Jenkins Helm chart values for role based authorization strategy

hanuman.bandhu · February 8, 2023, 11:37pm

I have deployed Jenkins with Helm chart in EKS and integrated with our AD/LDAPS .

Now i am planning to add the role based capability to my jenkins instance, but with AD integration , the role base strategy is not working

If i use below code in helm chart , I am able to login and can do anything .

authorizationStrategy: |-
loggedInUsersCanDoAnything:
allowAnonymousRead: false

But if i enable the role based strategy , i am able to login but, don’t have admin privileges eventhough i belongs to jenkins-admin AD group in my active directory .

authorizationStrategy: |-
roleBased:
roles:
global:
- name: “admin”
description: “Jenkins administrators”
permissions:
- “Overall/Administer”
assignments:
- “admin”
- “Jenkins Admins”
- name: “jenkins-admin”
description: “Users in the Admin AD group”
permissions:
“Overall/Administer”
assignments:
- “admin”
- “Jenkins Admins”

Can someone help me is there anything i am missing

mawinter69 · February 9, 2023, 8:34am

First role strategy is case sensitive, so you need to make sure that you use the exact same names for your groups in the configuration.
Best way to do this is to start your Jenkins without auth as you’re able to do and then configure the Active Directory plugin. Then go to /whoAmI which should show you to which Authorities (aka groups) your user belongs. You will need to use exactly what is shown their in your configuration.

hanuman.bandhu · February 13, 2023, 10:57pm

Thanks , earlier i did a mistake by creating global roles with my AD roles . Corrected it by adding the AD roles to assignments for the global roles i created .

name: “DevOps”. – Global Role Name
description: “DevOps Users” – Description
permissions:
- “Overall/Administer” --Permission
assignments:
- Jenkins – DevOps – My AD Role