[OpenStack-Infra] JJB's use of inspect plugin info requires administrator permissions

Thanh Ha thanh.ha at linuxfoundation.org
Tue Jun 7 19:34:00 UTC 2016


Hi Everyone,

I've been meaning to bring this up for awhile. It seems some plugins are
getting a bit smarter and using the "parser.registry.get_plugin_info"
command to parse plugin versions to figure out what version of a plugin is
installed in Jenkins.

Unfortunately it's come to our attention that this feature in Jenkins
requires the Administrator permission which can be problematic if you have
an environment where you prefer not to give this permission out. I think
the ideal solution is to build into Jenkins a separate permission for
viewing plugin information. I'll try contacting Jenkins devs to see if this
is something they can do inside Jenkins.

Failing that maybe we can somehow make the plugin info optional in JJB? any
thoughts around this topic?

One of our use cases with this is that we have a sandbox instance of
Jenkins deployed for our community to test jobs with however for obvious
reasons we cannot give folks administrator access to this instance but
unfortunately if someone is trying to use a plugin (such as the Slack
plugin) that needs to inspect plugin versions jjb fails to push the job.

Regards,
Thanh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-infra/attachments/20160607/c564c38f/attachment.html>


More information about the OpenStack-Infra mailing list