[Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC (26-May-2016 21h00 - 22h00 EDT)
Brian Stinson
brian at bstinson.com
Fri May 27 17:01:36 UTC 2016
On May 27 11:44, Colin Walters wrote:
> On Thu, May 26, 2016, at 09:41 PM, Brian Stinson wrote:
>
> > Please let us know if there is any trouble
>
> jenkins-job-builder now fails with:
>
> ```
> $ /usr/bin/make update
> jenkins-jobs --conf jenkins.ini update centos-ci-skeleton/jjb:.
> INFO:root:Updating jobs in ['centos-ci-skeleton/jjb', '.'] ([])
> Traceback (most recent call last):
> File "/usr/bin/jenkins-jobs", line 10, in <module>
> sys.exit(main())
> File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 171, in main
> execute(options, config)
> File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 330, in execute
> options.names)
> File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 314, in update_job
> self.load_files(input_fn)
> File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 224, in load_files
> self.parser = YamlParser(self.global_config, self.plugins_list)
> File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 220, in plugins_list
> self._plugins_list = self.jenkins.get_plugins_info()
> File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 184, in get_plugins_info
> raise e
> jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: Forbidden
> ```
>
> It seems it's trying to do the equivalent of:
>
> https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]
>
> For which I now get:
>
> Access Denied
>
> atomic-sig is missing the Overall/Administer permission
>
> Even though both I and JJB aren't trying to administer anything, just retrieve
> the list of plugins.
This is due to a fix for SECURITY-250:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
We had a hotfix to re-enable plugin lists but it looks like I missed one
of the permission checks. I'll investigate, re-patch and report back
here.
Cheers!
-- Brian
More information about the Ci-users
mailing list