Jenkins Groovy Remove user access from Project Mat

2020-07-30 03:49发布

站内文章 / 前端开发
58 0 0

问题:

We are using Project-Based Matrix Authorization Strategy and users are given access under Manage Jenkins -> Configure Global Security -> Authorization -> Users are provided appropriate accesses.

We are providing user accesses at the folder level as well.

Using below code I am able to remove user access,

def amp = folder.getProperties().get(AuthorizationMatrixProperty.class)

def op = amp.grantedPermissions

// Code to remove permissions for user from Set

This works fine. But for manage jenkins permissions, I am getting error at below line,

def amp = Jenkins.instance.getAuthorizationStrategy()
def op = amp.grantedPermissions

groovy.lang.MissingPropertyException: No such property: grantedPermissions for class: hudson.security.ProjectMatrixAuthorizationStrategy

Question is how I can remove users from Manage Jenkins settings using Groovy (only) ?

I looked into the ProjectMatrixAuthorizationStrategy javadoc as well, but couldn't find anything which can help.

Appreciate any help on this.

回答1:

As far as I was able to determine there is no single method call that will remove a user/permissions from a Job. I wrote the following method because I have hundreds of jobs and deleting old users was time consuming. I successfully used the following on a few test jobs. I have incorporated the Extended Choice Parameter Plugin to Select a user, with this groovy script as "Source for Value"

import hudson.security.*
import jenkins.security.*
import jenkins.model.Jenkins

def sids = Jenkins.instance.authorizationStrategy.getAllSIDs()
return sids

In the Build Section;

def removeAMP(Job jobName, user ) {
   println jobName.name.center(80,'-')

   def authorizationMatrixProperty = jobName.getProperty(AuthorizationMatrixProperty.class)
   Map<Permission,Set<String>> Permissions = authorizationMatrixProperty.getGrantedPermissions()
   println "Permission Map Before: " + Permissions + cr
   println "Permission Values: " + Permissions.values() + cr

   for (Set<String> permissionUsers:Permissions.values()) {
     permissionUsers.remove(user)  
   }
   println "Permission Map After: " + Permissions + cr
   jobName.save();
}

testJobList = [ "TESTJOBA", "TESTJOBB" ]
testJobList.each {
jobName = hudson.model.Hudson.instance.getItem(it);
removeAMP(jobName, user)

Output:

      ------------------------------------TESTJOBA------------------------------------
Permission Map Before: [Permission[interface hudson.model.Item,Read]:[bob,fred], Permission[interface hudson.model.Item,ExtendedRead]:[bob,fred], Permission[interface hudson.model.Item,Discover]:[bob,fred], Permission[interface hudson.model.Item,Build]:[bob,fred], Permission[interface hudson.model.Item,Cancel]:[bob,fred], Permission[interface hudson.model.Item,Workspace]:[bob,fred]]

Permission Values: [[bob,fred], [bob,fred], [bob,fred], [bob,fred], [bob,fred], [bob,fred]]

Permission Map After: [Permission[interface hudson.model.Item,Read]:[bob], Permission[interface hudson.model.Item,ExtendedRead]:[bob], Permission[interface hudson.model.Item,Discover]:[bob], Permission[interface hudson.model.Item,Build]:[bob], Permission[interface hudson.model.Item,Cancel]:[bob], Permission[interface hudson.model.Item,Workspace]:[bob]]


标签: jenkins groovy jenkins-plugins cloudbees
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~