Jenkins Groovy从Project Matrix授权策略中删除用户访问权限 [英] Jenkins Groovy Remove user access from Project Matrix Authorization Strategy

问题描述

我们正在使用基于项目的矩阵授权策略，并且在Manage Jenkins->配置全局安全性->授权->为用户提供适当的访问权限下为用户提供访问权限.

We are using Project-Based Matrix Authorization Strategy and users are given access under Manage Jenkins -> Configure Global Security -> Authorization -> Users are provided appropriate accesses.

我们也在文件夹级别提供用户访问权限.

We are providing user accesses at the folder level as well.

使用下面的代码，我可以删除用户访问权限，

Using below code I am able to remove user access,

def amp = folder.getProperties().get(AuthorizationMatrixProperty.class)

def op = amp.grantedPermissions

// Code to remove permissions for user from Set

这很好.但是对于管理詹金斯权限，我在下面的行出现错误，

This works fine. But for manage jenkins permissions, I am getting error at below line,

def amp = Jenkins.instance.getAuthorizationStrategy()
def op = amp.grantedPermissions

groovy.lang.MissingPropertyException: No such property: grantedPermissions for class: hudson.security.ProjectMatrixAuthorizationStrategy 

问题是我如何使用Groovy(仅)从管理Jenkins"设置中删除用户?

Question is how I can remove users from Manage Jenkins settings using Groovy (only) ?

我也研究了 ProjectMatrixAuthorizationStrategy javadoc，但无法找不到任何可以帮助的东西.

I looked into the ProjectMatrixAuthorizationStrategy javadoc as well, but couldn't find anything which can help.

对此表示感谢.

推荐答案

据我所知，没有单个方法调用可以从Job中删除用户/权限.我写了以下方法，因为我有数百个工作，并且删除旧用户非常耗时.我在一些测试工作中成功使用了以下内容.我已经合并了扩展选择参数插件来选择用户，该常规脚本作为价值来源"

As far as I was able to determine there is no single method call that will remove a user/permissions from a Job. I wrote the following method because I have hundreds of jobs and deleting old users was time consuming. I successfully used the following on a few test jobs. I have incorporated the Extended Choice Parameter Plugin to Select a user, with this groovy script as "Source for Value"

import hudson.security.*
import jenkins.security.*
import jenkins.model.Jenkins

def sids = Jenkins.instance.authorizationStrategy.getAllSIDs()
return sids

在构建"部分中；

def removeAMP(Job jobName, user ) {
   println jobName.name.center(80,'-')

   def authorizationMatrixProperty = jobName.getProperty(AuthorizationMatrixProperty.class)
   Map<Permission,Set<String>> Permissions = authorizationMatrixProperty.getGrantedPermissions()
   println "Permission Map Before: " + Permissions + cr
   println "Permission Values: " + Permissions.values() + cr

   for (Set<String> permissionUsers:Permissions.values()) {
     permissionUsers.remove(user)  
   }
   println "Permission Map After: " + Permissions + cr
   jobName.save();
}

testJobList = [ "TESTJOBA", "TESTJOBB" ]
testJobList.each {
jobName = hudson.model.Hudson.instance.getItem(it);
removeAMP(jobName, user)

输出:

      ------------------------------------TESTJOBA------------------------------------
Permission Map Before: [Permission[interface hudson.model.Item,Read]:[bob,fred], Permission[interface hudson.model.Item,ExtendedRead]:[bob,fred], Permission[interface hudson.model.Item,Discover]:[bob,fred], Permission[interface hudson.model.Item,Build]:[bob,fred], Permission[interface hudson.model.Item,Cancel]:[bob,fred], Permission[interface hudson.model.Item,Workspace]:[bob,fred]]

Permission Values: [[bob,fred], [bob,fred], [bob,fred], [bob,fred], [bob,fred], [bob,fred]]

Permission Map After: [Permission[interface hudson.model.Item,Read]:[bob], Permission[interface hudson.model.Item,ExtendedRead]:[bob], Permission[interface hudson.model.Item,Discover]:[bob], Permission[interface hudson.model.Item,Build]:[bob], Permission[interface hudson.model.Item,Cancel]:[bob], Permission[interface hudson.model.Item,Workspace]:[bob]]

这篇关于Jenkins Groovy从Project Matrix授权策略中删除用户访问权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！