properties.py index 5be64a0c..41db1c03 100644 --- a/jenkins_jobs/modules/properties.py +++ b/jenkins_jobs/modules/properties.py @@ -521,6 +521,9 @@ def authorization(registry, xml_parent, data): # get the folder name if it exists in_a_folder = data.pop("_use_folder_perms", None) if data else None + # check if it's a folder or a job + is_a_folder = data.pop("_is_a_folder", None) if data else False + credentials = "com.cloudbees.plugins.credentials.CredentialsProvider." ownership = "com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin." @@ -549,10 +552,11 @@ def authorization(registry, xml_parent, data): if data: if in_a_folder: - matrix = XML.SubElement( - xml_parent, - "com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty", - ) + if is_a_folder: + element_name = "com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty" + else: + element_name = "hudson.security.AuthorizationMatrixProperty" + matrix = XML.SubElement(xml_parent, element_name) XML.SubElement( matrix, "inheritanceStrategy", @@ -1266,13 +1270,14 @@ class Properties(jenkins_jobs.modules.base.Base): if next(iter(prop)) == "authorization": # Only projects are placed in folders if "project-type" in data: - if data["project-type"] == "folder": - prop["authorization"]["_use_folder_perms"] = True - elif data["project-type"] == "multibranch": + if data["project-type"] in ("folder", "multibranch"): prop["authorization"]["_use_folder_perms"] = True + prop["authorization"]["_is_a_folder"] = True else: prop["authorization"]["_use_folder_perms"] = "folder" in data + prop["authorization"]["_is_a_folder"] = False else: prop["authorization"]["_use_folder_perms"] = False + prop["authorization"]["_is_a_folder"] = False self.registry.dispatch("property", properties, prop) diff --git a/tests/yamlparser/fixtures/auth-jobs/project-in-folder-with-auth-properties.xml b/tests/yamlparser/fixtures/auth-jobs/project-in-folder-with-auth-properties.xml new file mode 100644 index 00000000..3669b217 --- /dev/null +++ b/tests/yamlparser/fixtures/auth-jobs/project-in-folder-with-auth-properties.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="utf-8"?> +<project> + <actions/> + <description><!-- Managed by Jenkins Job Builder --></description> + <keepDependencies>false</keepDependencies> + <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding> + <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding> + <concurrentBuild>false</concurrentBuild> + <canRoam>true</canRoam> + <properties> + <hudson.security.AuthorizationMatrixProperty> + <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"/> + <permission>hudson.model.Item.Build:auser</permission> + </hudson.security.AuthorizationMatrixProperty> + </properties> + <scm class="hudson.scm.NullSCM"/> + <builders/> + <publishers/> + <buildWrappers/> +</project> diff --git a/tests/yamlparser/fixtures/project-in-folder-with-auth-properties.yaml b/tests/yamlparser/fixtures/project-in-folder-with-auth-properties.yaml new file mode 100644 index 00000000..ab4dd532 --- /dev/null +++ b/tests/yamlparser/fixtures/project-in-folder-with-auth-properties.yaml @@ -0,0 +1,8 @@ +- job: + folder: auth-jobs + name: auth-job-test + project-type: freestyle + properties: + - authorization: + auser: + - job-build |