Agent - Controller Access Control

Using Jenkins Ask a question
1

Hi,

I understand the agent to controller security settings are set by default in Jenkins from version 2.326 as per this article.

It’s no longer possible at least through the GUI to enable or disable this. What I’m trying to find is a list of the default commands that are allowed/denied by this Master/Controller Access Control feature.

Are these documented anywhere and what if someone want’s to add to or remove from these list of commands?

Also, does this setting apply to JNLP connections from the agents or SSH to the agents or both?

Thanks in advance

2

Hello and welcome to this community @maur :wave:

Would this help in any way?

3

Just for the record (and the above JEP has more details), this sub system is for how code gets serialised and transferred between controller and agent.

Unless you are writing your own custom plugin, it shouldn’t affect you.

1 Like
4

Thanks for your replies.

So in a nutshell is all agent to master security features built in to current versions of Jenkins and no longer customizable?

I’m basically trying to understand if it’s possible to whitelist what commands an agent can send to the master? When connecting over JNLP.

Thanks

5

what do you mean by commands?

That security system has to do with what classes things are extending inside of jenkins codebase.

6

Hey there

What I mean is when an agent is talking back to a controller over jnlp where the connectivity originates at the agent i.e. the network path is from agent to controller.

Is there a way of restricting what commands an agent can send back to controller in that scenario?

Does that make sense? Or is there already a limited set of tasks an agent can perform

7

Hopefully someone who knows more can speak up, but as far as i know 0 things can be initiated by the agent, agent can connect to the controller, but controller controls agents and what they do.

1 Like