Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

  •  
     
    story #14018 have a central management of users and groups using oauth
Actions
Summary
Empty
have a central management of users and groups using oauth
Empty

Overview

Alternative strategy for users and groups management based on OAuth (initial proposal was based on LDAP).

This proposal is about implementing a tuleap-oauth Jenkins plugin in the same fashion than github-oauth or gitlab-oauth. It, of course, implies that Tuleap should be an OAuth2 and OpenID Connect Server provider first for this to work (epic #14432).

The way of working would be:

  • Jenkins servers would delegate to Tuleap the authentication of users (via OpenID Connect Provider).
  • Project and Groups defined in Tuleap could be exposed to Jenkins with the appropriate OAuth2 scope (read how it works with github-oauth).
  • The Tuleap Groups could be then used in Matrix based permissions (for best backward compatibility)

As a reference, here is a screencap of a Github configuration.

1894-Image%20Pasted%20at%202020-1-22%2017-37.png

 

Not covered

The following is something that can be done as part of a future work but it's not in the scope of this User Story.

The plugin can also provied "pre-wired" permissions based on Tuleap own permission system to help Jenkins admins in the configuration of their server (basically it would mean adding specific permissions Tuleap side to be exposed to Jenkins like "This Tuleap Group has developer capabilities, they are allowed to create jobs" or "This Tuleap Group has jenkins admin capabilities, they can administrate the whole platform".

By Manuel Vacelet (vaceletm)
(156 kB)
Image Pasted at 2020-1-22 17-37.png
Nouha Terzi (terzino)
Status
Empty
Done
Development
  • [ ] Does it involves User Interface? 
  • [ ] Are there any mockups?
  • [ ] Are permissions checked?
  • [ ] Does it need Javascript development?
  • [ ] Does it need a forge upgrade bucket?
  • [ ] Does it need to execute things in system events?
  • [ ] Does it impact project creation (templates)?
  • [ ] Is it exploratory?
Empty
Details
#14018
Manuel Vacelet (vaceletm)
2020-07-24 18:43
2019-10-14 17:36
15967

References
Artifact links
Empty
Referencing story #14018

Artifact Tracker v5

epic #13995 Jenkins integration
rel #14816 11.16

Git commit

tuleap/tuleap/stable

Add "full" format for the users/:id/membership REST route 9e6b6d794f
User avatar Clarck Robinson (robinsoc) , 2020-07-24 17:29
Allow to use GET /users/:id/memberships with a 'self' ID cba8a3d364
User avatar Thomas Gerbet (tgerbet) , 2020-04-10 14:11
Add a 'read:user_membership' OAuth2 scope f44c6acc57
User avatar Thomas Gerbet (tgerbet) , 2020-04-10 15:07
Remove delete projects user groups from user membership 6399b31f83
User avatar Martin GOYOT (goyotm) , 2020-06-30 18:42
Display settings

Follow-ups

User avatar
Manuel Vacelet (vaceletm)2020-02-04 16:51
  • Acceptance criteria
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes
  • CC list set to Nouha Terzi (terzino)
User avatar
Manuel Vacelet (vaceletm)2020-01-23 10:34
  • I want to
    -have a central management of users and groups 
    +have a central management of users and groups using oauth 
  • Acceptance criteria
    Something went wrong, the follow up content couldn't be loaded
    Only formatting have been changed, you should switch to markup to see the changes