search

jenkinsci / azure-ad-plugin

Authentication and Authorization with Azure AD
https://plugins.jenkins.io/azure-ad/
MIT License
29 stars 59 forks source link

Several bugs with initial node setup #278

Closed meiswjn closed 1 year ago

meiswjn commented 2 years ago

Jenkins and plugins versions report

Environment ```text Jenkins: 2.332.4 OS: Linux - 4.18.0-372.9.1.el8.x86_64 --- Office-365-Connector:4.16.1 ace-editor:1.1 analysis-model-api:10.12.0 ansicolor:1.0.1 ant:475.vf34069fef73c antisamy-markup-formatter:2.7 apache-httpcomponents-client-4-api:4.5.13-1.0 artifactory:3.16.2 audit-trail:3.10 authentication-tokens:1.4 azure-ad:195.v8555a0bf0d22 azure-credentials:216.ve0b_4a_485ffc2 azure-sdk:118.v43f74dd9ca_dc basic-branch-build-strategies:1.3.2 blueocean:1.25.5 blueocean-autofavorite:1.2.5 blueocean-bitbucket-pipeline:1.25.5 blueocean-commons:1.25.5 blueocean-config:1.25.5 blueocean-core-js:1.25.5 blueocean-dashboard:1.25.5 blueocean-display-url:2.4.1 blueocean-events:1.25.5 blueocean-git-pipeline:1.25.5 blueocean-github-pipeline:1.25.5 blueocean-i18n:1.25.5 blueocean-jwt:1.25.5 blueocean-personalization:1.25.5 blueocean-pipeline-api-impl:1.25.5 blueocean-pipeline-editor:1.25.5 blueocean-pipeline-scm-api:1.25.5 blueocean-rest:1.25.5 blueocean-rest-impl:1.25.5 blueocean-web:1.25.5 bootstrap5-api:5.1.3-6 bouncycastle-api:2.25 branch-api:2.1046.v0ca_37783ecc5 build-blocker-plugin:1.7.8 build-discarder:60.v1747b0eb632a build-monitor-plugin:1.13+build.202205140447 build-user-vars-plugin:1.9-rc127.da32fb9ecc2a build-with-parameters:1.6 caffeine-api:2.9.3-65.v6a_47d0f4d1fe checks-api:1.7.4 cloudbees-bitbucket-branch-source:773.v4b_9b_005b_562b_ cloudbees-disk-usage-simple:0.10 cloudbees-folder:6.729.v2b_9d1a_74d673 code-coverage-api:2.0.4 command-launcher:84.v4a_97f2027398 conditional-buildstep:1.4.2 config-file-provider:3.10.0 confluence-publisher:136.vc30a_a_0d845d7 copyartifact:1.46.4 credentials:1087.1089.v2f1b_9a_b_040e4 credentials-binding:523.vd859a_4b_122e6 dashboard-view:2.432.va_712ce35862d data-tables-api:1.12.1-1 dependency-check-jenkins-plugin:5.1.2 display-url-api:2.3.6 docker-commons:1.18 docker-java-api:3.1.5.2 docker-plugin:1.2.6 docker-workflow:1.26 dtkit-api:3.0.1 durable-task:496.va67c6f9eefa7 echarts-api:5.3.2-1 email-ext:2.88 envinject:2.866.v5c0403e3d4df envinject-api:1.199.v3ce31253ed13 extended-choice-parameter:346.vd87693c5a_86c extended-read-permission:3.2 external-monitor-job:191.v363d0d1efdf8 extra-columns:1.25 favorite:2.4.1 file-operations:1.11 file-parameters:205.vf6ce13b_e5dee font-awesome-api:6.0.0-1 forensics-api:1.15.1 git:4.11.3 git-client:3.11.0 github:1.34.3 github-api:1.303-400.v35c2d8258028 github-branch-source:1637.vd833b_7ca_7654 github-checks:1.0.18 gradle:1.39.1 groovy:2.4 handlebars:3.0.8 handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953 htmlpublisher:1.30 http_request:1.15 integrity-plugin:2.4 ivy:2.2 jackson2-api:2.13.3-285.vc03c0256d517 jacoco:3.3.2 javadoc:217.v905b_86277a_2a_ javax-activation-api:1.2.0-3 javax-mail-api:1.6.2-6 jaxb:2.3.6-1 jdk-tool:1.5 jenkins-design-language:1.25.5 jira:3.7.1 jjwt-api:0.11.2-71.v2722b_b_06a_2a_f job-restrictions:0.8 jobConfigHistory:1139.v888b_656ca_f6d jquery:1.12.4-1 jquery3-api:3.6.0-3 jsch:0.1.55.2 junit:1119.1121.vc43d0fc45561 ldap:2.9 list-git-branches-parameter:0.0.9 locale:144.v1a_998824ddb_3 lockable-resources:2.15 mailer:414.vcc4c33714601 mask-passwords:3.3 matlab:2.8.0 matrix-auth:3.1.2 matrix-project:771.v574584b_39e60 maven-plugin:3.19 metrics:4.1.6.2 momentjs:1.1.1 monitoring:1.91.0 msbuild:1.30 next-executions:1.0.15 nodejs:1.5.1 nuget:1.1 okhttp-api:4.9.3-105.vb96869f8ac3a parameterized-scheduler:1.0 parameterized-trigger:2.44 parasoft-findings:10.5.3 pipeline-build-step:2.18 pipeline-github:2.8-138.d766e30bb08b pipeline-graph-analysis:195.v5812d95a_a_2f9 pipeline-groovy-lib:593.va_a_fc25d520e9 pipeline-input-step:449.v77f0e8b_845c4 pipeline-milestone-step:101.vd572fef9d926 pipeline-model-api:2.2097.v33db_b_de764b_e pipeline-model-definition:2.2097.v33db_b_de764b_e pipeline-model-extensions:2.2097.v33db_b_de764b_e pipeline-rest-api:2.24 pipeline-stage-step:293.v200037eefcd5 pipeline-stage-tags-metadata:2.2097.v33db_b_de764b_e pipeline-stage-view:2.24 pipeline-utility-steps:2.13.0 plain-credentials:1.8 plot:2.1.10 plugin-usage-plugin:3.0 plugin-util-api:2.16.0 popper-api:1.16.1-3 popper2-api:2.11.5-1 powershell:1.7 prism-api:1.28.0-2 pubsub-light:1.16 resource-disposer:0.19 robot:3.1.0 run-condition:1.5 scm-api:608.vfa_f971c5a_a_e9 script-security:1175.v4b_d517d6db_f0 snakeyaml-api:1.30.1 sonar:2.14 splunk-devops:1.9.9 sse-gateway:1.25 ssh-agent:295.v9ca_a_1c7cc3a_a_ ssh-credentials:277.v95c2fec1c047 ssh-slaves:1.814.vc82988f54b_10 ssh-steps:2.0.0 sshd:3.228.v4c9f9e652c86 structs:318.va_f3ccb_729b_71 thinBackup:1.10 timestamper:1.17 token-macro:293.v283932a_0a_b_49 trilead-api:1.57.v6e90e07157e1 uno-choice:2.6.1 variant:1.4 versioncolumn:2.2 warnings-ng:9.13.0 windows-slaves:1.8.1 workflow-aggregator:590.v6a_d052e5a_a_b_5 workflow-api:1164.v760c223ddb_32 workflow-basic-steps:948.v2c72a_091b_b_68 workflow-cps:2725.v7b_c717eb_12ce workflow-durable-task-step:1146.v1a_d2e603f929 workflow-job:1186.v8def1a_5f3944 workflow-multibranch:716.vc692a_e52371b_ workflow-scm-step:400.v6b_89a_1317c9a_ workflow-step-api:625.vd896b_f445a_f8 workflow-support:820.vd1a_6cc65ef33 ws-cleanup:0.42 xunit:3.1.0 ```

