Description of problem: When user creates configmap "openshift-jenkins-login-plugin-config" for configure permissions of Jenkins operation, any users cannot log-in to the jenkins instance: ~~~ $ oc get -o yaml --export cm openshift-jenkins-login-plugin-config apiVersion: v1 data: Overall-Administer: admin,edit,jenkins kind: ConfigMap metadata: name: openshift-jenkins-login-plugin-config $ oc logs jenkins-3-628lq ... WARNING: OpenShift Jenkins Login Plugin could not find permission Overall-Administer in Jenkins list of all available permissions Aug 02, 2019 5:06:25 AM org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm getRoleToPermissionMap INFO: OpenShift Jenkins Login Plugin using role list [] Aug 02, 2019 5:06:27 AM org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm populateDefaults ~~~ Then any users cannot log-in the jenkin instance. How can we configure openshift-jenkins-login-plugin-config? See also: https://github.com/openshift/jenkins-openshift-login-plugin#openshift-role-to-jenkins-permission-mapping Version-Release number of selected component (if applicable): OpenShift v3.11 Steps to Reproduce: 1. Creates a jenkins instance from catalog on OpenShift web console. 2. Creates a configmap "openshift-jenkins-login-plugin-config" with data "Overall-Administer: admin,edit,jenkins" 3. Confirms that any users cannot log-in the Jenkins instance.
In Script Console of Jenkins, I can show the result: ~~~ println(hudson.security.Permission.getAll()) for (hudson.security.Permission permInSys : hudson.security.Permission.getAll()) { println(permInSys.group.title.toString()) println(permInSys.name.trim()) } 全体 ... 全体 Agent Agent ... ジョブ ジョブ ジョブ ~~~ May the issue be related to language settings?
Hi Masatoshi, Indeed, this could be related to a language setting. The code checking permissions is in this line: https://github.com/openshift/jenkins-openshift-login-plugin/blob/4a779657157b7cbabc1fba233eba9b313b438674/src/main/java/org/openshift/jenkins/plugins/openshiftlogin/OpenShiftOAuth2SecurityRealm.java#L840 Could you also please set the log level to debug and check for log lines before: "WARNING: OpenShift Jenkins Login Plugin could not find permission Overall-Administer in Jenkins list of all available permissions " You should be able to see which Permission the plugin is getting from Jenkins.
Hi Akram, Thank you for your reply! I got the debug log here: ~~~ Aug 02, 2019 8:24:42 AM FINE org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm permStrArr[0].trim() Overall Aug 02, 2019 8:24:42 AM FINE org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm permInSys.name.trim() Create Aug 02, 2019 8:24:42 AM FINE org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm permStrArr[1].trim() Administer Aug 02, 2019 8:24:42 AM FINE org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm permInSys.group.title.toString().trim() 認証情報 Aug 02, 2019 8:24:42 AM FINE org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm permStrArr[0].trim() Overall Aug 02, 2019 8:24:42 AM FINE org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm permInSys.name.trim() Update Aug 02, 2019 8:24:42 AM FINE org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm permStrArr[1].trim() Administer Aug 02, 2019 8:24:42 AM FINE org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm permInSys.group.title.toString().trim() 認証情報 ... Aug 02, 2019 8:24:42 AM FINE org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm permInSys.group.title.toString().trim() ビュー Aug 02, 2019 8:24:42 AM FINE org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm permStrArr[0].trim() Overall Aug 02, 2019 8:24:42 AM FINE org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm permInSys.name.trim() Read Aug 02, 2019 8:24:42 AM FINE org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm permStrArr[1].trim() Read Aug 02, 2019 8:24:42 AM WARNING org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm getRoleToPermissionMap OpenShift Jenkins Login Plugin could not find permission Overall-Read in Jenkins list of all available permissions Aug 02, 2019 8:24:42 AM INFO org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm getRoleToPermissionMap OpenShift Jenkins Login Plugin using role list [] Aug 02, 2019 8:24:43 AM FINER org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm doCommenceLogin ~~~ Then I confirmed that changing Browser's language settings to English fix the problem and I can log-in to the Jenkins. ~~~ permInSys.name.trim() Build Aug 02, 2019 8:28:21 AM FINE org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm permStrArr[1].trim() Build Aug 02, 2019 8:28:21 AM INFO org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm getRoleToPermissionMap OpenShift Jenkins Login Plugin matching configured permission Job-Build to Jenkins permission Permission[interface hudson.model.Item,Build] Aug 02, 2019 8:28:21 AM INFO org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm getRoleToPermissionMap OpenShift Jenkins Login Plugin adding permission Job-Build for role view Aug 02, 2019 8:28:21 AM FINE org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm permInSys.group.title.toString().trim() Overall Aug 02, 2019 8:28:21 AM FINE org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm permStrArr[0].trim() Overall Aug 02, 2019 8:28:21 AM FINE org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm permInSys.name.trim() Administer Aug 02, 2019 8:28:21 AM FINE org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm permStrArr[1].trim() Administer Aug 02, 2019 8:28:21 AM INFO org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm getRoleToPermissionMap OpenShift Jenkins Login Plugin matching configured permission Overall-Administer to Jenkins permission Permission[class hudson.model.Hudson,Administer] ~~~ Regards,
Akram Thanks for the details I could reproduce when set firefox browser webpage to Japanese language(Chinese language works well :-0) with 1.0.20 openshift-login plugin in 4.3.0-0.nightly-2019-11-07-172437. 2019-11-08 03:33:02 WARNING org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm getRoleToPermissionMap OpenShift Jenkins Login Plugin could not find permission Overall-Administer in Jenkins list of all available permissions 2019-11-08 03:33:02 INFO org.openshift.jenkins.plugins.openshiftlogin.OpenShiftOAuth2SecurityRealm getRoleToPermissionMap OpenShift Jenkins Login Plugin using role list [] Wait for https://jira.coreos.com/browse/ART-1239 processing
Verified with quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b22fa609f3ac0e91bb114a8a0d18a3a6329a6f7f3b8c2225de4ad2a06c7b766f: 1. Set browser language to Japanese; 2. Log into jenkins console - Succeed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0062