Closed LEDfan closed 2 months ago
This seems to be caused by this commit.
The loadUserByUsername
function is no longer declared. It does make sense because OIDC has no way to identify if a user exists.
The only thing it could do is trying to get the LastGrantedAuthorities of the user.
That should be handled by the build-user-vars-plugin as a fallback when UserMayOrMayNotExist
is caught.
At leart one other realm maintains a cache: https://github.com/jenkinsci/jwt-auth-plugin/blob/9fccee33434b0255fb7dacde91713003303f3642/src/main/java/io/jenkins/plugins/jwt_auth/JwtAuthSecurityRealm.java#L132
@jglick is there any interest to do that or implement the logic of getting the user and populating a UserDetails with the last granted authorities ?
AFAICT the oic-auth
plugin is behaving correctly here: it throws UserMayOrMayNotExistException2
because at this point it does not, in fact, know for sure whether the user exists or not.
The fault lies in the build-user-vars-plugin
for directly calling SecurityRealm.loadUserByUsername2
rather than going through User.getAuthorities
, which is what would fall back to LastGrantedAuthoritiesProperty
(via ImpersonatingUserDetailsService2
).
I created an report in Jenkins Jira with a ling to this issue.
Thank you both for looking into this and already creating the issue!
Jenkins and plugins versions report
Environment
```text Jenkins: 2.452.2 OS: Linux - 5.10.218-208.862.amzn2.x86_64 Java: 17.0.11 - Eclipse Adoptium (OpenJDK 64-Bit Server VM) --- build-user-vars-plugin:1.9 ```What Operating System are you using (both controller, and any agents involved in the problem)?
Docker:
jenkins/jenkins:2.452.2-lts-jdk17
Reproduction steps
4.284.v0cc21de03d37
), the version before works finebuild-user-vars-plugin
****Expected Results
During a Jenkins build, the
BUILD_USER_GROUPS
environment variable contains the groups of the user.Actual Results
The variable is empty and a message is logged
WARNING o.j.p.b.v.i.UserIdCauseDeterminant#setJenkinsUserBuildVars: Failed to get groups for user: myuser error: hudson.security.UserMayOrMayNotExistException2: Unable to query user information: myUser Show context
Anything else?
Thanks for maintaining this plugin!
Are you interested in contributing a fix?
No response