What Operating System are you using (both controller, and any agents involved in the problem)?

RHEL 8.6

Reproduction steps

Make sure you do not have admin rights, i.e. require to be allowed via the Azure Active Directory Authorization Matrix.

  1. Create a new Jenkins Agent. Tick the box "Azure Active Directory Authorization Matrix".
  2. Try to add a group / user (before the initial save!) -> The first bug: No users and groups are loaded / nobody can be added.
  3. Save the configuration. You should be able to edit the agent, as you are the owner. This code ensures this. -> The second bug: The "Configure"-button is not available. Apparently, you do not have enough permissions.

Now, use a user with admin privileges to edit the configuration. You should see that the owner is added to the Authorization Matrix with "Configure" permission - nevertheless, they can't edit it. You need to remove and re-add the user to have it work.

Expected Results

  1. During the setup, groups and users are selectable.
  2. The owner of the node automatically gets "configure" permissions.

Actual Results

  1. During the setup, groups and users are not selectable, instead it just shows the loading animation and then says "no results"
  2. The owner of the node has the "configure" permission, but it is not effective.

Anything else?

The last issue I submitted was not reproducible. If this is the case again, please let me know and I will debug further.

meiswjn commented 2 years ago

Is this related to https://github.com/jenkinsci/azure-ad-plugin/issues/199?

timja commented 2 years ago

this is #278?

meiswjn commented 2 years ago

Edited my comment

timja commented 2 years ago

Is this related to #199?

Yes likely, nice searching.