On May 27 11:44, Colin Walters wrote:
On Thu, May 26, 2016, at 09:41 PM, Brian Stinson wrote:
Please let us know if there is any trouble
jenkins-job-builder now fails with:
$ /usr/bin/make update jenkins-jobs --conf jenkins.ini update centos-ci-skeleton/jjb:. INFO:root:Updating jobs in ['centos-ci-skeleton/jjb', '.'] ([]) Traceback (most recent call last): File "/usr/bin/jenkins-jobs", line 10, in <module> sys.exit(main()) File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 171, in main execute(options, config) File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 330, in execute options.names) File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 314, in update_job self.load_files(input_fn) File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 224, in load_files self.parser = YamlParser(self.global_config, self.plugins_list) File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 220, in plugins_list self._plugins_list = self.jenkins.get_plugins_info() File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 184, in get_plugins_info raise e jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: ForbiddenIt seems it's trying to do the equivalent of:
https://ci.centos.org/pluginManager/api/json?tree=plugins%5BshortName,versio...]
For which I now get:
Access Denied
atomic-sig is missing the Overall/Administer permission
Even though both I and JJB aren't trying to administer anything, just retrieve the list of plugins.
This is due to a fix for SECURITY-250: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-...
We had a hotfix to re-enable plugin lists but it looks like I missed one of the permission checks. I'll investigate, re-patch and report back here.
Cheers! -- Brian